> I think I've got my internet connection security > coming together, but I'm worried about a potential > back door. I have one worker who absolutely > has to have a modem to contact the legacy system our > billing service uses. What bothers me is that someone > might get clever and use a war dialer to find this > number and try and hack their way around my secure > gateway.
No offense, but I think you're really being overly paranoid about this. Why do I say that? Well, you said that this worker needs to contact the legacy system, not the other way around. This means that she likely fires up HyperTerminal or some other package (ProComm, etc) to dial out through the modem to this legacy system. When she's done, she most likely closes the app...right? My point is that if there isn't any application listening to answer the incoming call, then you don't have anything to worry about. Something, some software package, has to be running on the PC and has to be able to answer the phone when the call comes in for what you're fearing to happen. As an example, have you ever thought about firing up ToneLoc (or your favorite war-dialer) and running it against the number she uses? > I'd like to make this more difficult or at > least have some way to contain the damage. Does > anyone have any ideas? Sure, lots. Don't publish the phone number. Is the analog line she's using for the modem the same one she uses for her desk phone (if it is, then that pretty much answers the question regarding war-dialing)? If not, see if you can get your telecomm manager to program the switch for outbound calls on that line only. Make sure she has a strong password on the system for all local user accounts. Make sure you collect and review the logs, particularly after a weekend, to see if there any failed login attempts. There are ways you can handle automatic notification of failed logins...Perl, or some third party app. > I thought of possibly > putting a linux box configured as a firewall between > her and the rest of the network, but I'd have to have > alot of ports open to allow all the services she'll need > so I don't know if that would even help much. Sounds like more trouble than it's worth. Linux isn't the answer to *everything* (sorry guys), particularly if you really understand the situation. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com