[ISN] Forgotten war dialling risk leaves networks in peril

From: InfoSec News (isn@private)
Date: Wed Oct 01 2003 - 01:43:48 PDT

  • Next message: InfoSec News: "Re: [ISN] Technology Firm With Ties to Microsoft Fires Executive Over Criticism"

    Forwarded from: William Knowles <wk@private>
    
    http://www.theregister.co.uk/content/55/33134.html
    
    By John Leyden
    Posted: 30/09/2003 
       
    War Dialling, the scanning of telephone lines to find insecure modems
    that provide a back door route into corporate networks, is ignored as
    a risk by many organisations, security testing outfit NTA Monitor
    warns. The company is calling on organisations to revise their
    procedures to guard against the long established, but still serious,
    security risk.
    
    A survey conducted by NTA Monitor [1] between August and September to
    ascertain awareness among IT and security managers about War Dialling
    discovered 22 per cent of those questioned having no knowledge of the
    issue.
    
    Almost a quarter (24 per cent) of respondents to the survey reported
    that there were unauthorised modems attached to systems at their
    sites. One respondent believed there might be as many as 20 modems
    over which he had no control running over a particular company's
    network.
    
    According to NTA Monitor, modems are found at the end on average at
    0.75 per cent of a corporate organisation's telephone number range.  
    For example, a mid-sized company with a range of 10,000 numbers will
    typically contain 75 modems.
    
    "This should cause major concern, as it only takes one insecure modem
    to permit a hacker to gain access to an organisation's systems," said
    Roy Hills, NTA Monitor’s technical director. "Imagine the situation
    for a company with 5,000 extensions over 20 sites - how can they ever
    be sure that no rogue modems are attached to any of those lines,
    without testing them?"
    
    Crackers exploiting War Dialling use an automated PC and modem
    application to scour a company's switchboard range for insecure modem
    connections.
    
    "War Dialling originally emerged as an issue in the early 80s when
    organisations relied on modems to exchange data between systems. We
    believe it has largely been forgotten about when in reality it is a
    technique that hackers are revisiting as a reaction to increased
    security in corporate networks," Hills added.
    
    A third (34 per cent) of organisations questioned said they had found
    unauthorised modems in the past. Despite this 68 per cent of
    organisations report that they had no controls in place to detect
    modem scanning attempts on their systems. This means they have no way
    of knowing if they've been the target of an attack or if they have any
    insecure modems attached to systems at their site, NTA Monitor argues.
    
    NTA Monitor recommends that organisations use a PBX firewall, PBX log
    or other such control in place to keep track of any attempts to hack
    into your system using a War Dialling technique. It also advises
    management to raise awareness of War Dialling amongst staff as a
    security issue by educating staff of the risks of attaching modems to
    the network and by tying modem security policies into staff contracts.
    
    [1] http://www.nta-monitor.com/war-dialling/
     
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Oct 01 2003 - 03:56:55 PDT