https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26242#M1618 <P>Here's a pretty good resource to help you understand the risks associated with modems and the mitigations:</P><P>&nbsp;</P><P><A href="https://www.us-cert.gov/sites/default/files/recommended_practices/RP_SecuringModems_S508C.pdf" target="_blank">https://www.us-cert.gov/sites/default/files/recommended_practices/RP_SecuringModems_S508C.pdf</A></P><P>&nbsp;</P> Fri, 02 Aug 2019 08:01:57 GMT AlecTrevelyan 2019-08-02T08:01:57Z https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26235#M1616 <P>Hi All,</P><P>&nbsp;</P><P>Would need your expert advise on the subject mentioned, assuming there are 2 location using a dial-up modem to exchange data using a telephone lines. It is a point to point connection, what is the risks of this setup, can an attacker gain access to a network if the telephone number of one location is known by dialing to that number and steal data from that organization? Please advise and thank you in advance.</P><P>&nbsp;</P><P>&nbsp;</P><P>Best Regards,</P><P>Eugene.</P> Fri, 02 Aug 2019 03:32:28 GMT https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26235#M1616 secret_ag 2019-08-02T03:32:28Z https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26240#M1617 <P>Modems can be set to auto answer after a set number of rings, so knowing the number of a modem does create some risk, as they're be something connected to the modem too that you could try to access.&nbsp; A lot of IT kit still contain modems; e.g. many MFDs, mainframes although they're normally configured to only dial home to the OEM to report faults.</P> Fri, 02 Aug 2019 07:44:46 GMT https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26240#M1617 Steve-Wilme 2019-08-02T07:44:46Z https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26242#M1618 <P>Here's a pretty good resource to help you understand the risks associated with modems and the mitigations:</P><P>&nbsp;</P><P><A href="https://www.us-cert.gov/sites/default/files/recommended_practices/RP_SecuringModems_S508C.pdf" target="_blank">https://www.us-cert.gov/sites/default/files/recommended_practices/RP_SecuringModems_S508C.pdf</A></P><P>&nbsp;</P> Fri, 02 Aug 2019 08:01:57 GMT https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26242#M1618 AlecTrevelyan 2019-08-02T08:01:57Z https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26277#M1623 &gt; secret_ag (Viewer) posted a new topic in Tech Talk on 08-01-2019 11:32 PM in the<BR /><BR />&gt; It is a point to point connection, what is the risks of this setup, can an<BR />&gt; attacker gain access to a network if the telephone number of one location is<BR />&gt; known by dialing to that number and steal data from that organization?<BR /><BR />Ummmm, yeah ...<BR /><BR />OK, first off, don't trust the modem. Don't give it any special status or privileges.<BR />Force it to log in like anybody else.<BR /><BR />If carrier drops, log off the port. Kill the session.<BR /><BR />Maybe use a non-standard modem. 201C might be nice. (If you can find one ...)<BR /><BR />We could probably give better advice if we had more details ...<BR /><BR />====================== (quote inserted randomly by Pegasus Mailer)<BR />rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org<BR />Creativity can solve almost any problem. The creative act, the<BR />defeat of habit by originality, overcomes everything. - George Lois<BR />victoria.tc.ca/techrev/rms.htm <A href="http://twitter.com/rslade" target="_blank">http://twitter.com/rslade</A><BR /><A href="http://blogs.securiteam.com/index.php/archives/author/p1/" target="_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</A><BR /><A href="https://is.gd/RotlWB" target="_blank">https://is.gd/RotlWB</A> Fri, 02 Aug 2019 18:17:57 GMT https://community.isc2.org/t5/Tech-Talk/Security-of-Dial-up-modems/m-p/26277#M1623 rslade 2019-08-02T18:17:57Z