Chapter 10. Modems and Dialup Security
In this
age of the Internet, there are still many reasons to be concerned
with the security of modems and dialup services. Because dialup
services are easy to set up and cheap to maintain, there are many
that are still in operation—some of which have been in
operation for a decade or more. Likewise, even with the wide
availability of local area networks and high-speed connections, there
are many reasons that you might wish to set up your own
modem-based network connections:
You can have administrators do some remote maintenance and
administration when they are "on
call." Hardwired modems frequently allow access to
communications and infrastructure equipment even when network
connections are down.
If some people in your organization travel frequently, or if they
travel to rural areas, they might want to use a modem to access the
computer when they're out of town, rather than
incurring the expense and complication of dealing with nation-wide
Internet service providers. A direct connection to your
company's modems may be more private as well.
When properly configured, a dialup service can provide limited access
to the system for remote users without incurring all of the risks of
an open network connection.
If people in your organization want to use the computer from their
homes after hours or on weekends, a modem will allow them to do so.
Some organizations believe that they can provide their own dialup
service in a manner that is more cost-effective than using outside
ISPs. Other organizations, such as universities, wish to provide
"free" dialup for their members and
have no mechanism in place for outsourced dialup access.
Despite these benefits, modems come with many risks. Because people
routinely use modems to transmit their usernames and passwords, you
should ensure that your modems and terminal servers are properly
installed, behave properly, and do exactly what they should—and
nothing else.
Furthermore, because dialup services can be set up with a simple
analog phone line or even a cell phone, they can be enabled by an
individual without the knowledge or the authorization of an
organization's management. And because Unix is so
good at providing dialup access, many Unix systems that are provided
with a modem for fax transmission or to access remote, non-networked
systems are inadvertently providing dialup access—sometimes
without the knowledge of the system's own
administrator.
|