home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: 14.5 Modems and UNIX Chapter 14
Telephone Security
Next: 15. UUCP
 

14.6 Additional Security for Modems

With today's telephone systems, if you connect your computer's modem to an outside telephone line, then anybody in the world can call it. In the future, the telephone system might be able to easily prevent people from calling your computer's modem unless you have specifically preauthorized them. Until then, we will have to rely on other mechanisms to protect our modems and computers from intruders.

Although usernames and passwords provide a degree of security, they are not foolproof. Users often pick bad passwords, and even good passwords can occasionally be guessed or discovered by other means.

For this reason, a variety of special kinds of modems have been developed that further protect computers from unauthorized access. These modems are more expensive than traditional modems, but they do provide an added degree of security and trust.

  • Password modems. These modems require the caller to enter a password before the modem connects the caller to the computer. As with regular UNIX passwords, the security provided by these modems can be defeated by repeated password guessing or by having an authorized person release his password to somebody who is not authorized. Usually, these modems can only store one to ten passwords. The password stored in the modem should not be the same as the password of any user. Some versions of UNIX can be set up to require special passwords for access by modem. Password modems are probably unnecessary on systems of this kind; the addition of yet another password may be more than your users are prepared to tolerate.

  • Callback setups . As we mentioned earlier in this chapter, these schemes require the caller to enter a username, and then immediately hang up the telephone line. The modem then will call the caller back on a predetermined telephone number. These schemes offer a higher degree of security than regular modems, although they can be defeated by somebody who calls the callback modem at the precise moment that it is trying to make its outgoing telephone call. Most callback modems can only store a few numbers to call back. These modems can also be defeated on some kinds of PBX systems by not hanging up the telephone line when the computer attempts to dial back.

  • Encrypting modems . These modems, which must be used in pairs, encrypt all information transmitted and received over the telephone lines. These modems offer an extremely high degree of security not only against individuals attempting to gain unauthorized access, but also against wiretapping. Some encrypting modems contain preassigned cryptographic "keys" that work only in pairs. Other modems contain keys that can be changed on a routine basis, to further enhance security. ( Chapter 6, Cryptography , contains a complete discussion of encryption.)

  • Caller-ID and ANI schemes. These use a relatively new feature available on many digital telephone switches. As described in the section "" earlier in this chapter, you can use the information provided by the telephone company for logging or controlling access. Already, some commercial firms provide a form of call screening using ANI (Automatic Number Identification) for their 800 numbers (which have had ANI available since the late 1980s). When the user calls the 800 number, the ANI information is checked against a list of authorized phone numbers, and the call is switched to the company's computer only if the number is approved.