S 2.108 Relinquishment of remote maintenance of ISDN gateways

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Avoiding remote maintenance is a useful way of preventing external parties from manipulating ISDN routers and IT systems equipped with ISDN cards.

Therefore, remote maintenance should not be used, if possible. If there are still reasons to use remote maintenance, these must be documented in a comprehensible manner.

In the case of IT systems equipped with an ISDN card, a check is required as to whether the communications software in use offers "remote control" functions. This function allows the IT system to be called via a public network; the ISDN card accepts the call, and the caller can then operate the IT system as though he/she were present on site. This function must be deactivated.

In the case of ISDN routers, the remote maintenance via reserved bandwidths (or reserved ISDN call numbers) function should be deactivated because, in this case, links established with the management information base of the router are usually just protected by a password, and allow almost all configuration settings to be modified.

Assigning rights for remote access

The external access to a public agency network or company network should be limited to the required extent with regard to the granted rights. In addition to the requirements described in S 2.8 Assignment of access rights, it should also be considered that the assignment of rights requires an even more restrictive approach for remote access. For example, a telecommuter workplace does not necessarily require access rights for directories with software.

The rights granted for remote access should be regularly checked for necessity and up-to-dateness.

Review questions:

© Federal Office for Information Security. All rights reserved.