RE: Security and Modems

From: Heather Flanagan (HeathFla@reciprocal.com)
Date: 09/06/01


Message-ID: <C4E826E59C02D311985B00500463D90BDA94FB@SNS2XCH>
From: Heather Flanagan <HeathFla@reciprocal.com>
To: 'Gary Mulder ' <gary@cgen.com>, 'Lisa Bogar ' <lbogar@gemini.oscs.montana.edu>
Subject: RE: Security and Modems
Date: Wed, 5 Sep 2001 21:36:02 -0400 


 Only one comment - I hope they are not using this for convenience in
getting around a corporate firewall, so they have their own back door in to
their system?

-----Original Message-----
From: Gary Mulder
To: Lisa Bogar
Cc: focus-sun@securityfocus.com
Sent: 9/5/01 11:20 AM
Subject: Re: Security and Modems

Lisa,

We're using callback with the US Robotics V.Everything modems on an
Ultra 60
and an Ultra 10. The only major problem we had (which may be
Solaris-related)
is that we could not connect at 38400 baud. 9600 baud seems to work
fine.

I can't say much about how secure it is, but I did a quick search and
didn't
see anybody talking about hacking the V.Everything callback. It only
allows you
three attempts at entering a password before dropping the connection, so
it
would take a long time to brute-force hack.

The callback seems to work fine (takes about 75 secs to call back). It
uses
pulse dialing rather than tone dialing, which US Robotics Support could
not
help me change. I think most phone switches still support pulse dialing,
so
this shouldn't be an issue.

Setup-wise, the printed documentation is useless. Somewhere on the
driver CD is
a directory of PDF docs that include complete instructions on how to set
up
callback.

Gary

Lisa Bogar wrote:
>
> I have a client who wants to install a V.Everything 56K Analog
Corporate
> Modem on their Sun Ultra 80. I was wondering if anyone has experience
> with the modem and in particular connecting it to an Ultra 80. In the
> specs it touts caller authorization and dial-back security features
and I
> would like to know how effective these are and also any redflags
anyone
> might have with this feature.
>
> In general, does anyone have some other features they have implemented
to
> secure access to the machine via a modem? Any resources or
suggestions
> are appreciated.
>
> Thanks,
> Lisa

-- 
Gary Mulder
System Administrator,
Compugen, Inc.
http://www.cgen.com



Relevant Pages

  • Re: Are Multi-Function Printers a Security Risk?
    ... MFP a security risk. ... Fax modems are a huge security hole, ...
    (microsoft.public.security)
  • Re: Security Posture Assessment
    ... > The best modems to me seem to be US Robotics Sportster Modems. ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
    (Pen-Test)
  • Re: All in one fax security
    ... The one that says "No networked devices should have modems"? ... If the company doesn't trust the devices, then it doesn't want them - ... Did I ask you for security guidelines, or did I ask 'SA' for his/her ...
    (alt.computer.security)
  • Re: serial interface PCI card for UltraSPARC
    ... supported under Solaris in an UltraSPARC PCI machine? ... No need for any fancy high-speed options, just for modems, UPS, etc. ...
    (comp.sys.sun.hardware)
  • Re: modem direct connection ?
    ... If so just setup ... This will be faster than using modems. ... Callback is actually part of mgetty if enabled. ...
    (alt.os.linux.suse)