RE: Security and Modems

From: Heather Flanagan (HeathFla@reciprocal.com)
Date: 09/06/01


Message-ID: <C4E826E59C02D311985B00500463D90BDA94FB@SNS2XCH>
From: Heather Flanagan <HeathFla@reciprocal.com>
To: 'Gary Mulder ' <gary@cgen.com>, 'Lisa Bogar ' <lbogar@gemini.oscs.montana.edu>
Subject: RE: Security and Modems
Date: Wed, 5 Sep 2001 21:36:02 -0400 


 Only one comment - I hope they are not using this for convenience in
getting around a corporate firewall, so they have their own back door in to
their system?

-----Original Message-----
From: Gary Mulder
To: Lisa Bogar
Cc: focus-sun@securityfocus.com
Sent: 9/5/01 11:20 AM
Subject: Re: Security and Modems

Lisa,

We're using callback with the US Robotics V.Everything modems on an
Ultra 60
and an Ultra 10. The only major problem we had (which may be
Solaris-related)
is that we could not connect at 38400 baud. 9600 baud seems to work
fine.

I can't say much about how secure it is, but I did a quick search and
didn't
see anybody talking about hacking the V.Everything callback. It only
allows you
three attempts at entering a password before dropping the connection, so
it
would take a long time to brute-force hack.

The callback seems to work fine (takes about 75 secs to call back). It
uses
pulse dialing rather than tone dialing, which US Robotics Support could
not
help me change. I think most phone switches still support pulse dialing,
so
this shouldn't be an issue.

Setup-wise, the printed documentation is useless. Somewhere on the
driver CD is
a directory of PDF docs that include complete instructions on how to set
up
callback.

Gary

Lisa Bogar wrote:
>
> I have a client who wants to install a V.Everything 56K Analog
Corporate
> Modem on their Sun Ultra 80. I was wondering if anyone has experience
> with the modem and in particular connecting it to an Ultra 80. In the
> specs it touts caller authorization and dial-back security features
and I
> would like to know how effective these are and also any redflags
anyone
> might have with this feature.
>
> In general, does anyone have some other features they have implemented
to
> secure access to the machine via a modem? Any resources or
suggestions
> are appreciated.
>
> Thanks,
> Lisa

-- 
Gary Mulder
System Administrator,
Compugen, Inc.
http://www.cgen.com