|
|
Initiation responsibility: IT Security Management, PBX officer
Implementation responsibility: Administrators
Integrated Services Digital Networks (ISDN) allow the signalling of call numbers not only to public exchanges but also directly to the participating communications partners. This ISDN function is termed:
The call number display can be evaluated by each communications partner for the purpose of authentication.
Mode of operation:
To start with, the calling subscriber sends a call request to the digital exchange assigned to him. The digital exchange forwards this call request, together with the number of the calling subscriber, to the called communications partner in the ISDN. The digital exchange on the other side then forwards the call request to the ISDN communications unit of the called subscriber. On the basis of the forwarded call number, the communications unit (e.g. an ISDN router or PBX) can then identify the calling subscriber (CLIP). On positive identification, the call request is accepted and the exchange of data can be commenced.
An advantage of this function is that identification is performed by the equipment (ISDN router, PBX) of the communications partner, who is thus in full control of the identification process.
A disadvantage of this function is that call numbers transmitted via the D-channel of an ISDN are always vulnerable to manipulation (refer to T 5.63 Manipulation via the ISDN D-channel). Simple authentication using forwarded call numbers is thus only possible in conjunction with a callback function (refer to S 5.49 Callback based on CLIP/COLP) or a D-channel filter (refer to S 4.62 Use of a D-channel filter) which detects attempts to manipulate protocols.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |