IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 5.48 Authentication via CLIP/COLP<br />

Initiation responsibility: <strong>IT</strong> Security Management, PBX officer<br />

Implementation responsibility: Administrators<br />

Integrated Services Digital Networks (ISDN) allow the signalling of call<br />

numbers not only to public exchanges but also directly to the participating<br />

communications partners. This ISDN function is termed:<br />

- CLIP = Calling Line Identification Presentation and<br />

- COLP = Connected Line Identification Presentation or, more generally,<br />

- Call number display<br />

<strong>The</strong> call number display can be evaluated by each communications partner for<br />

the purpose of authentication.<br />

Mode of operation:<br />

To start with, the calling subscriber sends a call request to the digital exchange<br />

assigned to him. <strong>The</strong> digital exchange forwards this call request, together with<br />

the number of the calling subscriber, to the called communications partner in<br />

the ISDN. <strong>The</strong> digital exchange on the other side then forwards the call<br />

request to the ISDN communications unit of the called subscriber. On the<br />

basis of the forwarded call number, the communications unit (e.g. an ISDN<br />

router or PBX) can then identify the calling subscriber (CLIP). On positive<br />

identification, the call request is accepted and the exchange of data can be<br />

commenced.<br />

An advantage of this function is that identification is performed by the<br />

equipment (ISDN router, PBX) of the communications partner, who is thus in<br />

full control of the identification process.<br />

A disadvantage of this function is that call numbers transmitted via the Dchannel<br />

of an ISDN are always vulnerable to manipulation (refer to T 5.63<br />

Manipulation via the ISDN D-channel). Simple authentication using<br />

forwarded call numbers is thus only possible in conjunction with a callback<br />

function (refer to S 5.49 Callback based on CLIP/COLP) or a D-channel filter<br />

(refer to S 4.62 Use of a D-channel filter) which detects attempts to<br />

manipulate protocols.<br />

Additional control:<br />

- Can the installed ISDN equipment make use of the CLIP and COLP<br />

functions, as well as maintain sufficiently large tables of call numbers?<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!