S 5.32 Secure use of communications software

Initiation responsibility: IT Security Officer, Administrator

Implementation responsibility: Administrator, User

The security of computer access via modem is decisively influenced by the computer software used.

Almost all communications software allows storage of the telephone numbers and other data of communications partners. Such personal data must be protected appropriately.

Passwords for access to other computers and modems should not be stored in the communications software, even if this appears convenient. Every person having access to the IT system and the communications software can then access other systems under a different user name (see also S 1.38 Suitable installation of a modem and S 2.8 Assignment of access rights).

Several communications programs allow data transfer to take place unobserved in the background, e.g. in Windows. This feature should only be used with trustworthy communication partners, as it is possible to interrupt data transmission and transfer data of a different, unauthorised nature from/to the local computer. In this manner, for example, viruses could be smuggled into the local computer or confidential data could be copied. Protocols allowing full-duplex transmission, i.e. simultaneous transmission and reception, are also available. Such transmission protocols must only be used with a trustworthy communications partner, as they are equivalent to background transmission of data.

If the communication software includes password protection or protocol features, these should be activated.

Review questions:

• Is contact data of communication partners sufficiently protected in the communications software used?
• Is storing of passwords in the communications software prevented and/or forbidden?
• Are present security mechanisms of the communications software used, e.g. password protection or logging features?