A.11 Chapter 10: Modems and Dialup Security

  • Make sure that incoming modems automatically log out the user if the telephone call is interrupted.

  • Make sure that incoming modems automatically hang up on an incoming call if the caller logs out or if the caller's login process is killed.

  • Make sure that outgoing modems hang up on the outgoing call if the tip or cu programs are exited.

  • Make sure that the tip or cu programs automatically exit if the user is logged out of the remote machine or if the telephone call is interrupted.

  • Make sure that there is no way for the local user to reprogram the modem. Disable any remote configuration or testing features.

  • Greet incoming connections with an appropriate banner.

  • Do not install call-forwarding on any of your incoming lines.

  • Consider getting CALLER-ID/ANI to trace incoming calls automatically. Log the numbers that call your system.

  • Physically protect the modems and phone lines.

  • Disable third-party billing and call-forwarding on your modem lines. Don't order long-distance service on modem lines that don't need it.

  • Consider getting leased lines, callback modems, or telephone firewalls.

  • Consider using separate callout telephone lines with no dial-in capability for callback schemes.

  • Check permissions on all associated devices and configuration files.

  • Consider using encrypting modems with fixed keys to guard against unauthorized use or eavesdropping.

  • Use a telephone scanner to search for unauthorized modems.

  • Consider changing your modem phone numbers periodically.

    Part VI: Appendixes