S 2.471 Planning the use of PBX systems
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Administrator, Head of IT
Before planning the use of a PBX system, a comprehensive analysis should be carried out in which the most important requirements for a PBX system are specified (see S 2.470 Procedure for carrying out a requirements analysis for PBX systems).
A basic requirement for the secure use of PBX systems is appropriate advance planning. The use of PBX systems can be planned in several steps according to the top-down design principle: Based on the overall system, concrete plans for subcomponents are developed. Not only do the aspects classically associated with the term "security" need to be planned, but also normal operating aspects that can lead to requirements in the area of security.
For this reason, it makes sense to record details of any existing PBX systems in the organisation. In addition, it is necessary to obtain an overview of the components connected to the PBX system.
The operating type of the PBX system determined in the requirements analysis as a classic PBX system, VoIP system, hybrid PBX system or IP system connection is also of fundamental importance.
The following aspects should be taken into account when planning the use of PBX systems:
Guidelines for use
In order to be able to use PBX systems in a secure and effective manner, security policies based on the existing security goals have to be drawn up. In addition, requirements resulting from the planned operational scenarios should be included. These specific security policies must be in agreement with the overall security concept of the organisation (see also S 2.472 Drawing up a security policy for PBX systems for more information).
Equipment features/end devices
Depending on the use of the PBX system, it must be specified what end devices are required. In addition to the classic function of voice telephony, even simple PBX systems offer a range of comfortable equipment features. For classic as well as hybrid PBX systems, these are classified into analogue and digital devices and the device types such as modem, fax, and corded and cordless telephones. The selection should also take operating features, ease of use, and device features into account. For example, with regard to the telephones, headsets or simple devices can be selected, depending on the specific area of application
Features
PBX systems offer a large number of features. These can include security-related aspects which must be taken into account. Features critical to security include, for example, entering, where additional communication partners can be added to an existing telephone call, call conferencing, where several partners communicate with each other simultaneously via the system, and pick-up of an incoming telephone call from from another telephone to your own. While planning the use, it must be decided which of the features provided by the PBX system are to be used.
Competences
As a large number of components are required when using PBX systems, it should be examined which organisational units are responsible for which tasks, i.e., for example, who takes care of purchasing and setting up hardware, software updates, user IDs or user support. It must also be examined whether support from an external provider is required.
Authorisation concept
Based on the selected features, the authorisations for use should be specified in a role concept, such as:
- Who may use which functions and communication services?
- Who decides on the message to be recorded on the answering machine integrated in the PBX system and who may delete which recordings when?
- Who takes care of the on-hold music or automatic call forwarding?
- Are end devices configured centrally by an administrator or is each user granted their own authorisations?
Administration and configuration
The considerations relating to the configuration and administration of the PBX system initiated with the authorisation concept must be refined. Consideration must be given to how the system is to be administrated and which settings are to be performed via a central administration and configuration management and which settings are to be performed locally at the end devices. Central tasks would be, for example, the connection of additional device types, setting up emergency and special numbers as well as contact management or connection of directory services such as LDAP. Local ring tones, key locks, allocation of function keys or private phone books can be set up at the end devices.
Furthermore, it must be clarified who is responsible for administration of the PBX system and its components. This also includes tasks such as installing patches and updates on a subsystem, introducing new user groups, changes to rights and the composition of user groups, activation of new functions of the PBX system, and configuration changes that go beyond basic user administration. The PBX system must be integrated in the organisation's patch and change management (see S 1.14 Patch and change management).
All changes to the configuration of the PBX system should be logged in such a way that they can be reconstructed at a later point in time (see also S 4.5 Logging for PBX systems).
Logging
In the planning phase, the decision as to which information should be logged at a minimum and how long the logged data will be stored should be made. In addition, it must be specified whether the logged data will be stored locally in the system or on a central server in the network. In case of an IP system connection, logging must also be possible. It makes sense to define how and when the data is to be evaluated during the planning phase. In this context, it must be checked as to how far the data protection act must be observed and what consequences must be drawn from this.
In general, a PBX system delivers log data regarding times and the telephone numbers of outgoing and incoming calls. This data can be used to charge telephone calls to cost centres. The data can be backed up using appropriate software.
Data backups
The configuration, the current version of the programs used and the log data of the PBX system and its components should be backed up regularly in order to be able to quickly provide a backup system in case of failures. Backup times and forms should be specified to meet the requirements for the maximum tolerable loss of data. The corresponding specifications must be adopted to an overall data backup plan of the central IT department, see safeguard S 6.26 Regular backup of PBX configuration data for more information.
Contingency Planning
In order to respond to problems quickly and effectively, it is also necessary to create the organisational framework to be able to quickly switch to alternative communication channels or make emergency calls in an emergency. It must also be ensured that training is given to all employees. They must be made aware of potential threats of the PBX system, informed of any warnings, symbols, and tones and familiarised with the operation of the corresponding communication services. The availability of the PBX system is an important requirement, and not only for the business processes. For this reason, appropriate precautions must be taken. More information can be found in safeguard S 6.145 Contingency planning for PBX systems.
The plan must be submitted to management for approval and all decisions must be documented in a comprehensible manner.
Review questions:
- Have all plans regarding the PBX systems been documented in a comprehensible manner?