Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

The Danger of War Dialing > Out-of-Band Support Channels - Pg. 34

34 chapter 2 War Dialing out-of-Band Support Channels Although many network administrators have moved as far away from dial-up access as possible, there still exists a need to implement modems for communications for a variety of situations. One of the most frequent implementations encountered involves using modems as an out-of-band communications solution for managing network equipment such as routers and switches. Out-of-band communications provide administrators the capability of remotely managing devices should traditional local area network or wide area network connectivity become unreliable or unavailable. Although modems may be implemented for the purpose of out-of-band communi- cations, poor implementation of such devices may provide an avenue of attack allow- ing attackers to gain access to the core backbone of the network. If an attacker is able to connect to a router via a poorly secured modem and successfully authenticate, there are many type of attacks that can be performed that may reduce the confidential- ity, integrity, and availability of the network and the data that passes through it. If an attacker has appropriate access, he or she may set new passwords for the router, essentially hijacking the device. Administrators may have a difficult time reclaiming administrative access to the router, depending on whether or not physical access to the router is required to regain control. This may take a considerable amount of time if the network administrators are not prepared. Additionally, many network administrators fail to implement proper logging for failed logon events, which allows attackers to perform extensive dictionary or brute-force attacks without detection. Successful authentication attacks may allow attackers to maintain access for long periods without detection by administrators. Once this level of access is achieved, the attacker can cripple the entire network by reconfiguring the router. Attackers may use router software to sniff network traffic as it passes through the router. This obviously is a great concern, as many network administrators fail to implement encrypted protocols. Sniffing network traffic can also provide attackers with a wealth of information about the protocols and the types of traffic that traverses the network. This type of attack will most likely allow attackers to sniff legitimate usernames and passwords, allowing for further attacks against services available on the network. The attacker may be able to perform denial-of-service (DoS) attacks, as explained in Chapter 1, "Denial of Service," by configuring the router to route all traffic to a nonexistent address, also known as a null route or black hole. This of course will cause a total loss of data, as it traverses this point within the network. Remote access for out-of-band communications should be secured to prevent these types of attacks. The previous attacks described only account for a small amount of what an attacker can do if modems connected to support devices are compromised. unauthorized Employee Access One of the oldest war dialing attack scenarios deals with an employee who must have access to his or her work desktop computer while he or she is away from the office. Unfortunately, sometimes employees who are trying to do good deeds for the organization can unknow- ingly introduce vulnerabilities that weaken the organization's security posture.