Tip

Watch out for modem pools

We have previously offered networking administration tips that discussed the concepts of securing the servers on your network, and securing the routers on the network as well. This tip, excerpted from Managing IP Networks with Cisco Routers

    Requires Free Membership to View

, by Scott M. Ballew, discusses some of the things that you can do to enhance the security of your network, given that you have a pool of dial-up modems that allows users access to your network from locations outside the firewall. This can be a major security nightmare, but this tip offers some cooling thoughts.

The subjects of network management and network security will be discussed in great detail in our upcoming FREE conference, Networking Decisions, which will be held in Chicago on October 16 - 18. Click here to register for the conference.


The most often overlooked source of security problems is not your permanent external links. This dubious honor is reserved for your dial-0up morel pools. These are often placed at the heart of your network, with little or no security restrictions placed between them and your network. Once you realize that there are far more machines with modems in the world than machines attached to the Internet, you should see why dial-up modems are a major security threat. One network I know was taking great pains to ensure that it wasn't possible to access certain sensitive machines from public access sites elsewhere on the network, yet it had a dial-up modem pool with absolutely no user authentication that was permitted access. The public access sites were far less of a security threat than their own modems, because an intruder working from the public access sites might at least be noticed by witnesses.

To fend off this threat to your network's security, you can do several things. First, never allow unauthenticated use of your dial-up modems. At a minimum, have the caller identify himself to the system and provide a password, even if these are never checked. This gives the appearance of security, and may chase off the casual attacker. Better would be to have your dial-up servers validate the user and password, perhaps using one of the remote authentication services listed earlier. But that still may not be enough. When that isn't enough, consider having your dial-up servers call back the user after establishing their identity. This way, even a captured user name and password are only valid from a specific location. However, dial-back modems don't work well if your users are moving around a lot. If none of these solutions is feasible or adequate, your only choice may be to treat your dial-up modems as if they were part of the outside world, and put them outside of your firewall. While inconvenient to your legitimate users, placing a modem pool outside the firewall isolates a major security problem from your network.


This was first published in August 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.