Telephone Systems: from unqualified success to inadvertent backdoor
The phone system of any organization is an essential communication tool not only for facilitating vocal communication but also for supporting connections to computer systems within and between organizations, both locally and globally. As a result, near instantaneous information exchange is possible. But as the functions of phone systems have expanded and organizations have widened their reliance on them, it's become apparent that the gains have not come without hazards. The very flexibility of phone systems has enabled easy and often unthinking access to the computer systems of organizations.
Modems within the organization, even when set up for legitimate purposes, can establish unauthorized and unknown back doors into the very core of modern enterprise: computer networks.
A key component in this complex system is the modem, which establishes direct communication amongst a variety of devices online. Because modems are very easy to set up and use, even a novice computer user can establish communication across a variety of applications almost without thinking. But their ease of use is also their Achilles' heel. As emergencies arise, people seek to solve problems quickly and locally in order to shorten interruptions in meeting customer needs, without giving thought to network-wide considerations. Modems may be revealing banners when dialed or may still have default manufacturers passwords. Forgotten modems providing open access to legacy systems are another possible portal into your system. And as any pool of employees may have a bad apple or two, there is the potential of deliberately introduced rogue modems.
For all these reasons, modems are a potential back door to your whole network. Unfortunately, as the addition of a single unsecured modem to the system can immediately increase the level of vulnerability of an entire company, it's not even simply a static threat.
Focus on Solutions
As the security risks on a network can easily fluctuate, incorporating ongoing monitoring into the security program is the only way to locate and remediate problem modems. Because threats are possible from intentional illicit use of modems as well as from accidental misuse, the process of auditing potential intrusions is best done without employee knowledge.
Follow-up to detecting problem modems thus has a dual function: to both shut down any unauthorized use and to help employees incorporate security-conscious modem installation into their work.
Drew Weisse, a Senior Security Analyst at WPS Resources by day and avid fisherman on the weekends, works on the corporate cyber security team that provides the bridge between the business and the security sides of the company. The security team's work ensures that WPS Resources' protection of sensitive data in transit and storage is in compliance with government requirements--and stays within an established budget.
First Step
When deciding how to address WPS Resources' modem auditing needs, they initially hired contractors to perform a scan of the company's telephone system. Drew explains, "For $20,000, the contractors worked from a list of numbers we put together for them." The security firm targeted every number on the list to pinpoint modems for further examination. This was comprehensive, but it had its drawbacks. Drew recalls, "We did find out where unauthorized modems were and shut them down. We also found needed modems that lacked proper security configuration. We worked with technical staff [IT] to get these modems configured with proper security configuration and interfaces. These were only the modems that were "turned on" during the time of this once annual modem assessment. But most of the year what happened in terms of modems was anyone's guess.As Drew continues, "My manager [Pat Bourassa] and I realized that unless we could perform scans multiple times a year we would only have a snapshot of the situation and wouldn't be comprehensively addressing the issue of unsecured modems." The question was how to effectively use that portion of the budget reserved for modem auditing to acquire an application that would allow for scanning whenever necessary. Additionally, Drew wanted something that required minimal effort on the part of his team because additional man-hours quickly increase costs.
"I'd rather be fishing than reinventing the wheel," says Drew "Fortunately, careful searching showed WPS Resources that there was an out-of-the-box solution to meet these needs: PhoneSweep. I have to say that what really got may attention was the demo." After careful consideration, the company chose to put almost all of the annual budget for modem auditing into Sandstorm's PhoneSweep.
PhoneSweep: The Rogue Modem Detector
Drew was gratified at how easy it was to move to PhoneSweep. "We'd ordered training along with the system and we were very pleased with our trainer. He was interesting and knowledgeable," Drew asserts, "and knew PhoneSweep up and down."
PhoneSweep quickly proved to be a hands-free solution. "We went from training to remediation all in one day. What with PhoneSweep's being an automated process, there's almost no need for human input."
PhoneSweep has also saved WPS Resources time that was previously spent preparing for the contract scanning. "We don't have to schedule interface time or spend time on encryption issues for transmitting phone numbers-because we are the staff that runs this and our phone numbers never leave our company."
It also took away a few other headaches because PhoneSweep will store numbers and can readily take them from an Excel spreadsheet so that numbers added to the system can be readily supplied to PhoneSweep, thus saving even more time. "It's proven to be easy to use and easy to understand. We have our own people teaching new members of the team how to use the application." Drew was especially pleased with the fact that PhoneSweep requires almost nothing from the team.
As soon as PhoneSweep was in place it began to earn its keep: WPS Resources was able to schedule line scans at non-work hours, 5 pm to 5am for example, as frequently as they wished to check what was happening on the telephone system. PhoneSweep's ability to store numbers and dial randomly also enabled it to run in stealth mode. "No more banks of phones ringing. It was great to lose that tip-off to phone scanning."
Once PhoneSweep identifies a modem, security is able to thoroughly examine it. This consists of checking on the necessity of the modem and ensuring that, if it's attached to a router, it has at least password first level login authentication. "It's startling how many modems are simply left in place and how many modems are simply forgotten." Drew reflected. "And, with only once a year scans, that problem multiplies from the day after the scan till the next annual scan is run."
Drew has discovered a side benefit to being able to scan multiple times a year: employees are made aware of the issue several times a year as scans are done. Because of the heightened profile of the issue, employees have become increasingly aware of the security risks modems can pose. Drew found that people are now starting to incorporate sound security practices into setting up modems. Much like periodic safety drills help people remember proper responses to fires, frequent phone scans throughout the year ensures that telephony security will remain a high-priority issue for employees.
"The fact that we can now quickly locate modems," affirms Drew "has made people think way more than once about trying to set up rogue modems."
| 
Sandstorm Home
Products
