S 4.62 Use of a D-channel filter

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrator, Purchase Department

A D-channel filter is installed between the ISDN connection (S2M or S0) and the ISDN terminal device or ISDN private branch exchange (PBX). This filter acts as an ISDN terminal device facing the ISDN connection, and as an ISDN connection facing the ISDN terminal device. The D-channel filter monitors the ISDN D-channel for impermissible protocol actions and is thus capable of detecting, as well as preventing, attempts at manipulation via the D-channel. Use of a D-channel filter is particularly advisable in situations where unauthorised access by qualified persons via remote access ports is conceivable (for example, during remote maintenance and administration).

A D-channel filter also restricts performance features and services for the call numbers of certain communications partners so as to prevent the ISDN terminal device from being misused and endangered under certain operational conditions. A D-channel filter responds to an unauthorised attempt to make use of performance features and services by closing down the connection (disconnect, release) and logging the attempt.

Further details on this technology - which was initiated by the BSI - can be obtained from the IT baseline protection hotline.