Cobb's Guide to PC and LAN Sccurity, Part 3 of 3
Total Page:16
File Type:pdf, Size:1020Kb
Chapter Secure Communications WANs, Remote Access, and the Internet Cobb's Guide to PC & LAN Security, Part 3 of 3 Free Electronic Edition, Creative Commons License, © 1996-2010, Stephen Cobb Ths chapter looks beyond local area networks to the broader aspects of personal computer-based data communications. This takes in the security of modem connec- tions over telephone lines, remote access to personal computers and networks, wide area networks, long-distance connections between networks, plus other forms of computer-fachtated communication, such as fax and voice. I wdl begin with basic outbound communications from a personal computer, then consider incoming calls and network connections. Basic Communications In this section, I'll look at what it takes for computers to talk to each other and at some of the reasons why you might want to do this. I also will try to dispel some of the misconceptions about over-the-phone haclung. The facts of modem life People today take talking on the telephone for granted, but it actually is hard work for computers to communicate by phone. Humans simply pick up the handset, dial Secure Communications 557 the number, and talk when someone answers. The sound is transmitted electrically but not, until recently, digitally. On the traditional analog telephone (most of today's telephones are still analog), our voices are translated into currents, which in turn cause vibrations at the receiving end, which are heard as sound. Digits and Dials Why do we use the term dialing for the act of punching in phone numbers on a keypad? You might be surprised how many teenagers don't know the answer to that question. They have never seen a rotary dial, except in movies. It might not be too long before analog phone service goes the way of the rotary dial. More and more businesses, and even some individuals, are using a digital alternative known as ISDN (Integrated Services Digital Network). This service now is avail- able in some areas for under $100 per month. With ISDN, it is possible to get si- multaneous voice and data transmission on the same line, at speeds as fast as 128 Kbps (the current standard for high-speed analog modems, V.34, is 28.8 Kbps) . A high-speed data call made on an ISDN line uses digital modems at both ends. Currently more expensive than mass-produced analog modems, ISDN modems and switches eventually will come down in price as they become more widely used. As you would expect, digital modems are a lot more reliable and efficient than their analog counterparts. There is no conversion process, just a direct stream of digits. You don't get high-speed performance unless the party that you are calling also is digital. Some Internet providers already are offering ISDN dial- up service, and it is only a matter of time before commercial services like Com- puServe will offer this type of access to small businesses and work-at-home users. Computers don't have ears. Furthermore, they are digital, not analog. For com- puters to talk to each other over an analog phone line, they require modems. A mo- dem turns computer data into signals that are transmitted over the phone. At the other end of the line, another modem converts the signal back into data. The con- version process is known as modulation. The word modem is a conjunction of mod- ulator and demodulator. A modem is a circuit board that can be fitted internally in a personal computer or housed in an external box connected to the computer by a cable. The modem is controlled by communications software. Here are the steps in- volved when one computer calls another: 1. Both computers must have modems properly attached and communications soft- ware loaded. 2. The host computer, the one receiving the call, must be placed in "auto answer" mode; that is, the communications software must program the modem to answer the phone and respond to the incoming call. 3. The computer initiating the call must dial the number of the computer receiving the call. 558 Chapter Thirteen 4. When the call is answered, a series of exchanges must take place, known as handshaking, to establish the connection. 5. There also must be an agreed exchange of messages to let users of the two sys- tems know that the machines are communicating. With newspapers and television carrying so many reports of hackers wreaking havoc by illicitly accessing computers via modems, it is easy to get nervous about fit- ting one to your personal computer. However, there are enormous benefits to be gained from using a modem, some of them directly related to security (see "Online benefits" later in ths chapter). Besides, the risks of using modems are minimal, if you understand how they work. It is important to stress that nobody can access your computer via your modem unless: Your computer is turned on. Your modem is connected to a phone line. Your communications software is programmed to answer the phone (often re- ferred to as auto-answer mode). Even when all of these conditions are met, making a successful connection can be difficult, especially the first time that you attempt that particular connection. A number of parameters must match exactly for things to work properly. However, once the correct parameters have been determined, they can be stored for future sessions. This means that subsequent connections are routine. Nevertheless, it is un- likely that you will "accidentally" expose your computer to external attack just by in- stalling a modem. If you still are nervous, you can password protect modem access, as described in the section "Secure access?" later in ths chapter. The network factor Unfortunately, previous discussion applies only to accessing your computer via your modem. If your computer is not protected by access controls, then an unau- thorized user can activate the modem to allow an outsider to gain access or to send confidential data out to an accomplice. Furthermore, if your computer is networked to other computers, then the problem of modem access is much more complicated. If just one modem on one computer on a network is left unprotected in auto-answer mode, a hacker might well be able to gain access to any computer that is logged on to the network (see Figure 13.1). As an individual network user, there is little that you can do about this besides make sure that your private files are well-protected by lirmting access rights and us- ing password protection (encrypting sensitive personal data on your machine might well be advisable). The implication for network managers are more wide-ranging. With internal modems costing as little as $50, today's network manager must be "mo- dem-aware" at all times. Fortunately, some network auditing programs, such as Frye Computer Systems' LAN Directory, can check for modems. In addition, software- license auditing programs-such as McAfee SiteMeter, Frye's Software Metering and Resource Tracking, and John McCann's SofTrack-vvlll be able to tell you whch ma- chines on the network have communications software installed (see Figure 13.2). If Secure Communications 559 Legitimate modems, improperly / manaaed or erotected, can be abused and ihus expose your i internal systems to ovts!dera ~ Figure 13.1 Modems open doors to illicit network access. Figure 13.2 Auditing software can reveal unauthorized modem installations 560 Chapter Thirteen communications software is installed on the server, then access rights should be strictly limited. In the later section "Remote access security," I will discuss the use of "war dialers" to check company phone systems for active modems. Unfortunately, every default installation of Windows includes communications software-Terminal in the case of Windows 3.x and HyperAccess in the case of Win- dows 95. While Terminal is very limited, it does work and can be used to receive in- coming calls as well as to dial out. There is no password protection in Terminal, and the program is very small (around 145K), so it can easily be slipped onto a system that is not protected by good access controls (some DOS-based communications programs are smaller still). Clearly, there is an ongoing need to monitor networked systems for both communications software and modem hardware. Note that the lat- ter can be internal, in the form of expansion boards or PCMCIA cards, and thus not immediately obvious from a visual inspection of the desktop. Online benefits It is important to understand both the allure and the practicalities of going "online" even if you don't have a modem and have not yet found a reason to get one. For ex- ample, if you are responsible for managing a network, you need to know why in- stalling a modem is so tempting to users and what sort of risks are associated with approving such an installation. You might want to sanction a limited amount of mo- dem use to control it, rather than fight a losing battle against illicit modems. (Later, I will discuss the use of centralized modem controllers and remote access servers.) Personally, I have been using a modem since 1982 and consider communicating with a computer to be at least as interesting as all of the other things that you can do with a standalone computer combined. I was convinced of this the first time that I searched an online database (using a 300-baud Texas Instruments thermal printer terminal) and printed out an article that actually was stored 1000 miles away. Today, online databases are an essential, almost daily, part of my research. Add to that the news services, such as CompuServe's Executive News Service and Newsbytes, and the daily flow of messages, and a modem becomes a vital link to the outside world, whether you are working in a downtown office or a country cottage.