HostedDB - Dedicated UNIX Servers
UnauthorizedModems_12
Protecting Data Networks by Securing Telephone Networks 11 corporations with many telephone numbers, war dialing can take a considerable amount of time unless multiple war dialers and modems are used. Correlation of the results between the various modems then becomes a problem. Another feature that may be implemented to some degree is the ability for the software performing the war dialing to also attempt unauthorized access to the computer systems detected. This capability requires the war dialing software be able to determine the specific operating system or communication software that is being used on the target system. Usually, this simply entails a “brute force” attack consisting of automated guessing of common userid/password combinations. More extensive and sophisticated attacks, the type “hackers” would also attempt, are generally not being performed. Within the operational model of computer and network security, the functions war dialing performs all fall under the detection portion of the equation. The actions security professionals take after a war dialing scan can be construed as a type of response and, in a very minor way, an attempt at prevention. It is important to realize war dialing only captures a single picture of the organization’s telephone network at the instant it is performed. New modems can be added seconds after a sweep is performed and they would not be detected until a future sweep is performed. If an individual attaches a modem for only a short period of time, the chances of it being detected in an organization that performs only occasional sweeps is extremely low. Relying solely on war- dialers, commercial or otherwise, simply is not sufficient to address the problems posed by modems. For an organization to effectively secure their telephone systems, there are three basic functions that need to be performed: 1)    A method to detect and prevent abuses of the phone system, 2)    A method to detect intrusive activity on authorized lines, and 3)    An integrated approach to meld telephone security functions into an effective package. The first function can be viewed as providing a firewall for telephones. A device of this sort should provide the same functions to protect an internal network from telephone line modem connections as network firewalls provide for Internet connections. A telephone firewall would thus serve as a barrier to intruders, preventing them from gaining access to an organization’s internal network as well as providing a mechanism for an organization to control the type of access provided to employees. It should restrict data communication to specific telephone lines identified by the security policy as allowing modem or fax connections. It should block all incoming or outgoing data communication on telephone lines authorized as voice only. Additional capabilities that might be useful in certain circumstances would include the ability to record the contents of calls as well as the ability to redirect calls of a certain type to a different destination. Figure 5 illustrates the placement of a telephone firewall in an organization. In addition, since attacks on the PBX itself occasionally occur, the device should protect the PBX and monitor calls directed at it. Up to this point, the only tool available to prevent rogue modems was the war dialer. As was discussed earlier, this method will be only marginally successful at best. The question might be asked as to whether a telephone firewall eliminates the need for war dialers altogether. What is Needed to Provide Telephone Security