I want to step in here as someone who comes from the PC world, as it seems
that most of the people on this list come from a unix background, and a
question like this shows up the paradigm difference between the two
environments.
The key thing to remember about PC's is that traditionally the OS did not
provide any communications services at all, or even manage the com ports for
that matter. (This has changed slightly with Windows 95 and Windows NT).
With a PC, you can't really say "The modem is set to answer at all times".
The operating system doesn't control the modem -- application software does,
and on a PC, that means the user has to start a program.
So the danger is not in having modems installed -- without the proper
application software, the modem is not going to do anything. What you have
to be concerned about is what kinds of software people are using.
The story really revolves around whether you are running DOS (or Windows
3.1) or one of the newer PC operating systems (95 or NT).
Under DOS / Windows 3.1, networking was not part of the operating system,
and it was VERY HARD to get computers to communicate with each other. I
have never seen a setup that allows you to dial into a DOS computer and
route traffic onto a network, and I strongly believe that it is not
possible. And certainly no one would do that on a computer where they also
want to get work done.
The only real danger is remote control programs -- programs like PCAnywhere,
Carbon Copy, etc. that allow a remote user to take over the PC and do
everything that a local user of that PC could do. And that means everything
-- if you want to, you can reboot, repartition the hard disk, or cruise the
LAN. If people insist on using these programs, the remote control progams
all come with security now -- the simplest and most effective measure is to
force callbacks.
Windows NT and Windows 95 have dramatically changed this picture, for two
reasons. One is that network support is now part of the operating system.
Two is that modem/serial port support is also part of the operating system,
and the modem is treated like a special kind of network adapter. This is
great if your job is getting computers to talk to each other -- it's a snap.
It's not so great if your job is securing the network.
If Dial Up Networking or Remote Access Service is enabled on a computer,
it's essentially creating a network card on your network that is available
to anyone with a modem and their own copy of DUN or RAS. I have heard
apparently true stories along the following lines: User uses DUN to connect
to the Internet through an ISP. After a while, he notices that the hard
drive is awfully busy, even though he's doing nothing. He checks the server
manager, and it says that two people are logged in! Very believable, if
you've used Win95. And here's the catch -- the security risk exists even if
you disallow incoming calls.
Another common scenario: Employee has internet access on the LAN at work.
Figures if he puts a modem in his work computer, he can dial into it and get
free internet access at home. With Win95 or NT this works and is easy. The
problem is that it doesn't just give access to the internet -- it gives
access to the LAN.
A final note. A lot of people will try to sell you a modem pool as a
solution to all of your problems. On paper, they look great -- leverage
your existing hardware, centralize communications and security, save on line
charges, etc. The only problem is they don't really work, so users won't
want to use them. I have never used a modem pool that was worth a bucket of
warm spit, and I've used a lot (modem pools, not buckets of spit). In terms
of security, would a modem pool protect you from the situation described two
paragraphs up? No. A modem pool is tolerable for infrequent and casual
use, but anyone who uses online services regularly or needs maximum
reliability should have his own modem and his own phone line.
HTH
>Can someone list the dangers of having modems installed in host PCs. These
modems would have direct outside telephone connections.
>These few PCs are part of a large firewalled network but firewall would not
protect hacking via these modems/PC's.
>What potential dangers are there to the network when:
>- Modem is set to listen for incoming calls at all times.
>- Modem is not set to listen for incoming calls but is host activated/used
for specific outside comms (for example for sending faxes or specific
dial-in to remote systems). Is there a danger whilst the modem is in use and
whilst idle?
>What else to look out for?
>
>Thanks,
>Richard R
>
>
Follow-Ups:
|
|
