The continued use of dial-up modems is predicated by the need for for vendor support, configuration of remote devices, and for providing out-of-band connectivity to remote systems by phone line when the primary network connection is down. However, modems represent an often overlooked backdoor to control systems and networks that can be exploited by hackers via the Public Switched Telephone Network (PSTN).
In a publication by Homeland Security’s National Cyber Security Division, “Recommended Practice for Securing Control System Modems”, methods for securing dial-up modems are addressed. It states that, “In general the dial-up PSTN is the least secure as it exposes a modem to the equivalent of world-level Internet access. As a result, this communication point can be accessed from anywhere in the world by anyone with a modem and may be vulnerable to attack.“
One security method presented in the paper is a telephony firewall. All of Multi-Link’s “active” line sharing devices, in addition to cutting costs, allow the end-user to protect access to connected modems with programmable security access codes (SAC) in the form of touch-tones. These SACs can be configured differently for each device port. Our most robust product from a security standpoint is the ACP Series 2.0 with 7-digit SACs per device port that would effectively provide a stand-alone firewall for dial-up modems.
For those modems utilizing Caller ID and dial-back security measures, the ACP 2.0 will pass the incoming Caller ID to the designated modem. After the Caller ID has been authenticated and the inbound call is disconnected, the modem can then call back through the ACP 2.0 to the pre-programmed number to ensure the secure transmission of data. The ACP 2.0 Series includes models that can accommodate 3 devices (ACP-300), 5 devices (ACP-500), and 9 devices (ACP-900).
It is highly recommended to audit and document all known modems and faxes for the purpose of not only cost reduction, but for the sake of closing any back doors into a company’s telecom and IT networks.