S 4.61 Use of security mechanisms offered by ISDN components

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

If ISDN cards with security functions have been purchased for the IT system or router in accordance with S 2.106 Purchase of suitable ISDN cards, such as

• capability to perform authentication via PAP and CHAP (Password Authentication Protocol and Challenge Handshake Authentication
  Protocol, RFC 1994),
• use of a hardware-based or software-based encryption procedure (symmetric/asymmetric);
• option of evaluating CLIP call numbers (Calling Line Identification Presentation) for the purpose of authentication;
• option of maintaining a table of call-numbers for performing callbacks; and
• option of logging unsuccessful attempts to establish a link (refusal due to incorrect authentication of call numbers or PAP/CHAP),

they should be used as described in the safeguards S 5.48 Authentication via CLIP/COLP, S 5.49 Callback based on CLIP/COLP, S 5.50 Authentication via PAP/CHAP and S 4.34 Using encryption, checksums, or digital signatures. A prerequisite here is that all communications partners should have, if possible, ISDN cards equipped with identical security functions.

Review questions:

• Are the security mechanisms available for the installed ISDN equipment?