My concerns are:
1) Remote PC, PC Anywhere (and similar products), someone could guess the password
or worse the system doesn't have a password. Once in, they're on your net
completely around any other barriers put up on the outside.
2) Some PC packages can be configured to route IP traffic. There are people
who consider their personal connectivity to be more important (to them) than
any security considerations someone else (like management) might have.
3) I don't mind dial-out capability only. If people really need this, then
I recommend a modem pooling solution where dial-ins are met with either no
answer, or a secured login prompt of some sort administered by people who
know what they are doing.
As a backup proposition (meaning if you HAVE to allow dial-ins), then set the
modem to not answer until 10 or 12 rings. This is VERY WEAK security, but it
will generally not answer demon-dialers which give up after 3-5 rings.
In addition, get a demon-dialer yourself, and scan all incoming phone lines
on a regular basis, and when you find modems that answer the phone, contact
the owner/operator of said modem, and insist that they beef up their security.