Rogue Modems: Your Network's Back Door

Rogue modems often elude the I.T. department's notice

Suspecting that he is about to be fired, the employee sets up a "back door" into his employer's systems. Once terminated, he uses it to wreak havoc. That's how the plot goes in popular fiction, anyway. But in practice it's harder to set up a back door than the fiction writers assume, and even more difficult to keep it hidden.

Unless you use a modem. "In any large organization around the world, you will find modems that you didn't know existed and which aren't subject to the barriers that firewalls offer," says Jon Morris, managing director of Ambersail, a Warrington, U.K.-based security consultancy. "Companies spend an absolute fortune on firewalls and security procedures, and it only takes a single modem to bypass all that."

Using "war dialers," Ambersail specializes in tracking down rogue modems, counting some of the world's largest companies and financial institutions among its clients. "We've found instances of production boxes with modems attached that don't even have passwords," says Morris. "You can dial in, and you've got administration rights on a production box. It's amazing." Typically, he says, the number of modems found varies between 3 percent and 15 percent of documented extensions.

Why so many? IT employees themselves are often to blame, installing modems because they make remote troubleshooting easier. Hardware manufacturers too can stipulate that a modem must be attached to their equipment for support and diagnostic purposes.

With careful thought, Morris says, it's often possible to reduce the number of modems. And then place those that remain on a strict password regime, updated as employees leave. "You can't eliminate modems, and you can't stop employees leavingbut you can prevent departed employees using them to gain access, once you know where the modems are," he says.

NEW! Download the Winter 2018 issue of Security Smart