Is the modem sitting by her? Sounds like it. Uss the on/off relay for when she isn't using it...
Jim Jonathan Strine wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > First, I am assuming that your user is using the modem on her PC to > *make* the call to the legacy billing system (i.e. the billing system > is not *calling* your user). Also, I am assuming that your user is > using the modem to *directly* connect to the billing system (which > itself handles the incoming call) and not using the modem to connect > to the Internet. > > There should be a way to set the modem NOT to answer incoming calls > (this would probably be an application specific setting or possibly > even on OS setting). This way the modem will never pickup the war > dialing attempt and thus no connection is ever made and no compromise > is possible. Anyone who sees a problem with this method, please let > us know. > > - --- > Jonathan Strine CCNA, MCP > [EMAIL PROTECTED] > PGP Key ID: 0x0A02201C > > | -----Original Message----- > | From: Chris Berry [mailto:[EMAIL PROTECTED]] > | Sent: Friday, June 07, 2002 2:08 PM > | To: [EMAIL PROTECTED] > | Subject: Modem Security > | > | > | > | > | I think I've got my internet connection security coming > | together, but I'm worried about a potential back door. I have one > | worker who > | absolutely > | has to have a modem to contact the legacy system our billing > | service uses. What bothers me is that someone might get clever > | and use a war dialer to find this number and try and hack their > | way around my secure gateway. I'd like to make this more > | difficult or at least have some way to contain the damage. Does > | anyone have any ideas? I thought of possibly > | putting a linux box configured as a firewall between her and the > | rest of the network, but I'd have to have alot of ports open to > | allow all the services she'll need so I don't know if that would > | even help much. > > -----BEGIN PGP SIGNATURE----- > Version: PGP 7.0.4 > > iQA/AwUBPQEzb/xLhPoKAiAcEQKs0ACfYIbtzSINwzNwLah2U9QBcfqoOz4AoJvx > T2v+8a5bKKy24CUZIVA3kiRP > =BCKF > -----END PGP SIGNATURE----- -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566
