|Security Assessment > Risks From Modem Access|
"...most large companies are [probably] more vulnerable through poorly inventoried modem lines than via firewall-protected Internet gateways"¹
Modem access poses a considerable number of risks to your business. Most obviously, it re-exposes your organisation to precisely the threats that your firewall was designed to keep out. Using it from the inside to get out, a modem allows your users to connect directly to the Internet through a dial-up connection. Once connected, information sensitive to your organisation starts to leak out: their user name; the network resources they have access to; the network protocols you use. All of this is useful intelligence to a potential hacker. At the same time, it gives your users the opportunity to download material that you would rather not have on your network. Perhaps material that could seriously damage your company's image. Or trojan horses or viruses, which will wreak further damage elsewhere across your network. (If you think that widespread and cheap broadband Internet access make this extremely unlikely nowadays, just remember that many home users have a monthly bandwidth quota.)
That isn't where it ends. A modem also offers the potential of a direct route in to your network. Often a modem will have been configured explicitly for this purpose. It may have been stipulated by a third party supplier as a precondition of a support contract. Alternatively, it may have just been added by one of your support staff, who is tired of driving 20 miles into work in the middle of the night to resolve a problem that takes 2 minutes to fix. Or it might just be a mobile worker who has found that they occasionally need remote access to some data that they have left on their PC. A modem configured for dial-in access poses a special risk. It allows direct access to one of your systems. Possibly, it might not be a business system, but rather a key element of infrastructure. Nevertheless, the very reason for having the modem might be that the system is of key significance. The telephone number to which it is attached need not even be publicised for it to be vulnerable to attack. All a malicious hacker needs to know is the number of your switchboard. With that, they can guess at the likely range of numbers that you use and just dial each of them in turn until they hit lucky. And it won't even cost them very much to do it, since (like as not) most lines won't answer the call. Only those that they are potentially interested in.
At the very least, an unauthorised modem bought for a few pennies can seriously undermine the many thousands of pounds that you've spent procuring, configuring and monitoring your firewall and intrusion monitoring systems.
At worst, it can mean a significant loss of money or prestige.
Copyright © 2011 Xiscan® Limited. All Rights Reserved.