Risk Factory: Modems the Forgotten Back Door


Published on

The easiest way to get into a system - yet never addressed in testing.

Published in: Technology
1 Comment
  • If nothing else it will remind you of the timeless talent of Rick James.
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • First hacker movie – set the mould. Established the archetype Based on a true story 16 year old broke into Pentagon systems Original screen play written in 1979 Stephen Falken = Stephen Hawking To have been played by John Lennon Made it cool to be a geek
  • War dialer = term coined from movie
  • War dialer = term coined from movie
  • Old news Like …… never fades away – gets re-worked
  • This is why you should be concerned
  • Risk Factory: Modems the Forgotten Back Door

    1. “SuperPhreak”Modems: The Forgotten Backdoor
    2. A Day in the Life
    3. Remember the 80’s ? 1980John Lennon shotPac-ManSuper TrouperEmpire StrikesBack
    4. Remember the 80’s ? 1980 1981John Lennon shot JR Ewing shotPac-Man Rubiks CubeSuper Trouper Super FreakEmpire Strikes Raiders Lost ArkBack
    5. Remember the 80’s ? 1980 1981 1982John Lennon shot JR Ewing shot Reagan shotPac-Man Rubiks Cube Trivial PursuitSuper Trouper Super Freak Don’t You Want MeEmpire Strikes Raiders Lost ArkBack Tootsie
    6. Remember the 80’s ? 1980 1981 1982 1983John Lennon shot JR Ewing shot Reagan shot My knees shotPac-Man Rubiks Cube Trivial Pursuit Cabbage Patch KidsSuper Trouper Super Freak Don’t You Want Me ThrillerEmpire Strikes Raiders Lost ArkBack Tootsie War Games
    7. Spark That Lit The FireSales of modemsincreased by a factorof 500 within 3 Publicmonths of the releaseof the film “WarGames” Private
    8. Remember When?Our biggest vulnerability Our biggest threat Public Private
    9. Super Phreaky – Yoaw!Phreak = "phone" + "freak"."Phreak", "phreaker“= names for peoplewho participate in phreakingPhreaking = studying, experimenting with,or exploring telecoms systems,equipment or systems connected totelephone networks. Linked to hackingwhen networks went computerised.Now called the H/P culture(Hacking and Phreaking).
    10. War Dialer Process1. Obtain exchanges2. Configure & run dialer3. Analyse carriers & identify devices4. Connect to carriers identified5. Brute force if prompted6. Access granted
    11. Functions of a Modem• Dial-Out access – allows someone to subvert the firewall to get out• Dial-In access – allows remote access to an internal system via the PBX
    12. Dial-Out Access Desktop devices, faxes, scanners, PCs Primarily user internet-related activity Use of unauthorised modems to circumvent firewall rules - access blocked internet material Risk exposure is user-dependent and localised Think data leakage Risk commensurate with access privileges Most organisations do not have a requirement for it
    13. Dial-Out Risks Firewall Unauthorised Material Your Organisation Network Trojan Horses & Configuration Server Modem Viruses Workstation Business Data Databases Information Server Leakage
    14. Dial-In Access Business systems – servers - not PC-based Think 3rd party managed devices Increased likelihood business-critical system Permits targeted rather than opportunistic attack Time to map & exploit the system System can remain compromised after the hacker disconnects Likely to be untraceable Most organisations have at least some requirement for dial-in access
    15. Your View1. Bandwidth Manager2. Exterior Router3. Bastion Host (Firewall)4. Interior Router5. Network Switch6. Application Servers7. Network Storage8. PBX9. Voicemail10. Modem Bank11. RAS Server12. Authentication Server13. UPS14. Air Conditioning15. Building Access Control System
    16. Phreaker’s View 1. Bandwidth Manager 2. Exterior Router 3. Bastion Host (Firewall) 4. Interior Router 5. Network Switch 6. Application Servers 7. Network Storage 8. PBX 9. Voicemail 10. Modem Bank 11. RAS Server 12. Authentication Server 13. UPS 14. Air Conditioning 15. Building Access Control System
    17. Scale of Dial-In Threat Large organisations: 1.5% – 2.5% of all telephone extensions provide dial-in access (up to 25 extensions per 1000 ) Small organisations: 2% - 3% of telephone extensions provide dial-in connectivity (up to 15 extensions per 500)
    18. Prevailing Opinion… "...most large companies are more vulnerable through poorly inventoried modem lines than via firewall-protected Internet gateways" Hacking Exposed: Network Security Secrets and Solutions. McClure, Scambray & Kurtz. Osborne,2008 “While remote access is not the only route that hackers use to attack networks, they often cite it as the easiest route in” Information Security Breaches Survey 2010: Remote Access. UK Department of Trade & Industry
    19. And yet….DTI’s Information Security Breaches Surveycited it in 2004 by stating that …• Less than 2% surveyed checked for unauthorised modem access …but not since
    20. Managing Dial-Out RiskNon-PC based:• Configure dial-out under application control• Modem configured for “dial-out” onlyPC-based:• PBX monitoring – outbound call logging (restricted to DDI line logging)• Host-based solutions – anti-virus / host monitoring / configuration lockdownGeneral:• Effective policy – user education, policing & enforcement
    21. Managing Dial-In RiskManaged through:• Review & confirm 3rd party access requirements• Change vendor defaults• SLA’s should address breach responsibilities• Implement appropriate controls (access restriction, authentication, dial-back)• Monitor – inbound call logging / alerting / read logs!• Effective policy – user education, policing & enforcement
    22. 25 th Anniversary
    23. Todays’ War Dialer• WarVOX, Linux-based freeware available on Dark-Hack• Uses VoIP services to make up to 10,000 calls in an 8 hour period• Spoofs caller ID• IDs admin interfaces to PABX and IP based devices• Finds and copies/strips stored audio files and archives
    24. Test This
    25. Some things never die,they just go out offashion…Phreaking is the foundingmethodology of hackers.What makes you think itsdead?Still the most dependablebackdoor into a system.
    26. 26 Dover Street,London , W1S 4LY, United Kingdom+44 (0) 203 586 1025 www.orthusirm.com info@ orthusirm.com