S 4.62 Use of a D-channel filter
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Purchasing Department, Administrator
A D-channel filter is installed between the ISDN connection (S2M or S0) and the ISDN terminal device or ISDN private branch exchange (PBX). This filter acts as an ISDN terminal device vis-à-vis the ISDN connection and as an ISDN connection vis-à-vis the ISDN terminal device. The D-channel filter monitors the ISDN D-channel for unauthorised protocol actions and is thus capable of detecting, as well as preventing, attempts at manipulation via the D-channel. Use of a D-channel filter is particularly advisable in situations where unauthorised access by qualified persons via remote access ports is expected (for example, during remote maintenance and administration).
A D-channel filter also restricts performance features and services for the call numbers of certain communications partners in order to prevent the ISDN terminal device from being misused and endangered under certain operational conditions. A D-channel filter responds to an unauthorised attempt to make use of performance features and services by closing down the connection (disconnect, release) and logging the attempt.
Further details on this technology - which was initiated by the BSI can be obtained from the IT-Grundschutz Hotline.
Review questions:
- Are ISDN connections protected by the use of a D-channel filter?