S 4.5 LAN connection of an IT system via ISDN
Description
ISDN (Integrated Services Digital Network) is a digital telecommunications network which allows the operation of a variety of services, such as telephony and facsimile, as well as the transmission of data and images.
This chapter considers the integration of a remote IT system into a local network via a public ISDN network. The remote IT system is linked by means of an ISDN adapter card possessing an S0 interface. Connection to the LAN is made via a router which is connected to a public ISDN network via an S2M interface.
This type of integration of remote IT systems is a typical option for telecommuting workstations as well.
Threat scenario
The following typical threats are generally assumed as regards IT-Grundschutz of an IT system integrated into a LAN via ISDN:
Force Majeure
| T 1.2 | Failure of the IT system |
Organisational Shortcomings
| T 2.6 | Unauthorised admission to rooms requiring protection |
| T 2.7 | Unauthorised use of rights |
| T 2.9 | Poor adjustment to changes in the use of IT |
| T 2.19 | Inadequate key management for encryption |
| T 2.24 | Loss of confidentiality of sensitive data of the network to be protected |
| T 2.32 | Inadequate line bandwidth |
| T 2.37 | Uncontrolled usage of communications lines |
Human Error
| T 3.1 | Loss of data confidentiality or integrity as a result of user error |
| T 3.6 | Hazards posed by cleaning staff or outside staff |
| T 3.13 | Passing on false or internal information |
| T 3.16 | Incorrect administration of site and data access rights |
Technical Failure
| T 4.25 | Still active connections |
Deliberate Acts
| T 5.2 | Manipulation of information or software |
| T 5.7 | Line tapping |
| T 5.8 | Manipulation of lines |
| T 5.9 | Unauthorised use of IT systems |
| T 5.10 | Abuse of remote maintenance ports |
| T 5.14 | Call charges fraud |
| T 5.16 | Threat during maintenance/administration work |
| T 5.18 | Systematic trying-out of passwords |
| T 5.25 | Masquerade |
| T 5.39 | Infiltrating computer systems via communication cards |
| T 5.48 | IP spoofing |
| T 5.61 | Misuse of remote access to management functions on routers |
| T 5.63 | Manipulation via the ISDN D-channel |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
The main concern of this chapter is the guarantee of secure communication. The other safeguards also required for the communicating IT systems are covered in the relevant modules.
A series of safeguards needs to be taken in respect of LAN connection of an IT system via ISDN, from planning, design and procurement right through to routine operation. The steps to take to accomplish this as well as the safeguards to implement in each phase are listed in the following.
Planning and design
The safe use of remote access to IT systems requires implementation of a number or measures designed to protect communications (see safeguard S 5.32 Secure use of communications software).
Purchasing
Safeguard S 2.106 Purchase of suitable ISDN cards lists the main criteria to be borne in mind when selecting ISDN cards.
Implementation
The basic rule when installing an ISDN gateway is to switch off any services and functions that are not required as they only entail unnecessary risks. Appropriate configuration, including the immediate change of any passwords preset by the manufacturer, should be undertaken with regard to the functions actually used in order to provide maximum possible levels of security. The configuration undertaken must be documented and this documentation must be updated in the event of changes.
Another key issue connected with the installation of an ISDN gateway is that it must not compromise the existing security of the computer network. It is imperative to prevent any connections with external networks which can bypass the existing firewall system and minimise its effectiveness.
Operation
Regular checks on the log files generated facilitate the potential disclosure of misuse of the ISDN connection. Occasional checks on pre-programmed addresses and protocols can help prevent connections from being established accidentally with the wrong communication partner.
The package of safeguards for LAN systems connected via ISDN is presented below:
Planning and design
| S 2.42 | (A) | Determination of potential communications partners |
| S 2.108 | (Z) | Relinquishment of remote maintenance of ISDN gateways |
| S 4.34 | (Z) | Using encryption, checksums, or digital signatures |
| S 4.62 | (Z) | Use of a D-channel filter |
| S 5.32 | (A) | Secure use of communications software |
| S 5.47 | (Z) | Configuration of a Closed User Group |
Purchasing
| S 2.106 | (C) | Purchase of suitable ISDN cards |
Implementation
| S 1.43 | (A) | Secure installation of active network components |
| S 2.46 | (A) | Appropriate key management |
| S 2.107 | (A) | Documentation of the configuration of ISDN cards |
| S 2.109 | (A) | Assigning rights for remote access |
| S 2.204 | (A) | Prevention of insecure network access |
| S 4.7 | (A) | Change of preset passwords |
| S 4.59 | (A) | Deactivation of ISDN board functions which are not required |
| S 4.60 | (A) | Deactivation of ISDN router functions which are not required |
| S 4.61 | (A) | Use of security mechanisms offered by ISDN components |
| S 5.48 | (A) | Authentication via CLIP/COLP |
| S 5.49 | (A) | Callback based on CLIP/COLP |
| S 5.50 | (A) | Authentication via PAP/CHAP |
Operation
| S 5.29 | (C) | Periodic checks of destination addresses and logs |