On Tue, 10 Sep 1996, Nick Keenan wrote:
> With a PC, you can't really say "The modem is set to answer at all times".
> The operating system doesn't control the modem -- application software does,
> and on a PC, that means the user has to start a program.
A lot of modems have a toggle switch that will force the modem to
automatically answer the phone. I am not aware of much that you could do
by simply being connected to the modem without communications software
running, but I would still try to prevent this from happening.
> Another common scenario: Employee has internet access on the LAN at work.
> Figures if he puts a modem in his work computer, he can dial into it and get
> free internet access at home. With Win95 or NT this works and is easy. The
> problem is that it doesn't just give access to the internet -- it gives
> access to the LAN.
That depends. You can configure Win95 to only give specific
protocols, so if you wanted Internet access but not Novell access, you
could allow TCP/IP but disallow IPX.
> A final note. A lot of people will try to sell you a modem pool as a
> solution to all of your problems. On paper, they look great -- leverage
> your existing hardware, centralize communications and security, save on line
> charges, etc. The only problem is they don't really work, so users won't
> want to use them. I have never used a modem pool that was worth a bucket of
> warm spit, and I've used a lot (modem pools, not buckets of spit). In terms
> of security, would a modem pool protect you from the situation described two
> paragraphs up? No. A modem pool is tolerable for infrequent and casual
> use, but anyone who uses online services regularly or needs maximum
> reliability should have his own modem and his own phone line.
Maybe you and I have different ideas about modem pools, but I haven't
had much trouble with the ones that I've dealt with. Some of the newer
products from Shiva, USR, Hayes, etc. are usually okay for most
[ Bruce M. - Feist Systems, Inc. ]
'DISA information shows that computer attacks on the
Department of Defense are successful 65 percent of the time.
The DoD, despite its problems, probably has one of the strongest
computer security programs in government.' -GAO/T-AIMD-96-108