IT Baseline Protection Manual - The Information Warfare Site

Telecommunications Answering Machine
_________________________________________________________________________________________
8.3 Answering Machine
Description
This chapter deals with answering machines which, in addition to telephones, can be connected to the
local telephone network in the building. They normally serve to record incoming calls or messages in
the form of speech in case the called party is not personally available. These devices differ in terms of
recording techniques: fully analogue, fully digital and a combination of analogue/digital. Particularly
the currently widespread remote inquiry feature makes it recommendable to consider answering
machines as IT systems and carries considerable threat potential.
Threat Scenario
The following typical threats are assumed for answering machines as part of IT baseline protection:
Force Majeure
- T 1.8 Dust, soiling
Organisation deficiencies
- T 2.1 Lack of, or insufficient, rules
- T 2.5 Lack of, or inadequate, maintenance
- T 2.6 Unauthorised admission to rooms requiring protection
Human Failure:
- T 3.15 Improper use of answering machines
Technical Failure:
- T 4.1 Disruption of power supply
- T 4.18 Discharged or fatigued emergency power supply in answering machines
- T 4.19 Information loss due to exhausted storage medium
Deliberate Acts:
- T 5.36 Deliberate overloading of answering machines
- T 5.37 Determining access codes
- T 5.38 Misuse of remote inquiry
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
The safeguards package for an "Answering Machine" is presented in the following.
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000
.... Bitte sprechen Sie
nach dem Piepston. Danke!
.....piiiiep.....