S 5.44 One-way connection setup

Initiation responsibility: IT Security Officer

Implementation responsibility: Administrator

In most cases there is exactly one telephone line for one modem. The modem receives incoming calls and sends outgoing calls via this telephone line. To prevent an attacker from gaining access to the connected IT system unnoticed, at the very least one callback mechanism should be installed (see also S 5.30 Activating an existing call-back option).

Despite an activated callback mechanism, an incoming connection might not be terminated unless the caller hangs up. The public exchange switchboard only terminates such a connection after a certain amount of time has elapsed. The problem arises particularly if a PBX unit does not also terminate the connection.

Therefore, an attacker can initiate a callback, but simultaneously keep the line open so that the modem correctly dials the stored callback number but remains connected with the attacker as before.

To prevent this, it should first be checked whether an incoming connection is terminated if the caller does not hang up. If this is not the case, and if it cannot be ensured that every modem connection is monitored by one person, working with separate telephone lines and one-way connections should be considered, i.e. with one socket for incoming calls and one socket for outgoing calls. This requires a modem for every socket and the initiation of the callback via the application. It must be ensured that the modem does not automatically receive any calls for outgoing connections (S0=0, i.e. no Auto-Answer). To prevent the receiving modem from creating any external connections, the modem socket should either be locked on the internal PBX unit or the relevant lock from the telephone provider should be applied for.

Review questions:

• Is the callback mechanism of the modem used for prevention of unnoticed access from the outside?
• Is it ensured that the modem also terminates an incoming connection if the caller does not hang up?