ABSTRACT
Given all the movement toward packet-based data commu-
nications, onewould think thatmodems and dial-up commu-
nicationswouldwither like the communist state.Clearly, that
is not the case. There are many reasons. Sometimes, “rogue”
employees want to communicate outside of corporate guide-
lines; servers, power reset devices, HVAC, fire alarms, cer-
tain medical equipment, and many other devices may still
need tobeaccessedviadial-up.Somerouters andDSU/CSUs
areout-of-bandaddressable (i.e.,maintenanceviadial-upcan
beperformedwhentheprimary link isdown).All thesepoints
of contact through the PSTN (public switched telephone net-
work) represent an open target for war-dialing. The dialers
have gotten sophisticated, using massive hacker dictionaries
thatoftencrackapplicationsquickly.Modemsareoften left in
auto-answer mode, so the war dialer is able to collect active
numbers during the night.Thehackerhas his “cupof joe” and
a “hit list” the next morning. The bottom line is that any
organization without strong controls over dial-up lines and
the voice network has a serious back-door exposure. Further
compounding the remote access problem is unauthorized use
ofpcAnywhereandsimilarproducts.Remoteaccessproducts
can be set up with little or no security. With thousands of
employees,many ofwhommaywant to access personal files
on their workstation from home, it is likely that unauthorized
modems/software will exist somewhere inside the network.