Re: Security and Modems

From: Gary Mulder (gary@cgen.com)
Date: 09/05/01 

Message-ID: <3B9642BE.44DA2CED@cgen.com>
Date: Wed, 05 Sep 2001 11:20:30 -0400
From: Gary Mulder <gary@cgen.com>
To: Lisa Bogar <lbogar@gemini.oscs.montana.edu>
Subject: Re: Security and Modems

Lisa,

We're using callback with the US Robotics V.Everything modems on an Ultra 60
and an Ultra 10. The only major problem we had (which may be Solaris-related)
is that we could not connect at 38400 baud. 9600 baud seems to work fine.

I can't say much about how secure it is, but I did a quick search and didn't
see anybody talking about hacking the V.Everything callback. It only allows you
three attempts at entering a password before dropping the connection, so it
would take a long time to brute-force hack.

The callback seems to work fine (takes about 75 secs to call back). It uses
pulse dialing rather than tone dialing, which US Robotics Support could not
help me change. I think most phone switches still support pulse dialing, so
this shouldn't be an issue.

Setup-wise, the printed documentation is useless. Somewhere on the driver CD is
a directory of PDF docs that include complete instructions on how to set up
callback.

Gary

Lisa Bogar wrote:
>
> I have a client who wants to install a V.Everything 56K Analog Corporate
> Modem on their Sun Ultra 80. I was wondering if anyone has experience
> with the modem and in particular connecting it to an Ultra 80. In the
> specs it touts caller authorization and dial-back security features and I
> would like to know how effective these are and also any redflags anyone
> might have with this feature.
>
> In general, does anyone have some other features they have implemented to
> secure access to the machine via a modem? Any resources or suggestions
> are appreciated.
>
> Thanks,
> Lisa 

-- 
Gary Mulder
System Administrator,
Compugen, Inc.
http://www.cgen.com