A.11 Chapter 10: Modems and Dialup Security

• Make sure that incoming modems automatically log out the user if the telephone call is interrupted.

• Make sure that incoming modems automatically hang up on an incoming call if the caller logs out or if the caller's login process is killed.

• Make sure that outgoing modems hang up on the outgoing call if the tip or cu programs are exited.

• Make sure that the tip or cu programs automatically exit if the user is logged out of the remote machine or if the telephone call is interrupted.

• Make sure that there is no way for the local user to reprogram the modem. Disable any remote configuration or testing features.

• Greet incoming connections with an appropriate banner.

• Do not install call-forwarding on any of your incoming lines.

• Consider getting CALLER-ID/ANI to trace incoming calls automatically. Log the numbers that call your system.

• Physically protect the modems and phone lines.

• Disable third-party billing and call-forwarding on your modem lines. Don't order long-distance service on modem lines that don't need it.

• Consider getting leased lines, callback modems, or telephone firewalls.

• Consider using separate callout telephone lines with no dial-in capability for callback schemes.

• Check permissions on all associated devices and configuration files.

• Consider using encrypting modems with fixed keys to guard against unauthorized use or eavesdropping.

• Use a telephone scanner to search for unauthorized modems.

• Consider changing your modem phone numbers periodically.