IT Baseline Protection Manual T 2.37 Uncontrolled usage of communications lines
T 2.37 Uncontrolled usage of communications lines
During the use of communications cards in an IT system (fax, modem or ISDN cards), it is not always clearly evident whether any further data is also transmitted in addition to the user and protocol data. Once activated, a communications card is generally able to establish a connection to an undesired terminal, without any user activity. In addition, third parties may have access to remote functions which are not known to the user.
Examples:
While configuring a fax card for the first time, the user is prompted by the installation program to enter the country code for Sweden.. This could imply that the manufacturer of the card wants information on the use of his/her product, possibly for marketing reasons.
A large number of modem cards support remote access to IT systems. Although such access can be protected by certain mechanisms, some of which are integrated in the cards themselves (call-back option and call-number authentication), the related default settings, however, have not been made. An IT system configured like that can therefore be completely manipulated at will by external parties via the modem card