Quantcast Telephone Systems - hdbk232a0111

Share on Google+Share on FacebookShare on LinkedInShare on TwitterShare on DiggShare on Stumble Upon
Custom Search

5.7.3  Protected distribution systems (PDS).  Situations exist which require
RED cable distribution to exit one LEA, traverse one or more lower levels of
security, and ingress another LEA.  In such cases, additional security
measures are required to protect the information being distributed.  Guidance
is contained in NACSI 4009.  Such protection must make penetration into the
distribution media so difficult that it discourages the penetrator, or makes
discovery and apprehension a certainty, The amount of protection depends upon
the level of classification of the information, the level of security in the
area(s) crossed, and the responsiveness of the security force.  The PDS
should be exposed to surveillance.  All joints and covers should be welded,
Pull boxes and accesses must be kept to a minimum.  Where access to pull
boxes must be retained, covers should be equipped with approved locks and
intrusion detection devices.  Cables contained within the PDS should have
wire supervision which alerts security personnel should a successful
penetration occur.  Surveillance may also require lighting the entire run and
monitoring it with closed circuit TV.  To design a PDS, one must consider the
geographic location, political environment, zone of control, size and
complexity of the PDS, available surveillance, accessibility, and degree of
vulnerability.  The designer must work closely with the local security and
intelligence agencies to define the threat to which the PDS must be designed.
For instance, some locations may require less protection, while other
locations may require stringent protection, or may not allow the use of a PDS
due to a highly hostile local environment.  Where intrusion detection systems
(IDS) are used for the facility, such systems should be extended for
additional monitoring of the PDS.
5.8  Telephone systems.  Telephone systems are an integral part of the
communications community.  This type of service may range from a single
telephone line to a fully expanded electronic private automatic branch
exchange (EPABX).  An EPABX may consist of secure or nonsecure voice,
facsimile or data, with additional capability of voice conferencing, redline
service, off-hook (hot line) service, dial intercom, or public address system
access.  Due to the probable extension of these systems beyond the CS,
stringent TEMPEST control measures are mandated.
5.8.1  Administrative nonsecure telephone systems.  Current technology and
tariff/industry deregulation have produced a myriad of equipment and systems
which may be interconnected by the public switched network.  Service to a
facility may be Government owned and operated, or may be provided by the
common carrier or a third-party vendor.  The variety and complexity of
commercial telephone systems make the task of providing specific installation
guidance difficult.  Every installation must be examined in light of the
particular environment involved.  There are, however, basic steps which
should be followed to provide security against a technical penetration of any
telephone system.  The more complex a system is, the more difficult it is to
prevent a penetration.  The best way of eliminating the problem would be to
exclude telephones from areas in which classified information is discussed
and/or processed.  This approach is unrealistic in the majority of situations
encountered.  Although it is usually possible, and recommended, to exclude
telephones from secure conference rooms, a working area is a different
matter.  Communications must be provided.  Restricting the number of
telephones to an absolute minimum is essential.
5.8.2  Risks.  Telephones in areas where classified information is discussed
or processed constitute exploitable vulnerability.  Three distinct risks are
involved:  wiretapping, compromising emanations, and mircophonic coupling.


Privacy Statement - Copyright Information. - Contact Us

Integrated Publishing, Inc.