IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 5.44 Abuse of Remote Access Ports for<br />

Management Functions of Private Branch<br />

Exchanges<br />

Private branch exchanges have remote access ports for management functions.<br />

It is possible to execute all administration and maintenance tasks as well as<br />

other management functions such as alarm signalling and processing via these<br />

access ports.<br />

Such remote access ports are particularly useful and sometimes indispensable<br />

in connected PBX installations (corporate networks). It is possible to<br />

distinguish between two types of remote access:<br />

- "Modem" access via dedicated management ports and<br />

- Direct dialling via DISA (Direct Inward System Access).<br />

. Furthermore, in more recent logging procedures such as QSig and some of<br />

the other proprietary protocols, management functions are already contained<br />

within the signalling spectrum. This results in the potential for abuse.<br />

In the case of insufficiently secured access ports for remote maintenance, it is<br />

conceivable that hackers could gain access to the PBX’s management<br />

programs. Consequently, once they had mastered the system password they<br />

would perhaps be able to perform all administration tasks. <strong>The</strong> resultant<br />

damage may range from failure of the complete system, via the most serious<br />

operating malfunctions, loss of confidentiality of all data present on the<br />

system, through to huge direct financial loss, e.g. through call charges fraud.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!