|
Initiation responsibility: PBX officer; IT Security Management; Head of IT Section
Implementation responsibility: Administrators
Many IT systems, PBXs and gateway components (e.g. ISDN routers, speech-data multiplexers etc.) are delivered with default passwords configured by the manufacturer. These should, as a first step, be replaced by individual passwords. In this respect, the pertinent provisions on passwords must be observed (cf. S 2.11 Provisions governing the use of passwords).
Caution: In some PBXs, changes made to the configuration are only filed in RAM. The same applies to password changes. Therefore, data must always be saved and a new backup copy made after such an operation. If this is not done, the default password will again be enforced after any "restart" of the facility. In addition, a check is required as to whether the default password has actually become invalid after the specification of a new password, and can thus no longer be used to access the system.
Additional controls:
© Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |