Forgotten war dialling risk leaves networks in peril

War Dialling, the scanning of telephone lines to find insecure modems that provide a back door route into corporate networks, is ignored as a risk by many organisations, security testing outfit NTA Monitor warns. The company is calling on organisations to revise their procedures to guard against the long established, but still serious, security risk. A survey conducted by NTA Monitor between August and September to ascertain awareness among IT and security managers about War Dialling discovered 22 per cent of those questioned having no knowledge of the issue. Almost a quarter (24 per cent) of respondents to the survey reported that there were unauthorised modems attached to systems at their sites. One respondent believed there might be as many as 20 modems over which he had no control running over a particular company’s network. According to NTA Monitor, modems are found at the end on average at 0.75 per cent of a corporate organisation’s telephone number range. For example, a mid-sized company with a range of 10,000 numbers will typically contain 75 modems. “This should cause major concern, as it only takes one insecure modem to permit a hacker to gain access to an organisation’s systems,” said Roy Hills, NTA Monitor’s technical director. “Imagine the situation for a company with 5,000 extensions over 20 sites – how can they ever be sure that no rogue modems are attached to any of those lines, without testing them?” Full Story