Firewalls: Re: Modem hacking

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Modem hacking
From:	Benedikt Stockebrand <benedikt @ devnull . ruhr . de>
Date:	11 Sep 1996 15:25:29 +0200
To:	peter @ baileynm . com, firewalls @ GreatCircle . COM
In-reply-to:	peter @ baileynm . com's message of Tue, 10 Sep 1996 10:35:49 -0500 (CDT)
References:	<9609101535 . AA29423 @ sonic . nmti . com . nmti . com>

peter @
 baileynm .
 com (Peter da Silva) writes:

> > Just tell the employees that it is untolerable to hook up a modem without 
> > authorization just like it would be untolerable to use company money for 
> > personal purchases without authorization.
> 
> And for the cases where they *do* have authorization?
> 
> This doesn't solve the problem of supporting dial-out where there's a real
> business need.

If you need to support modems you've got a lot of decisions to make,
including:

- Do you need Dial-in access?  
- Do you need Dial-out access?  
- Which services are needed?  
- Which users need access?  
- Can you possibly deny all users direct access to the modem server
  (like if you just want to allow customers do download stuff)?
- Do the modems need to be hooked up to some user machine or can you
  get away with a dedicated modem server under your immediate control?
- Do you have to place that modem server inside your trusted network or
  can you put it inside your DMZ?
- How much money can you get for additional hardware, and what
  hardware can you already use for this?  (Getting a dial-out only PBX
  and/or a drop-safe loghost for the modem server may depend on this.)

There are only two things you should stick to universally: Be as
paranoid as possible (as usual when dealing with fire) and make sure
that any user who gets access to the modems knows that he's petting a
very dangerous beast (which may be a hard bit of work).  If possible,
make them sign some kind of acknowledgment.

Everything else depends on your specific requirements, so your
question can't be answered in a general way.

> (we simply run digital-only lines to offices unless there's a business need
>  for a second analog line)

Not sure if we're talking about the same stuff, but at least in Europe
you can get ISDN cards for less than (the equivalent of) US$ 65.

So long,

    Ben

-- 
Ben(edikt)? Stockebrand    Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes.  Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.

References:

Re: Modem hacking
From: peter @ baileynm . com (Peter da Silva)

Indexed By Date	Previous:	Re: SQL through firewall From: kenng @ kpmg . com
Indexed By Date	Next:	Re: SYN floods continue (fwd) From: amolitor @ anubis . network . com (Andrew Molitor)
Indexed By Thread	Previous:	Re: Modem hacking From: Ian Wade <ian @ dowrmain . demon . co . uk>
Indexed By Thread	Next:	Re: Modem hacking From: mark <mark @ novare . net>