Modem Intruders

When developing your security plan, include policies for modems. Security threats include numerous modem vulnerabilities involving authorized and unauthorized modem use, often resulting in wide open back doors into the data network, voice systems or other critical infrastructure assets.

But it is not uncommon for users in corporate networks to connect modems to their computers - most laptops have them built-in and modems can be found in server rooms. Any modem is a potential point of entry for an attacker. While the physical defense perimeter of an office is set up by brick walls and security guards, the network perimeter is set up with firewalls and a closed network. This perimeter is compromised when there are modems involved.

Most modems have support for allowing people to dial in. If the computer is running popular software such as PC Anywhere, a Unix console, or even a PPP server, anyone who can dial-in can gain complete control over the system.

War-Dialing for Dollars

The practice commonly known as "war-dialing" lets attackers discover your modem and brute-force it until access is granted. A typical war dial is performed in two phases, a modem identification followed by exploiting modem vulnerabilities. The modem number need not be published to be vulnerable; there are programs capable of dialing hundreds of numbers an hour looking for a dial tone, working from the assumption that modem lines to a business probably use the same exchange as voice lines. These modems can be anywhere on your network, from public dial-in modems for your workers, to modems on employee laptops that were installed without management's authorization. Every one of these modems is a gateway to your critical data.

How NeXpose Helps

NeXpose can help you identify unauthorized modems that enable dial-in, which effectively bypass the firewalls and filtering routers in place to protect the internal corporate infrastructure.