1 / 29

Wardialing and Modem Security

Wardialing and Modem Security. Lesson 19. From Maximum Security , 3ed. Page 627, items that will make an intruder’s life a little harder and your data a little more secure:

tehya
Download Presentation

Wardialing and Modem Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wardialing and Modem Security Lesson 19

  2. From Maximum Security, 3ed • Page 627, items that will make an intruder’s life a little harder and your data a little more secure: • “Do restrict or forbid the use of modems on desktops; they are the number one method of bypassing your organization’s security checkpoints.” • “Do remember that your phone PBXs also must be secured.”

  3. Networks Crunchy on the Outside……Chewy on the Inside

  4. What is the Network? There is a growing connectivity between the Data Network and the Telephone Network Network Security TechnologiesHave Focused Almost Entirely on the TCP/IP Network… The Weakest Link is Now the Phone Network.

  5. The Data Network • One pipe • High speed • Thousands of connections • Controlled and monitored • One chokepoint Cat V … your Internet connection is just a dedicated, high-speed telephone line.

  6. The Telephone Network Public Switched Telephone Network (PSTN) • Thousands of pipes • Low speed • Uncontrolled • Unmonitored • No chokepoint … think of your telephone network as thousands of low-speed internet connections.

  7. Attacker IntrusionDetection Firewall The TCP/IP Network Internet Router WebServer Users

  8. The Actual Network Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  9. Security in The Actual Network Attacker Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  10. Attacker “2-4% of all telephone lines have active modems” Security in The Actual Network Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  11. Proprietary data can be uploaded by users Virus protection mechanisms can be circumvented Unauthorized access to ISP’s Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  12. Wardialers • Step 1, Phone number footprinting • Public Domains Wardialers • ToneLoc • THC • Commercial • PhoneSweep • TeleSweep Secure

  13. War Dialing the ‘Bay’ • In ’97, Peter Shipley dialed the San Francisco Bay area looking for systems answered by a modem. He eventually finished the entire range but the final report hasn’t been published. Early results reported, however, included: • 1.4 million numbers dialed • 500 an hour, 12,000 a day • 14,000 of the lines dialed were reportedly modems

  14. Some interesting results: • An East Bay medical facility gave unrestricted modem access to patient records. • An Internet company offering financial services did not require a password to modify its modem-accessible firewall. • A Fortune 100 company’s air conditioner and environmental control units could be easily changed by modem allowing lights to be turned off or heating/air conditioning to be changed. • Only 3 of every 1000 modem lines he checked posted a warning banner (a requirement for gov. machines). • Some of the welcome banners gave the name of the operating system, release, and name of corporation.

  15. Carrier Exploitation Once you have a number, now what? Check the wardialing log, you can get some clues, then dial back. CONNECT 57600 HP995-400: Expected a HELLO command. (CIERR 6057) Many default sequences (e.g. HP MPE-XL systems) CONNECT 57600 HP995-400: HELLO FIELD.SUPPORT PASSWORD=TeleSup Default for pcAnywhere -- no password/userid and…you can always try brute force password guessing if nothing else works!

  16. The Current Prevention Approach • Policy • Scanning (ad hoc War Dialing) • Administrative Action

  17. Current Scanning Challenge • Window of Visibility • Time / Scalability • Vulnerability Measurement • Cost (Long Distance Charges) • Data Collection and Consolidation • Logging / Reporting

  18. Solution A better approach than the ad-hoc wardialing, is to apply the same type of control that is found on the IP network to the telephone network. Thus, the solution is a firewall for the telephone network

  19. The Telephone Network Public Switched Telephone Network (PSTN) • Thousands of pipes • Low speed • Uncontrolled • Unmonitored • No chokepoint … think of your telephone network as thousands of low-speed internet connections.

  20. A Firewall for Phone Lines Public Switched Telephone Network (PSTN) Phone Firewall • One virtual pipe • Controlled and monitored … get your hands around the problem, and take control of the telephone network.

  21. Voice Modem Fax • Detect • Log • Alarm • Block Telecom Firewall Remote Enterprise-wide Telecom Firewall Protection Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  22. Attacker Voice Modem Fax • Detect • Log • Alarm • Block TelecomFirewall Remote Enterprise-wide Telecom Firewall Protection Internet Public Telephone Network Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  23. TeleWall Telecommunications Firewall

  24. Protect Phone-to-Switch • Telephone fraud is a tremendous problem (1999: $5B) • Most PBX’s have a remote dial-up port for maintenance purposes. • Often protected with a numeric password • The same device used to protect against attacks to unauthorized modems can be used to protect the PBX as well.

  25. PBX Hacking • Dial-up connections are the most frequent means of remotely managing a PBX. Also frequently used for vendor external support. • Just like computers with default passwords, PBX’s often have default access codes. • What companies should do is remove defaults and if a problem occurs, then provide access code to vendor, unfortunately…this seldom is done.

  26. Attacker DTMF Signaling Detection • Detect • Log • Alarm • Block Telecom Firewall Remote Enterprise-wide Telecom Firewall Protection Internet Public TelephoneNetwork Router WebServer IntrusionDetection Firewall RAS(Dial-in Servers) Users PBX

  27. GW 10/100 PBX PSTN IP Telephony Security Issues Router Internet User Connected Modem (IP Phone)

  28. Telecommunication Firewalls • Log call progress • Characterize call traffic • Enforce Security and Usage Policy • Control remote maintenance facility and port access • Report resource utilization • Fraud detection/prevention • Trunk line status and usage • Emergency notification • ROI • Protection of VoIP

  29. Extensions to Telecomm Firewalls • Telephone bill reconciliation package. • Secure Voice • Secure VoIP • Additional ‘password’ (DTMF signaling) for increased security. • Securing of SCADA (Supervisory Control and Data Acquisition) systems. • Roosevelt Dam in Arizona

More Related