Chapter 10. Modems and Dialup Security

In this age of the Internet, there are still many reasons to be concerned with the security of modems and dialup services. Because dialup services are easy to set up and cheap to maintain, there are many that are still in operation?some of which have been in operation for a decade or more. Likewise, even with the wide availability of local area networks and high-speed connections, there are many reasons that you might wish to set up your own modem-based network connections:

  • You can have administrators do some remote maintenance and administration when they are "on call." Hardwired modems frequently allow access to communications and infrastructure equipment even when network connections are down.

  • If some people in your organization travel frequently, or if they travel to rural areas, they might want to use a modem to access the computer when they're out of town, rather than incurring the expense and complication of dealing with nation-wide Internet service providers. A direct connection to your company's modems may be more private as well.

  • When properly configured, a dialup service can provide limited access to the system for remote users without incurring all of the risks of an open network connection.

  • If people in your organization want to use the computer from their homes after hours or on weekends, a modem will allow them to do so. Some organizations believe that they can provide their own dialup service in a manner that is more cost-effective than using outside ISPs. Other organizations, such as universities, wish to provide "free" dialup for their members and have no mechanism in place for outsourced dialup access.

Despite these benefits, modems come with many risks. Because people routinely use modems to transmit their usernames and passwords, you should ensure that your modems and terminal servers are properly installed, behave properly, and do exactly what they should?and nothing else.

Furthermore, because dialup services can be set up with a simple analog phone line or even a cell phone, they can be enabled by an individual without the knowledge or the authorization of an organization's management. And because Unix is so good at providing dialup access, many Unix systems that are provided with a modem for fax transmission or to access remote, non-networked systems are inadvertently providing dialup access?sometimes without the knowledge of the system's own administrator.

    Part VI: Appendixes