HostedDB - Dedicated UNIX Servers
UnauthorizedModems_8
Protecting Data Networks by Securing Telephone Networks 7 able to penetrate a system in less than two hours. “Firewalls are the biggest form of false security” was the conclusion arrived at by David Rivera, a computer expert from Coopers & Lybrand who had been hired specifically for this test by Fortune to ensure the target company’s computers were not inadvertently damaged by Wheelgroup during the test. [2] Wheelgroup is not the only security firm that has employed this method to access targeted computer networks. Mark Abene, originally known for his “hacking” exploits under the handle of phiber optik but now a computer security consultant, has described very similar techniques to penetrate a corporate network. After first obtaining as much information as he can about the target and its computer systems and network, Abene attempts to identify any dial-up terminal servers or workstations with directly connected modems. He has stated: Dial-up access through a terminal server ensures that we will not be locked out of the network if the organization discovers it is under attack and decides to shut off all Internet access. Dial-up lines are almost always overlooked by security administrators or are managed by a separate group with minimal communication between the two groups. As an added bonus, most organizations rely on remote dial-up access, rather than Internet connections, as part of their core business and will not shut it down – even in the event of an attack. And it is very difficult to change all dial-up passwords and notify the users in a short period of time. It is also rare for an organization to have any significant monitoring capability for dial-up usage. This gives us a stealthy and almost guaranteed way into their network. [1] Abene also addressed the issue of rogue modems—modems that are not authorized by the organization, but have been connected to a computer system by an employee, usually with good intentions. Abene stated: As all seasoned network professionals know, there’s always at least one employee who decides to set up his or her own remote access to a desktop machine using Symantec Corp.’s pc ANYWHERE or a similar product without a password. [1] The extent of the problem posed by rogue modems was amply demonstrated by Peter Shipley in 1998. At DEFCON (an annual “hacker” convention) Shipley discussed an experiment in war dialing which he had conducted. In the experiment he instructed his computer to dial 5.3 million phones in the San Francisco Bay area looking for computers connected to modems. He found numerous modems including ones that allowed him access to the environmental controls for a large building as well as a fire department’s deployment system. He further stated 75 percent of the computer systems accessible via modem were insecure enough for an intruder to penetrate the system. This is not just a theoretical vulnerability. It is actually actively being exploited today. A good example of this is the story about “jester” described at the beginning of this paper. This is not an isolated case. There have been many other cases of intrusion via modem. As another example, an organization hired the Global Security Analysis Laboratory at IBM to perform an analysis of their computer system’s security. The analysis team found the system had indeed been penetrated. The computer was supposed to maintain client medical records. Instead, the team found approximately two gigabytes of pornographic pictures and very few medical records! [13] Further investigation revealed the “hackers” had penetrated the system via the modem attached to the system and had posted the phone number in the computer “underground” so others could take advantage of it too.