|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrator, Purchase Department
ISDN cards which have been selected for purchase should offer all security functions which might be required, so as to prevent unnecessary expenses in future. These security functions should either be an integral part of the card, or realisable with the help of the accompanying communications software and driver programs.
Possible criteria for selecting a suitable ISDN card include:
Furthermore, the ISDN cards must be checked for functions which would impair operational security. If any such functions are found to exist, they should at least be deactivated through appropriate configuration. This includes, for example, the remote control functionality which allows an establishment of direct communications with the IT system via the public network.
ISDN cards with the greatest possible number of identical security functions should be used on the IT systems requiring such cards as well as the network gateways (e.g. ISDN routers). If a particular security function exists on one side but is absent on the other, the desired effect will not be achieved.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |