-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First, I am assuming that your user is using the modem on her PC to *make* the call to the legacy billing system (i.e. the billing system is not *calling* your user). Also, I am assuming that your user is using the modem to *directly* connect to the billing system (which itself handles the incoming call) and not using the modem to connect to the Internet.
There should be a way to set the modem NOT to answer incoming calls (this would probably be an application specific setting or possibly even on OS setting). This way the modem will never pickup the war dialing attempt and thus no connection is ever made and no compromise is possible. Anyone who sees a problem with this method, please let us know. - --- Jonathan Strine CCNA, MCP [EMAIL PROTECTED] PGP Key ID: 0x0A02201C | -----Original Message----- | From: Chris Berry [mailto:[EMAIL PROTECTED]] | Sent: Friday, June 07, 2002 2:08 PM | To: [EMAIL PROTECTED] | Subject: Modem Security | | | | | I think I've got my internet connection security coming | together, but I'm worried about a potential back door. I have one | worker who | absolutely | has to have a modem to contact the legacy system our billing | service uses. What bothers me is that someone might get clever | and use a war dialer to find this number and try and hack their | way around my secure gateway. I'd like to make this more | difficult or at least have some way to contain the damage. Does | anyone have any ideas? I thought of possibly | putting a linux box configured as a firewall between her and the | rest of the network, but I'd have to have alot of ports open to | allow all the services she'll need so I don't know if that would | even help much. -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPQEzb/xLhPoKAiAcEQKs0ACfYIbtzSINwzNwLah2U9QBcfqoOz4AoJvx T2v+8a5bKKy24CUZIVA3kiRP =BCKF -----END PGP SIGNATURE-----
