IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 5.11 Loss of confidentiality of data stored within
PBX installations
Within PBX installations, personal and in-house data are stored on hard disks
for a prolonged period of time. In this case, personal data are: charging
infomation, configuration data, privileges and, in instances, data for electronic
telephone directories, passwords and job account numbers.
Such data can be read and modified by the administration staff. The nature and
extension of such tampering depends on the type of the given installation and,
where provided for, on the granting of rights. Administration staff have this
possibility both at the site and through remote maintenance. In case of external
remote maintenance, the person entrusted with this task (normally the
manufacturer) has this possibility at any time!
The hard disks are often taken to the PBX manufacturers for an upgrade of
system software. This means that personal data can be read by the respective
manufacturer.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000