TeleSweep ferrets out vulnerable modems

Nobody wants to fight a war in which the enemy has better weapons, but until recently, computer professionals have been at a disadvantage vs. "war dialers." Hackers use such dialers to try one telephone number after another, hoping to chance upon vulnerable modems.

SecureLogix Corp. has developed a new line of defense. A technician at the company recently demonstrated how easy it is to break into a PC through its modem. You could hear the phone call connect, and then, in seconds, the technician announced he was in and pointed to the user name and password revealed on the screen.

How do organizations become vulnerable? Office PC users often install modems without notifying systems security managers. Those PCs and modems become potential entry points for hackers into the entire network.

However, with a new class of commercial telecommunications scanners such as SecureLogix's TeleSweep Secure, security managers can find "rogue" modems before the hackers do.

For testing, we obtained TeleSweep Secure prepackaged in a special desktop PC—a black pizza-box design with a flat-screen monitor. A key lock protects the diskette and CD-ROM drives. The entire system is designed to conform to the stringent Microsoft Corp. Windows NT Security Guidelines published by Trusted Systems Services Inc. (The guidelines are available at www.trustedsystems.com.)

There are four modems and an Ethernet connection on the unit. We plugged in two analog telephone lines but decided not to plug our local-area network into the Ethernet port, a decision we regretted when it came time to print the results of the scans.

First, the Dialer, a software program that controls the modems, has you set up data such as your area code and country code. Next comes the more interesting business of designing a scan. Clicking on the Manager icon, we entered a range of numbers covering the 3,001 phones at my agency's campus, excluding a special number reserved for emergencies. More complex lists of phone numbers can be imported from a file.

TeleSweep Secure has several features that no current hacker tools have, including dictionary password guessing, in which common passwords—such as an agency's initials—can be tried. To test the modem penetration option, we were careful to dial only phone numbers we had permission to check, to avoid breaking any laws.

You may envision the scanner causing phones to start ringing all over the place, but this isn't the case. We had numbers dialed in random order and set a timeout limit of the recommended 180 seconds for an unanswered call. With two of the unit's modems in use, the phone calls in any office would not seem more than normal.

When TeleSweep called our extension, it was passively listening for fax or modem tones, so all we heard was dead air. TeleSweep would call again later to actively interrogate any attached fax machine, and someone answering the phone would hear facsimile tones. But TeleSweep uses the war dialer trick of not calling the same number again immediately.

The printed reports from the scans provided a complete list showing all voice lines, faxes and modems.

TeleSweep's bundling of hardware and software reduces installation time and provides state-of-the-art security against hackers breaking into the scanner to get the scanning results. But if you prefer to use your own hardware, SecureLogix will sell the software separately. Be sure, however, to use modems only from their approved list because the quality of the modems makes a difference.

TeleSweep Secure's closet competitor, PhoneSweep from Sandstorm Enterprises Inc., is a software-only product. It costs less than TeleSweep Secure, and if you add a special serial port card, it will support up to eight modems in the PC you use.

TeleSweep, however, has a unique ability to separate its Manager and Dialer. You can save long-distance charges by placing Dialer PCs at remote sites and controlling them from a central Manager PC. Also, TeleSweep works in concert with SecureLogix's new TeleWall, which is a firewall for telephone lines.

--Greer is a senior network analyst at a large Texas state agency. He can be reached at Earl.Greer@dhs.state.tx.us.