RE: A question about modem security

["Andrew Shore" <andrew.shore () holistecs com>]

Encryption is handled by the applications above the modem layer.

It is possible to send encrypted data down a modem line.

The insecurity comes from the fact that anyone is capable of connecting
to the modem simply by dialling it and then can brute force there way
onto a system. Also most modems are left on systems by
non-administrators (ie some guy in the off) who do not make any attempt
to secure them.
 
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore () holistecs com
 
 
 
Company Number 04943010
VAT Number 828 8635 82
 
 
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 
-----Original Message-----
From: David M [mailto:davidbmurphy () verizon net] 
Sent: 24 April 2004 19:28
To: security-basics () securityfocus org
Subject: RE: A question about modem security

Due to the lack of encryption on the  connection. Which is caused by the
limited amount of packets than can be sent over dial up speeds.

-----Original Message-----
From: Adnan Ali [mailto:call_ret () yahoo com] 
Sent: Wednesday, April 21, 2004 4:30 AM
To: security-basics () securityfocus org
Subject: A question about modem security

I have read somewhere that dial-up questions using
modems are inherently insecure. Can somebody please
explain to me why it is so?

Thanks,


        
                
__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25"
http://photos.yahoo.com/ph/print_splash

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----





---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------