IT Baseline Protection Manual - Chapter 8.1 Telecommunications System (Private Branch Exchange, PBX)
8.1 Telecommunications System (Private Branch Exchange, PBX)
Description
A private digital ISDN telecommunications facility
(switching device for connections between incoming and
outgoing lines for the purpose of exclusive data exchange,
in the following referred to as private branch exchange - PBX)
is both a communications basis for its proper do-main
and an interface with the public network. It is used to
transmit speech and images (fax) and increasingly serves
as a transmission medium for LAN coupling and
electronic mail systems. If it is used as a LAN, the provisions of Chapter 6.1, Server supported
Network, must be observed.
For the purposes of this Chapter, it is assumed that a person responsible for the PBX has been
designated who is able to take the fundamental security decisions and initiate security safeguards.
Threat Scenario
The following typical threats (T) are assumed as regards IT baseline protection of a private branch exchange:
T 5.16 Threat posed by internal staff during maintenance/administration work
T 5.17 Threat posed by external staff during maintenance work
T 5.44 Abuse of Remote Access Ports for Management Functions of Private Branch Exchanges
Here, consideration is given to those threats which may impair the functioning of an institution. Thus,
the focus is not on legal data privacy aspects. These are already covered, for a major part, by existing
operating agreements and/or service agreements. Nevertheless, IT baseline protection does, of course,
also contribute to the protection of person-related data.
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
The central devices of a PBX facility should be installed in a room which meets the requirements laid
down for a server room (Chapter 4.3.2), or for a technical infrastructure room (Chapter 4.3.4). For
provision of a PBX with cables, see Chapter 4.2.
In the following, the safeguard group "Private Branch Exchange" is set out:
Infrastructure:
S 1.2 (2) Regulations governing access to distributors