War Dialing is an activity and security threat often associated with the 1980s and 1990s. Of course, the film “War Games” made this hacker activity known to practically everybody. To a large degree, the concern about people dialing into your modem based services was replaced with concerns about the next big thing the Internet, then WiFi. War Dialing testing was replaced with War Driving; the search for unsecured wireless networks.
Since then, we have moved onto Bluetooth issues and now onto 3G and 4G mobile networks as the next new communications mechanisms to worry about. But a funny thing has happened along the way; modems never went away. They remain a popular way to remotely control important services like power systems, complex printer systems, and communication subsystems to name just a few.
Why has this happened? One driving force is that the depressed economy has forced many organizations to do a lot more work with a lot fewer people. One way to make a person more effective is to allow them to manage resources remotely. Getting a phone line hooked up to a modem is a cost-effective way to get communications setup between two locations.
Another way that organizations reduce cost is to outsource their IT resources. Similarly, the way these outsource organizations make money is to have individual technicians responsible for a variety of clients and to manage those resources remotely.
Although a significant security risk, one of the great administrative advantages of a modem based access to a resource is that it bypasses all the normal network protections that might exist on a normal Internet connection, such as firewalls, routers, application filters, intrusion detection systems, and ISPs. Figuring out how to configure a communication path that can reliably work over an Internet connection, where you don’t own or manage most of the systems you traverse, can be complex and expensive. Setting up a simple modem connection, however, can be quite trivial, cheap, and easy to manage over time.
The end result is that many organizations here in the 21st century are making good practical use of simple modem based access and management of remote resources. The key to managing those resources securely is to periodically assess their security stance in much the same way one manages Internet connection points by routinely performing host based or web based vulnerability assessments.
The way to check those modem based services is with the tried and true, simple yet effective approach called War Dialing. Have you checked your modem based systems lately?
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.