S 1.38 Suitable installation of a modem
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: User, Administrator
To prevent misuse of modems, it must be ensured that only authorised persons have physical access to them. Misuse in this case means unauthorised data transmission possibly resulting in costs, virus infiltration or the transfer of confidential information to the outside on the one hand, and on the other, alteration or viewing of the modem configuration, which could result in security gaps.
To control physical access to an external or PCMCIA modem, it must be ensured, for example, that modems operated continuously are kept inside locked rooms and modems operated temporarily are kept safely inside cabinets when not in use. The provisions of S 2.3 Office / local workplace are to be observed here.
Due to its integration in an IT system, an internal modem has a higher intrinsic degree of physical protection. It would therefore be sufficient to comply with the measures of the modules S 2.3 Office / local workplace or S 2.4 Server room.
If access to the internal network is created via a modem or a modem pool, module S 3.1 Security gateway (firewall) should be referred to. Access to the internal network should not be created via modems while bypassing an existing firewall.
If further external access to a network protected by a firewall is to be permitted with a modem pool, this must be set up on the insecure side of the firewall (see also S 2.77 Integration of servers in the security gateway). The modem pool should be set up with the relevant server in a security server room. The provisions of module S 2.4 Server room must be observed.
Review questions:
- Are external modes protected against physical access?
- Is it ensured that access to the internal network cannot be created via modems while bypassing an existing firewall?
- Access to a protected network via a modem pool: Is the modem pool located on the insecure side of the firewall?