Firewalls: Re: Modem hacking

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Modem hacking
From:	"Bruce M." <bkmarsh @ feist . com>
Date:	Tue, 10 Sep 1996 15:01:26 -0500 (CDT)
To:	firewalls @ greatcircle . com
In-reply-to:	<15204964000630 @ gsionline . com>

On Tue, 10 Sep 1996, Nick Keenan wrote:

> With a PC, you can't really say "The modem is set to answer at all times".
> The operating system doesn't control the modem -- application software does,
> and on a PC, that means the user has to start a program.

    A lot of modems have a toggle switch that will force the modem to 
automatically answer the phone.  I am not aware of much that you could do 
by simply being connected to the modem without communications software 
running, but I would still try to prevent this from happening.

> Another common scenario:  Employee has internet access on the LAN at work.
> Figures if he puts a modem in his work computer, he can dial into it and get
> free internet access at home.  With Win95 or NT this works and is easy.  The
> problem is that it doesn't just give access to the internet -- it gives
> access to the LAN.

    That depends.  You can configure Win95 to only give specific 
protocols, so if you wanted Internet access but not Novell access, you 
could allow TCP/IP but disallow IPX.

> A final note.  A lot of people will try to sell you a modem pool as a
> solution to all of your problems.  On paper, they look great -- leverage
> your existing hardware, centralize communications and security, save on line
> charges, etc.  The only problem is they don't really work, so users won't
> want to use them.  I have never used a modem pool that was worth a bucket of
> warm spit, and I've used a lot (modem pools, not buckets of spit).  In terms
> of security, would a modem pool protect you from the situation described two
> paragraphs up?  No.  A modem pool is tolerable for infrequent and casual
> use, but anyone who uses online services regularly or needs maximum
> reliability should have his own modem and his own phone line.

    Maybe you and I have different ideas about modem pools, but I haven't 
had much trouble with the ones that I've dealt with.  Some of the newer 
products from Shiva, USR, Hayes, etc. are usually okay for most 
businesses.

                       ________________________________
                      [ Bruce M. - Feist Systems, Inc. ]
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
             'DISA information shows that computer attacks on the 
          Department of Defense are successful 65 percent of the time.
        The DoD, despite its problems, probably has one of the strongest
         computer security programs in government.' -GAO/T-AIMD-96-108

References:

Re: Modem hacking
From: nkeenan @ gsionline . com (Nick Keenan)

Indexed By Date	Previous:	Remove From: andrew @ cnsii . com (Andrew Liles)
Indexed By Date	Next:	Re: Modem hacking From: Mike Stoico <mstoico @ metlife . com>
Indexed By Thread	Previous:	Re: Modem hacking From: nkeenan @ gsionline . com (Nick Keenan)
Indexed By Thread	Next:	Re: Modem hacking From: Mike Stoico <mstoico @ metlife . com>