Safe Modem Access

Safe Modem Access

Post by W.D. Rile » Fri, 11 Oct 1996 04:00:00



We have a medical (lab) system which has a modem and analog line
attached to it for use by the software suppliers.

Because of the sensitive nature of the lab results, the lab people
usually plug in the modem, and unplug it when the software folks are
done.

Is there anything that will act as intermediate protection.  That is,
something that will provide password protection between the modem and
Unix host?

Thanks

W.D. Riley
Data Security Administrator
City of Hope Medical Center


 
 
 

Safe Modem Access

Post by Bob Hau » Sat, 12 Oct 1996 04:00:00




Quote:> Because of the sensitive nature of the lab results, the lab people
> usually plug in the modem, and unplug it when the software folks are
> done.

> Is there anything that will act as intermediate protection.  That is,
> something that will provide password protection between the modem and
> Unix host?

You could get a modem that requires a password before it will tell the host
that it is connected.  There is also callback security where the remote user
dials, enters password, hangs up, and the modem calls back to a pre-arranged
number.  Some of the Motorola Power Series modems have these features, to
give one example.

Don't know if this will fit your requirement but I thought I'd toss it
out there...

---

 Wasatch Communications Group               http://www.wasatch.com

 
 
 

Safe Modem Access

Post by Dana S. Eme » Sat, 12 Oct 1996 04:00:00



> We have a medical (lab) system which has a modem and analog line
> attached to it for use by the software suppliers.

> Because of the sensitive nature of the lab results, the lab people
> usually plug in the modem, and unplug it when the software folks are
> done.

> Is there anything that will act as intermediate protection.  That is,
> something that will provide password protection between the modem and
> Unix host?

There are many comercial solutions, some more expensive and more flexible
than others.  As was already mentioned there are modems that have
call-back capability, you can preset the number, this could be a
maintenance issue if the number needs to vary for multiple vendors.

Another alternative is a small "Remote Access Server" for 1-3 lines,
several vendors offer them (shiva, cayman, sonic.systems), most support
PPP/SLIP and some will pass appletalk in ether as well as normal ip
traffic.  You supply phone line(s) and modem(s) (some may be available
with built in modems), the box is programmed by you with configuration and
account info, either over the net or thru a serial conection.

We bought a 3-line RAS last summer, while researching it I found none that
would use existing NIS, so these accounts & passwords will be independant
of any other machines presently on your LAN, possibly an advantage in
terms of security.

Your own people could take advantage of this service as well as vendors,
but there are some security issues if the phone numbers get discovered, so
be sure that the passwords are good ones.  You could disable or even
remove the vendor accounts between uses.  Note that the RAS sits on your
LAN, it gives your vendors a phone-based port into your LAN, not a
conection to any one machine.  Vendors will still need accounts on the
various machines they maintain for you.
--
Dana S. Emery
Smithsonian Institution, LMS

I speak for myself only.

 
 
 

Safe Modem Access

Post by peter hakans » Sun, 13 Oct 1996 04:00:00


I would advice against relying on callback from the modem. It will
not protect anything.

What canm be done on the (unix) host is a number of things.

-set remote password (if this is a sysV,might not be documented)
-enable login only on demand (already done manually, but letting
 the computer also do this will be a safe-guard)
 -install software to do 'token' authentification on that port or
 install s/key on that port. On some u*x this is quite easy.

 And the usual stuff, enforce strong passwords, change them from
 time to time.



: > We have a medical (lab) system which has a modem and analog line
: > attached to it for use by the software suppliers.
: >
: > Because of the sensitive nature of the lab results, the lab people
: > usually plug in the modem, and unplug it when the software folks are
: > done.
: >
: > Is there anything that will act as intermediate protection.  That is,
: > something that will provide password protection between the modem and
: > Unix host?

: There are many comercial solutions, some more expensive and more flexible
: than others.  As was already mentioned there are modems that have
: call-back capability, you can preset the number, this could be a
: maintenance issue if the number needs to vary for multiple vendors.

: Another alternative is a small "Remote Access Server" for 1-3 lines,
: several vendors offer them (shiva, cayman, sonic.systems), most support
: PPP/SLIP and some will pass appletalk in ether as well as normal ip
: traffic.  You supply phone line(s) and modem(s) (some may be available
: with built in modems), the box is programmed by you with configuration and
: account info, either over the net or thru a serial conection.

: We bought a 3-line RAS last summer, while researching it I found none that
: would use existing NIS, so these accounts & passwords will be independant
: of any other machines presently on your LAN, possibly an advantage in
: terms of security.

: Your own people could take advantage of this service as well as vendors,
: but there are some security issues if the phone numbers get discovered, so
: be sure that the passwords are good ones.  You could disable or even
: remove the vendor accounts between uses.  Note that the RAS sits on your
: LAN, it gives your vendors a phone-based port into your LAN, not a
: conection to any one machine.  Vendors will still need accounts on the
: various machines they maintain for you.
: --
: Dana S. Emery
: Smithsonian Institution, LMS

: I speak for myself only.

--
--
Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27

 
 
 

Safe Modem Access

Post by David Richar » Tue, 15 Oct 1996 04:00:00




>I would advice against relying on callback from the modem. It will
>not protect anything.

It will protect against ANYTHING except physical attacks (cut the wire
outside the building to 'catch' the callback, attacks from the location
that is called back to, and reprogramming of the actual telco switch.

It's a good start.



>: > We have a medical (lab) system which has a modem and analog line
>: > attached to it for use by the software suppliers.
>: >
>: > Because of the sensitive nature of the lab results, the lab people
>: > usually plug in the modem, and unplug it when the software folks are
>: > done.
>: >
>: > Is there anything that will act as intermediate protection.  That is,
>: > something that will provide password protection between the modem and
>: > Unix host?

>: There are many comercial solutions, some more expensive and more flexible
>: than others.  As was already mentioned there are modems that have
>: call-back capability, you can preset the number, this could be a
>: maintenance issue if the number needs to vary for multiple vendors.

It'd help to use USR Courier modems for the origination and answering
hardware.

The Courier series (we have 50 of them, but USR won't sell us any more
below street price) not only has Call-back capability built in, but also
has password authentication. The manual implies that one authentication
mode requires that the remote courier know the password, and calls from
any other modem (or a courier with the wrong password) won't even get
past the carrier negotiation.

Thus war games style 'scanner' software would get 'NO CARRIER' and figure
it's some sort of weird fax machine...
--
David Richards                             Ripco, since Nine*-Eighty-Three
My opinions are my own,                    Public Access in Chicago
But they are available for rental          Shell/SLIP/PPP/UUCP/ISDN/Leased

 
 
 

Safe Modem Access

Post by peter hakans » Tue, 15 Oct 1996 04:00:00


I do insist that modem supplied callback gives *no* security!

Don't call me for details:-)



: >I would advice against relying on callback from the modem. It will
: >not protect anything.

: It will protect against ANYTHING except physical attacks (cut the wire
: outside the building to 'catch' the callback, attacks from the location
: that is called back to, and reprogramming of the actual telco switch.

: It's a good start.



: >
: >: > We have a medical (lab) system which has a modem and analog line
: >: > attached to it for use by the software suppliers.
: >: >
: >: > Because of the sensitive nature of the lab results, the lab people
: >: > usually plug in the modem, and unplug it when the software folks are
: >: > done.
: >: >
: >: > Is there anything that will act as intermediate protection.  That is,
: >: > something that will provide password protection between the modem and
: >: > Unix host?
: >
: >: There are many comercial solutions, some more expensive and more flexible
: >: than others.  As was already mentioned there are modems that have
: >: call-back capability, you can preset the number, this could be a
: >: maintenance issue if the number needs to vary for multiple vendors.

: It'd help to use USR Courier modems for the origination and answering
: hardware.

: The Courier series (we have 50 of them, but USR won't sell us any more
: below street price) not only has Call-back capability built in, but also
: has password authentication. The manual implies that one authentication
: mode requires that the remote courier know the password, and calls from
: any other modem (or a courier with the wrong password) won't even get
: past the carrier negotiation.

: Thus war games style 'scanner' software would get 'NO CARRIER' and figure
: it's some sort of weird fax machine...
: --
: David Richards                             Ripco, since Nine*-Eighty-Three
: My opinions are my own,                    Public Access in Chicago
: But they are available for rental          Shell/SLIP/PPP/UUCP/ISDN/Leased

--
--
Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27

 
 
 

Safe Modem Access

Post by peter hakans » Tue, 15 Oct 1996 04:00:00


=20
I do insist that modem supplied callback gives *no* security!=20
=20
Don't call me for details:-)=20
=20


: >I would advice against relying on callback from the modem. It will=20
: >not protect anything.=20
=20
: It will protect against ANYTHING except physical attacks (cut the wire=20
: outside the building to 'catch' the callback, attacks from the=20
location=20
: that is called back to, and reprogramming of the actual telco switch.=20
=20
: It's a good start.=20
=20



: >=20
: >: > We have a medical (lab) system which has a modem and analog line=20
: >: > attached to it for use by the software suppliers.=20
: >: > =20
: >: > Because of the sensitive nature of the lab results, the lab=20
people=20
: >: > usually plug in the modem, and unplug it when the software folks=20
are=20
: >: > done.=20
: >: > =20
: >: > Is there anything that will act as intermediate protection. =20
That is,=20
: >: > something that will provide password protection between the=20
modem and=20
: >: > Unix host?=20
: >=20
: >: There are many comercial solutions, some more expensive and more=20
flexible=20
: >: than others.  As was already mentioned there are modems that have=20
: >: call-back capability, you can preset the number, this could be a=20
: >: maintenance issue if the number needs to vary for multiple vendors.=20
=20
: It'd help to use USR Courier modems for the origination and answering=20
: hardware.=20
=20
: The Courier series (we have 50 of them, but USR won't sell us any more=20
: below street price) not only has Call-back capability built in, but=20
also=20
: has password authentication. The manual implies that one=20
authentication=20
: mode requires that the remote courier know the password, and calls=20
from=20
: any other modem (or a courier with the wrong password) won't even get=20
: past the carrier negotiation.=20
=20
: Thus war games style 'scanner' software would get 'NO CARRIER' and=20
figure=20
: it's some sort of weird fax machine...=20
: --=20
: David Richards                             Ripco, since=20
Nine*-Eighty-Three=20
: My opinions are my own,                    Public Access in Chicago=20
: But they are available for rental         =20
Shell/SLIP/PPP/UUCP/ISDN/Leased=20

Usenet/E-Mail!=20
=20
--=20
--=20
Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27=20
=20
--- Internet Message Header Follows ---=20
Path:=20
seunet!mn3.swip.net!mn6.swip.net!seunet!news2.swip.net!nike.volvo.se!cyk
lop.volvo.se!peter=20

Newsgroups: comp.security.unix=20
Subject: Re: Safe Modem Access=20
Date: 14 Oct 1996 16:25:04 GMT=20
Organization: Volvo Corp.=20
Lines: 57=20




NNTP-Posting-Host: cyklop.volvo.se=20
X-Newsreader: TIN [version 1.2 PL2]=20
=20

 
 
 

Safe Modem Access

Post by peter hakanso » Wed, 16 Oct 1996 04:00:00


Michal,

Would you bet your companys resources on the assumption
that you local ptt always breaks the line ??? I would
not trust (our ptt) with anything at all.
Using modembased dial back encourages exactly this.

And you always risk a local tapping of an exposed line,
then all actions from the ptt is useless.

And be clear,
First you say "Posting such unsubstantiated statements",
then you describe the scenario.
Would it be more responsible to tell exactly this
can be (mis)used is most parts of the world ? No
CERT does not do that kind of things , why should i.

Isn't it enough to tell "the world" that is is a
clear risk about this ? Especially when much better
methods does not cost more ?

Please don't continue propose dialback solutions.
The are and have always been unsafe BY ANY STANDARD!

Drive Carefully!

--
Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27



> :
> : I do insist that modem supplied callback gives *no* security!
> :
> : Don't call me for details:-)

> Posting such unsubstantiated statements about security of anything does
> not help anybody (with an exception of crackers who are already informed
> about a hole).

> I know that a working callback depends very much on a local phone system.
> If one end may keep a line open by not* up, then callback is
> not worth very much as a security measure.  This, for example, does
> not apply to the city where I live.  After short timeout I am not very
> likely to call back even on the same circuit, not mentioning the line.
> It is also possible (I did it) to implement a callback not using modem
> features at all and in an initial exchange no phone numbers show up.
> I would love to know how to beat that without hacking a software on a
> phone exchange.  Probably a physical attack against a phone connection
> is quite a bit easier.

>   Michal

 
 
 

Safe Modem Access

Post by Tommy Larsso » Thu, 17 Oct 1996 04:00:00


Hello Peter,

So, what's the obvious security flaw if you use dialback
and has another modem dialling back than the one you dial
in the first place? Spoofing a dialtone won't work in this
case and if you are worried about wiretaps there are a lot
of vendors who provide modems with encryption.

Tommy


> Isn't it enough to tell "the world" that is is a
> clear risk about this ? Especially when much better
> methods does not cost more ?

> Please don't continue propose dialback solutions.
> The are and have always been unsafe BY ANY STANDARD!

> Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27



> > :
> > : I do insist that modem supplied callback gives *no* security!
> > :

 
 
 

Safe Modem Access

Post by Shawn McMaho » Thu, 17 Oct 1996 04:00:00



Quote:> I do insist that modem supplied callback gives *no* security!

> Don't call me for details:-)

You keep insisting that, but you're making an extraordinary claim so you
either need to document it, or just expect that very few people will
believe you.

If you expect very few to believe you, why post it in the first place?

Properly-implemented callback is a very good tool for solving some
security problems.  Saying that it's not is contrary to a huge body of
industry thought.  Contradicting industry thought is fine (even
encouraged) but doing so without documentation falls on the level of
"is not/is too".

  Shawn McMahon          | Smokesignals Computer Company
  Senior System Operator | Southern Oklahoma's Internet Service Provider
  Chickasaw Nation Net   | 405 332-0033   http://www.chickasaw.com

 
 
 

Safe Modem Access

Post by Don Nicho » Thu, 17 Oct 1996 04:00:00




Quote:>Hello Peter,

>So, what's the obvious security flaw if you use dialback
>and has another modem dialling back than the one you dial
>in the first place? Spoofing a dialtone won't work in this
>case and if you are worried about wiretaps there are a lot
>of vendors who provide modems with encryption.

        This eliminates the major consideration, but I don't *think* that
there are any modems which implement callback on a second line.  Yes, the
*system* behind the modems could do so, but (as indicated on the last line
of the following quotes) this "discussion" is about "modem supplied
callback".  I agree that the security from this is rather illusory against a
concerted attack.  (The wardialer scenario would not be likely to pick it
up, but if someone competent *explicitly* targeted your system, the modem
implemented callback would be very weak security at best.)

        DoN.


}>
}> Isn't it enough to tell "the world" that is is a
}> clear risk about this ? Especially when much better
}> methods does not cost more ?
}>
}> Please don't continue propose dialback solutions.
}> The are and have always been unsafe BY ANY STANDARD!
}>
}> Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27
}>

}>

}> > :
}> > : I do insist that modem supplied callback gives *no* security!
}> > :

--

Disclaimer: No statements herein are to be considered as necessarily
representing the opinions of the Department of the Army or Night Vision Labs.
    Black holes are where GOD is dividing by zero -- (author unknown)
 
 
 

Safe Modem Access

Post by peter hakans » Thu, 17 Oct 1996 04:00:00


I was talkin about "modem supplied callback". Please read
what i write.

Ways around this (like dialback on another line) will fix
this particular risk, but then it's so complicated that
a simpler solution can be made that is even safer.

: Hello Peter,

: So, what's the obvious security flaw if you use dialback
: and has another modem dialling back than the one you dial
: in the first place? Spoofing a dialtone won't work in this
: case and if you are worried about wiretaps there are a lot
: of vendors who provide modems with encryption.

: Tommy

: >
: > Isn't it enough to tell "the world" that is is a
: > clear risk about this ? Especially when much better
: > methods does not cost more ?
: >
: > Please don't continue propose dialback solutions.
: > The are and have always been unsafe BY ANY STANDARD!
: >
: > Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27
: >

: >

: > > :
: > > : I do insist that modem supplied callback gives *no* security!
: > > :

--
--
Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27

 
 
 

Safe Modem Access

Post by David Richar » Fri, 18 Oct 1996 04:00:00




>I do insist that modem supplied callback gives *no* security!

>Don't call me for details:-)

Because you don't have any.

'modem supplied' dialback _IS_ secure (short of physical intrusion in
the wire at each end, or hacking the switch), if the switching equipment
used is 100% sure to 'end' the call when the modem drops the switch hook.

Yes, there are cheesy modems out there that won't release the line
correctly, and there are cheesy telephone switches that keep the connection
open, but dialback is better than nothing.

As I've said, the Courier does password authentication and dialback in
firmware. We like them.


>: >I would advice against relying on callback from the modem. It will
>: >not protect anything.

>: It will protect against ANYTHING except physical attacks (cut the wire
>: outside the building to 'catch' the callback, attacks from the location
>: that is called back to, and reprogramming of the actual telco switch.

>: It's a good start.

>: It'd help to use USR Courier modems for the origination and answering
>: hardware.

>: The Courier series (we have 50 of them, but USR won't sell us any more
>: below street price) not only has Call-back capability built in, but also
>: has password authentication. The manual implies that one authentication
>: mode requires that the remote courier know the password, and calls from
>: any other modem (or a courier with the wrong password) won't even get
>: past the carrier negotiation.

>: Thus war games style 'scanner' software would get 'NO CARRIER' and figure
>: it's some sort of weird fax machine...
>: --
>: David Richards                             Ripco, since Nine*-Eighty-Three
>: My opinions are my own,                    Public Access in Chicago
>: But they are available for rental          Shell/SLIP/PPP/UUCP/ISDN/Leased

>--
>--
>Peter Hakanson  VolvoData Dep 2580 phone +46 31 66 74 27

--
David Richards                             Ripco, since Nine*-Eighty-Three
My opinions are my own,                    Public Access in Chicago
But they are available for rental          Shell/SLIP/PPP/UUCP/ISDN/Leased

 
 
 

Safe Modem Access

Post by Casper H.S. D » Fri, 18 Oct 1996 04:00:00





>>I do insist that modem supplied callback gives *no* security!

>>Don't call me for details:-)
>Because you don't have any.
>'modem supplied' dialback _IS_ secure (short of physical intrusion in
>the wire at each end, or hacking the switch), if the switching equipment
>used is 100% sure to 'end' the call when the modem drops the switch hook.

What if you call back immediately and simulate a dialtone when the modem
picks up to dial out?

I think you need two banks of modems, the lines connected to the dialout
bank should be protected by the PBX against dialin.

Casper
--
Casper Dik - Sun Microsystems - via my guest account at the University

Statements on Sun products included here are not gospel.
Unsolicited e-mail adverti*ts will be proofread for $250.

 
 
 

Safe Modem Access

Post by Klausn » Fri, 18 Oct 1996 04:00:00





>> I do insist that modem supplied callback gives *no* security!

>> Don't call me for details:-)

>You keep insisting that, but you're making an extraordinary claim so you
>either need to document it, or just expect that very few people will
>believe you.

 Callback is only useful IFF it dials back on a _different_ phone line. In
 many areas, it is possible to dial a number, and then hold the line open
 even after the person who answers thinks they have hung up. In that case,
 if the same modem, on the same line tries to call back, the originator
 merely fakes a dial tone, a couple of rings, and a handshake, and they have
 spoofed the system.

 This is very common knowledge.

--
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Ben Klausner                              (512) 823-0924 - T/L 793-0924
 Austin Site Information Technology                IBM, RS/6000 Division

 
 
 

1. Solaris 2.6: 'Async safe' implies 'thread safe' ?

Hi

I'm currently involved in multithreaded development tasks on
Solaris 2.6 and trying to make sense of the MT attributes for
system/library calls.

Especially, I'm wondering wether 'time' can be called safely
in a multithreaded app.

On the manpage of 'time' I read
   ____________________________________
  | ATTRIBUTE TYPE|   ATTRIBUTE VALUE |
  |_______________|___________________|
  | MT-Level      |  Async-Signal-Safe|
  |_______________|___________________|

and for async-safety attributes(5) tells me

  Async-Signal-Safe refers to  particular  library
  routines that can be safely called from a signal
  handler.  A thread that is executing  an  Async-
  Signal-Safe   routine  will  not  deadlock  with
  itself if interrupted by a signal.  Signals  are
  only a problem for MT-Safe routines that acquire
  locks.

  Signals are disabled when locks are acquired  in
  Async-Signal-Safe  routines.   This  prevents  a
  signal handler that might acquire the same  lock
  from being called.

Now, this description tells me that a thread calling
'time' won't deadlock in the call when interrupted
and that signals are disabled in 'time' whenever it
acquires locks.

It doesn't tell me wether any data can be corrupted
on reentering the call (i.e. is it 'Safe' ?) or wether
concurrency is provided (i.e. is it 'MT-Safe' ?).

Can anybody shed some light on this topic ?

Thanks a lot
Gunther

2. MkLinx DR3 Install Problems w/ Adaptec SCSI Card

3. Solaris 8 threads: If a routine is Async-Signal-Safe is it also thread Safe?

4. turn pacct on automatically

5. mmap, thread-safe, and signal-safe

6. PLEASE HELP me with local mail delivery

7. Thread-safe and Signal-safe

8. Two questions about rewriting with apache

9. Difference Between 'Safe' And 'MT-Safe' ML-Level

10. Safe access

11. two questions: safe access to root-owned directories and filenames with spaces in them.

12. Problem accessing modem on Linksys combo ethernet modem PCMCIA card

13. File Access - Does Owner Access Override Group Access?