Information Security News mailing list archives
A Security Pitfall: The Dial-Up Modem
From: InfoSec News <isn () C4I ORG>
Date: Mon, 17 Jul 2000 17:07:51 -0500
Forwarded By: Todd Beebe <todd () internetworking com> http://www.informationweek.com/794/securit3.htm By George V. Hulme Crackers don't always use direct and obvious means--such as deciphering a user ID or a personal identification number--to launch an assault on a company's network. Sometimes they slither in through a poorly secured dial-up connection. One of the most widely used--and overlooked--points of entry into a company's network is dialing in through an analog modem. Hackers call a company's phones, one after another, or use "war dialers" to sweep the company's extensions, hoping to stumble on an open modem to answer the call. Once the modem answers, it's only a matter of seconds before the hacker has access to the data on the client, which could be a notebook user dialing in from the road or an employee logging on from a home PC, and possibly the corporate network itself. These breaches bypass most intrusion-detection systems, so companies won't even know they've been cracked. At hard-disk suspension manufacturer Hutchinson Technology in Hutchinson, Minn., corporate security manager Ron McKinnon says he got the idea to scan dial-up modem use among notebook-using and remote employees after attending a class titled "How To Hack Your Own Network." "Analog access is something most companies really don't consider," he says, "but it's apparently one of the first things an external hacker will look at." InformationWeek Research's Global Security Survey backs this up: Only 28% of companies say they use dial-back or secure modems within their operations. Early this spring, McKinnon and his security team set out to discover exactly what was going on within the company's 3,800 phone extensions. They chose SecureLogix's distributed scanning tool, TeleSweep Secure. McKinnon says they immediately found suspect events on the phone lines. "We identified 38 active, unauthorized modem connections that had been doing everything from running PCAnywhere to accessing the AS/400," says Archie Woodworth, information protection specialist at Hutchinson. The team also noticed incoming modem calls being made to the PBX system and attempts to connect through the voice-mail system. Woodworth says Hutchinson has obtained a list of extensions in the company where unauthorized modem calls originate, as well as extensions receiving inbound modem calls. "Once we get a handle on all of that, we'll be able to restrict which outbound numbers we can allow modemers to call and restrict which inbound destination numbers can receive modem calls," he says. Hutchinson will use SecureLogix's TeleWall to limit or block unauthorized traffic on the phone system. The company will set up TeleWall to let only approved dial-up users through. Says McKinnon, "All other modem calls will be blocked." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- A Security Pitfall: The Dial-Up Modem InfoSec News (Jul 18)