I would advice against relying on callback from the modem. It will
not protect anything.
What canm be done on the (unix) host is a number of things.
-set remote password (if this is a sysV,might not be documented)
-enable login only on demand (already done manually, but letting
the computer also do this will be a safe-guard)
-install software to do 'token' authentification on that port or
install s/key on that port. On some u*x this is quite easy.
And the usual stuff, enforce strong passwords, change them from
time to time.
: > We have a medical (lab) system which has a modem and analog line
: > attached to it for use by the software suppliers.
: > Because of the sensitive nature of the lab results, the lab people
: > usually plug in the modem, and unplug it when the software folks are
: > done.
: > Is there anything that will act as intermediate protection. That is,
: > something that will provide password protection between the modem and
: > Unix host?
: There are many comercial solutions, some more expensive and more flexible
: than others. As was already mentioned there are modems that have
: call-back capability, you can preset the number, this could be a
: maintenance issue if the number needs to vary for multiple vendors.
: Another alternative is a small "Remote Access Server" for 1-3 lines,
: several vendors offer them (shiva, cayman, sonic.systems), most support
: PPP/SLIP and some will pass appletalk in ether as well as normal ip
: traffic. You supply phone line(s) and modem(s) (some may be available
: with built in modems), the box is programmed by you with configuration and
: account info, either over the net or thru a serial conection.
: We bought a 3-line RAS last summer, while researching it I found none that
: would use existing NIS, so these accounts & passwords will be independant
: of any other machines presently on your LAN, possibly an advantage in
: terms of security.
: Your own people could take advantage of this service as well as vendors,
: but there are some security issues if the phone numbers get discovered, so
: be sure that the passwords are good ones. You could disable or even
: remove the vendor accounts between uses. Note that the RAS sits on your
: LAN, it gives your vendors a phone-based port into your LAN, not a
: conection to any one machine. Vendors will still need accounts on the
: various machines they maintain for you.
: Dana S. Emery
: Smithsonian Institution, LMS
: I speak for myself only.
Peter Hakanson VolvoData Dep 2580 phone +46 31 66 74 27