S 5.32 Secure use of communications software

Initiation responsibility: IT Security Management, Administrators

Implementation responsibility: IT users, Administrator

The security of computer access via modem is decisively influenced by the computer software used.

Almost all communications software allows storage of the telephone numbers and other data of communications partners. Such person-related data must be protected appropriately.

Passwords for access to other computers and modems should not be stored in the communications software, even if this appears convenient; every person having access to the IT system and the communications software can then access other systems under a different user name (cf. S 1.38 Suitable installation of a modem and S 2.8 Granting of (application/data) access rights).

Several communications programmes allow data transfer to take place unobserved in the background, e.g. within Windows. This feature should only be used with trustworthy communication partners, as it is possible to interrupt data transmission and transfer data of a different, unauthorised nature from/to the local computer. In this manner, for example, viruses could be smuggled into the local computer or confidential data could be copied. Protocols allowing full-duplex transmission, i.e. simultaneous transmission and reception, are also available. Such transmission protocols must only be used with a trustworthy communications partner, as they are equivalent to background transmission of data.

If the communication software includes password protection or protocol features, these should be activated.

Additional controls:

• Are passwords being stored in the communications software?

• Are IT users aware of the risks associated with the background transmission of data?