---

---

Protecting Data Networks by Securing Telephone Networks 15 Summary The danger to computer systems and networks from “hackers” continues to be a problem despite the increasing availability of security products such as firewalls. One reason for this is most security products are point products designed to prevent access to an internal network or computer system. A recent development in security tools, one designed to detect and respond to intrusions when they inevitably occur, are intrusion detection systems. These systems not only provide the capability to monitor the effectiveness of point products used to prevent unauthorized access, but also provide a view into the corporate datastream which allows more efficient use of resources and can actually provide a return on the security investment. As the effectiveness of security products has increased, “hackers” have been forced to find alternate methods to circumvent the security perimeter the products form. A common point of attack today is a modem attached to a computer system inside of the security perimeter. These modems may be authorized or unauthorized but are generally inadequately protected. Until now the only method to handle the use of modems was through establishment of policies and an occasional scan to detect lines attached to modems. The need exists to provide a better solution — to provide the telephone network with the same level of visibility and protection now found in the TCP/IP environment. What is required are firewalls, scanners, and intrusion detection systems to patch the holes in computer systems and networks that modems create. Deploying these devices will also provide a view into the telephone network that can provide an actual return on the investment in this arena as well.