S 4.60 Deactivation of ISDN router functions which are not required

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

In addition to service functions and remote maintenance (refer to S 2.108 Relinquishment of maintenance of remote ISDN gateways), functions of the router operating systems can also result in security weaknesses. If the router has a Unix operating system, for example, it is possible to start a Telnet session on the router and subsequently manipulate the management information base.

Wherever possible, router functions which are not required should be deactivated, preferably by removing the related software modules. Card functions which can be configured simply through parametrisation must be checked regularly to determine whether the parameter settings are still correct.

Additional controls:

• Are checks made to determine whether available functions are actually required?

• Have functions whose use is obviously not required been disabled?