S 4.10 Secure basic local configuration of routers and switches
Initiation responsibility: IT Security Officer, PBX System Manager
Implementation responsibility: IT Security Officer, User
PBX systems offer numerous features and interfaces to the terminal devices. Depending on the PBX system, these features or interfaces may be available in different versions or under another name. Certain features must be enabled in the PBX system itself and others are configured on the corresponding terminal devices.
In addition to the PBX systems, the terminal devices may also be characterised by additional interfaces in addition to the option of connecting to the telephony cabling. Amongst other things, this also includes Bluetooth for the use of wireless headsets or WLAN that can be used to connect a wireless VoIP phone to the LAN and directly to the PBX system. Unused interfaces and unused features should be disabled. When the interfaces are used, they must be protected against unauthorised access with the help of an upstream authentication.
The scope of the available features should be restricted to the required minimum extent and basically only the required features should be enabled. This way, it is prevented that the system is unnecessarily exposed to potential attacks due to its features. Certain features may be misused for targeted attacks, particularly regarding confidentiality or availability. The owner of the system may incur undesirable fees in the course of such misuse.
Features of terminal devices with a potential for being misused include, for example:
- voice calling and/or automatic call acceptance, since this function may be misused to wiretap rooms in combination with a hands-free function on telephones,
- the outside line for easily accessible apparatuses, since unauthorised persons may make calls at the cost of the organisation this way,
- call forwarding, since the user of a phone connection is not available if this function is deliberately or accidentally used incorrectly, for example,
- breaking in, allowing a caller to listen in on a current telephone call,
- dial-in conference calls, since the subscribers may independently dial in to the telephone conference without this being noticed by the other subscribers and so unauthorised persons may listen in, and
- different features designed for export ("silent monitoring" or "eavesdropping"), since they may be used to attack the confidentiality.
The terminal devices should be configured in such a way within the framework of their available capabilities that a warning is generated once security-critical features are being used. The features not required or deemed critical due to their potential for being misused must be disabled at the central system as far as possible. If the central system only offers limited or insufficiently differentiated capabilities for this, the central settings can be combined with corresponding blocking settings on the terminal devices.
Additional protective safeguards should be taken for the confidential data stored on or retrievable from the terminal devices such as contact information or organisation-wide telephone books. This is particularly applicable to terminal devices installed in unprotected areas such as meeting rooms or underground car parks. However, the PBX system may sometimes be used to grant authorisations for the corresponding terminal device connections.
In order to prevent changes to the configuration from being performed on freely accessible terminal devices without authorisation, for example, these should be protected with the help of passwords or PINs. Ex factory, many terminal devices are already equipped with default passwords or PINs. These default passwords must be changed during initial operation. In general, features such as call forwarding, pick-up of incoming telephone calls, and such like should only be available after having entered the authentication information at the device. The password protection capabilities may be used to prevent the functions of the terminal devices from being misused.
Since the users themselves are responsible for this configuration of the terminal devices, their awareness must be raised and they must be trained (see S 3.82 Training on the secure use of PBX systems).
Review questions:
- Is access to PBX terminal devices protected with the help of a password?