S 4.11 Screening of PBX interfaces

Initiation responsibility: PBX officer; IT Security Management

Implementation responsibility: Administrators

The interfaces of a PBX system, through which administration activities can be carried out, are points requiring protection. Therefore, they should be specially shielded. Through unused or unprotected interfaces, unauthorised persons can, for instance, by using a laptop PC, manipulate the system. In such cases, password protection for a PBX operator's console or a PC gateway would be ineffective. Therefore, the aim is to prevent such manipulation or, at least, to provide for detection of an attempt to this effect. For this reason, the used interfaces should be tightly screwed and possibly sealed as well. Unused interfaces can be secured by screws and sealed cover plates.

Additional controls:

• Are all interfaces known through which your PBX can be configured?
• Are there any PBX interfaces which can be freely accessed?
• Have the existing connecting cables been mechanically secured at both ends?