Dial up access problem - not a (solution)

From: Bruce ER Ballard (bruce.ballard@catalysta.co.uk)
Date: 05/28/02


From: "Bruce ER Ballard" <bruce.ballard@catalysta.co.uk>
To: <miloskv1@netscape.net>, <rpmiranda@sonae.pt>
Date: Tue, 28 May 2002 16:37:42 +0100

miloskvi1@netscape.net says:

>"Yes of course you can do something like that. You can use callback option
so your
>RAS server (machine Y) would call back your client (machine X) on some
>predefined number. In that case your problem is solved.

>Everybody can call your RAS server and RAS will terminate session and
>call for example 555-4321 (that is the number you define). So... only one
>person can dial from that number and that is your client (machine X).
> If Client dial up from another computer (from number 555-4322, RAS will
answer on 555-4321 and client X will not be able to log in)"

This is not an entirely secure solution.It is relatively simple to construct
a device that will hold the line open, simulate a dial tone and allow the
modem on the secure system to "call back" to this simulation, bypassing the
call-back security. I have had this demonstrated to me.
To overcome this, you must ensure your dial-in modems are on physically
separate circuits from your dial-back modems. Your dial-back modems must be
set to withold caller ID as well (in the UK this is a 1470 prefix, what it
is in the US I am sure somebody can tell me).

Bruce Ballard
IT Director, Catalysta Ltd http://www.catalysta.co.uk