UnauthorizedModems_15
Protecting Data Networks by Securing Telephone Networks
14
telephone firewall provides a view and control of the datastream that was not
available before. Consider, for example, the tools described to secure an
organizations telephone network. The benefits of more effective telephone
management can be realized in several ways. One immediate result is a better
understanding of the actual needs of the organization. It is not uncommon for
corporations to have numerous fax lines. How many are actually needed? What
is the utilization of these devices? If the utilization is low it may be possible to
save money by eliminating some. Savings may also be realized as a result of
better accounting of the lines that are actually in use. The savings may be
especially dramatic for large corporations with numerous lines.
It is difficult to keep track of the lines that are connected and disconnected on a
daily basis. In an audit conducted in 1998, for example, Greyhound Lines, Inc.
recovered more than $1 million in incorrect telephone charges. [6]The charges
included previously disconnected or currently unused telephone lines, as well as
charges from 900 numbers and third party calls Greyhound had previously
thought were blocked. Audits of the sort conducted by Greyhound are extremely
labor-intensive, but with the added functionality provided by the telephone
security device described above, it would become much easier to conduct. This
sort of savings provides a very rapid return on the security investment.
Enterprise-Wide Security
It is important to remember that any device used to secure telephone lines is
only part of what is required to provide enterprise-wide security. On the other
hand, any attempt to secure a corporate internal network would be incomplete
unless the potential problem with telephone modems is effectively addressed. It
is important to address each element of security as depicted in Figure 6 and to
incorporate all aspects of the operational model of computer and network
security (prevention, detection, and response). Simply installing disparate
security devices, however, will not result in an integrated or effective approach
to enterprise-wide security. To be useful, data from all security monitoring
devices needs to be combined into an integrated body of information, then
presented in an effective fashion which would provide executive-level
management with a corporate viewpoint of the companys computer and
network security posture.
To truly understand what is happening, executive-level management needs to
have both network structure visibility as well as corporate datastream visibility.
This means the structure of computing and network assets (in terms of
connectivity and configuration of computing assets) as well as the methods used
to transmit data in the company should be available to corporate executives. To
present this often voluminous information requires a system which can receive
data from the various monitors and sensors (e.g. firewalls and intrusion
detection systems) and present pertinent security information in an easily
understood fashion. Tools that provide this visibility would provide more
comprehensive system security as well as enabling an organization to realize a
return on its security investment.