S 2.59 Procurement of a suitable modem

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Purchasing Department, User, Administrator

The following items are to be observed for the purchase of a modem:

Modem approval

Modems intended for connection to the public telecommunications network in the Federal Republic of Germany require authorisation by the Federal Post (BZT approval, previously known as ZZF approval and FTZ approval). Note: Contrary to information in many modem manuals, commissioning of an approved modem in the Federal Republic of Germany need no longer be reported to the Telekom (telecommunications company).

Design

An internal modem is advantageous in that its configuration can only be changed on the computer in which it is integrated. If this computer has access protection features, they can be used to safeguard the modem configuration data. At the same time use of the modem can be restricted to authorised persons. Manipulation of an internal modem is difficult due to its integration in the computer. In networked systems devoid of such protective mechanisms (e.g. some Peer-to-Peer networks), internal modems are disadvantageous due to the possibility of their unregulated operation from all workplaces.
An external modem can be locked in a safe place after usage. It also offers the advantage of showing its current-status indication capability via various displays and the integrated loudspeaker. By means of the loudspeaker, it can be heard when a connection has been set up from outside or whether an application is trying to transfer information via the installation and the system configuration to the manufacturer without being instructed to do so. A further advantage of an external modem is that it can be switched on solely for the duration of the data transmission independent of the IT system, thus ensuring that the most recent connection has been terminated and that no connection can be established from outside. A disadvantage of external modems is the possibility of connecting them to unprotected IT systems for the purpose of manipulating the configuration data or reading out stored passwords.
Due to their size, PCMCIA modems offer the advantage of easy storage after use. Secure storage prevents them from being connected to unprotected computers for the purpose of manipulation.

Transmission rate

The higher the transmission rate of a modem, the shorter the transmission time, and the lower the cost of transmitting large quantities of data with it.
First, the transmission rate required for the application should be determined. Sufficient values are, for example, 2400 bits/sec. for ASCII terminal emulation, 9600 bits/sec. for fax transmissions, and currently 14400 bits/sec. in the case of Datex-J (T-Online). The highest possible transmission rates should be used for large quantities of data. Transmission rates of more than 2400 bits/sec. make tapping more difficult.
A check must subsequently be made as to whether the interface of the IT system intended for connection to the modem allows operation at speeds above 9600 bits/sec.

When selecting the modem, it should be ensured that performance characteristics, which are of important for the transmission rate actually attained, are standardised. These are standards for the transmission rate, such as V.32bis for 14400 bits/sec. and protocols for transmission optimisation using data compression and error correction, such as MNP 5 or V.24bis.

Instruction set

Most modems today use the manufacturer-dependent Hayes-standard (also called AT standard). Thanks to the widespread application of this standard it can be assumed that error-free communication with other modems will be largely possible when using a modem capable of this standard. When purchasing modems of the latest generation, it should be noted that the promised high transmission rates can often only be achieved if machines from the same manufacturer are used on both sides.

Manual

A detailed and clearly-written manual is important for rapid installation and the best possible configuration of a modem.

Security mechanisms

Modems can incorporate a large variety of security features, e.g. password mechanisms and call-back functions. Some modems even offer the possibility of encrypting the data to be transmitted.

The purchase of a modem with an encryption option is advisable if large quantities of data need to be transmitted within an organisation with scattered premises. This on-line coding requires less organisational effort than the encryption of data by means of auxiliary products. General statements on the security of the algorithms used are not possible. For IT-Grundschutz, the DES algorithm offers a sufficient degree of security given appropriate key management.

As regards security, the widely offered call-back function is advantageous in that it easily allows unauthorised callers to be refused (see also S 5.30 Activating an existing call-back option).

Review questions:

© Federal Office for Information Security. All rights reserved.