S 2.106 Purchase of suitable ISDN cards

ISDN cards which have been selected for purchase should offer all security functions which might be required, so as to prevent unnecessary expenses in future. These security functions should either be an integral part of the card, or realisable with the help of the accompanying communications software and driver programs.

Possible criteria for selecting a suitable ISDN card include:

Furthermore, the ISDN cards must be checked for functions which would impair operational security. If any such functions are found to exist, they should at least be deactivated through appropriate configuration. This includes, for example, the remote control functionality which allows an establishment of direct communications with the IT system via the public network.

The security-relevant requirements of the ISDN cards relevant for the institution and the operational environment should be identified and forwarded to the purchasing department.

ISDN cards with the greatest possible number of identical security functions should be used on the IT systems requiring such cards as well as the network gateways (e.g. ISDN routers). If this is not ensured, security functions required on both sides will not show the desired effect.