S 5.44 One-way connection setup

Initiation responsibility: IT Security Management

Implementation responsibility: Administrators

In most cases there is exactly one telephone line for one modem. The modem receives incoming calls and sends outgoing calls via this telephone line. To prevent an attacker from gaining unnoticed access to the connected IT system, at the very least one call-back mechanism should be installed (see also S 5.30 Activating an existing call-back option).

Despite an activated call-back mechanism, an incoming connection might not be terminated unless the caller hangs up. The public exchange switchboard only terminates such a connection after a certain amount of time has elapsed. The problem arises particularly if a PBX unit does not also terminate the connection.

Therefore, an attacker can initiate a call-back, but simultaneously keep the line open so that the modem correctly dials the stored call-back number but remains connected with the attacker as before.

To prevent this, it should first be checked whether an incoming connection is terminated if the caller does not hang up. If this is not the case, and if it cannot be ensured that every modem connection is observed by one person, working with separate telephone lines and one-way connections should be considered, i.e. with one socket for incoming calls and one socket for outgoing calls. This requires a modem for every socket and the initiation of the call-back via the application. It must be ensured that the modem does not automatically receive any calls for outgoing connections ( S0=0, i.e. no Auto-Answer). To prevent the receiving modem from creating any external connections, the modem socket should either be locked at the internal PBX unit or the relevant lock from the telephone provider should be applied for.