Cobb's Guide to PC and LAN Security Part 3 of 3

Chapter

Secure Communications

WANs,

Remote Access,and the Internet

Cobb's Guide to PC & LAN Security, Part

3

of 3

Ths

chapter looks beyond local area networks to the broader aspects of personalcomputer

-

based data communications. This takes in the security of modem connec-tions over telephone lines, remote access to personal computers and networks, widearea networks, long-distance connections between networks, plus other forms of

computer-fachtated

communication, such as fax and voice.

I

wdl

begin with basicoutbound communications from a personal computer, then consider incoming callsand network connections.

Basic Communications

In this section,

I'll

look at what it takes for computers to talk to each other and atsome of the reasons why you might want to do this.

I

also will try to dispel some of the misconceptions about over

-

the-phone

haclung.

The facts

of

modem

life

People today take talking on the telephone for granted, but it actually is hard work for computers to communicate by phone. Humans simply pick up the handset, dial

Secure Communications

557

the number, and talk when someone answers. The sound is transmitted electricallybut not, until recently, digitally. On the traditional analog telephone (most of today'stelephones are still analog), our voices are translated into currents, which in turncause vibrations at the receiving end, which are heard as sound.

Digits

and

Dials

Why do we use the term

dialing

for the act of punching in phone numbers on akeypad? You might be surprised how many teenagers don't know the answer tothat question. They have never seen a rotary dial, except in movies. It might notbe too long before analog phone service goes the way of the rotary dial. Moreand more businesses, and even some individuals, are using a digital alternativeknown as ISDN (Integrated Services Digital Network). This service now is avail

-

able in some areas for under

$100

per month. With ISDN, it is possible to get si

-

multaneous voice and data transmission on the same line, at speeds as fast as

128

Kbps (the current standard for high-speed analog modems, V.34, is

28.8

Kbps)

.

A

high

-

speed data call made on an ISDN line uses digital modems at both ends.Currently more expensive than mass

-

produced analog modems, ISDN modemsand switches eventually will come down in price as they become more widelyused. As you would expect, digital modems are a lot more reliable and efficientthan their analog counterparts. There is no conversion process, just a directstream of digits. You don't get high-speed performance unless the party that youare calling also is digital. Some Internet providers already are offering ISDN dial

-

up service, and it is only a matter of time before commercial services like

Com-puServe

will offer this type of access to small businesses and work

-

at

-

homeusers.Computers don't have ears. Furthermore, they are digital, not analog. For com

-

puters to talk to each other over an analog phone line, they require modems. A mo

-

dem turns computer data into signals that are transmitted over the phone. At theother end of the line, another modem converts the signal back into data. The con

-

version process is known as

modulation.

The word modem is a conjunction of

mod

-

ulator

and

demodulator.

A modem is a circuit board that can be fitted internally

in

a personal computer or housed in an external box connected to the computer by acable. The modem is controlled by communications software. Here are the steps in

-

volved when one computer calls another:

1.

Both computers must have modems properly attached and communications soft

-

ware loaded.

2.

The host computer, the one receiving the call, must be placed in

"

auto answer

"

mode; that is, the communications software must program the modem to answerthe phone and respond to the incoming call.3. The computer initiating the call must dial the number of the computer receivingthe call.

558

Chapter

Thirteen

4.

When the call is answered, a series of exchanges must take place, known ashandshaking, to establish the connection.

5.

There also must be an agreed exchange of messages to let users of the two sys

-

tems know that the machines are communicating.With newspapers and television carrying so many reports of hackers wreakinghavoc by illicitly accessing computers via modems, it is easy to get nervous about fit-ting one to your personal computer. However, there are enormous benefits to begained from using a modem, some of them directly related to security (see

"

Onlinebenefits

"

later in

ths

chapter). Besides, the risks of using modems are minimal, if you understand how they work. It is important to stress that nobody can access yourcomputer via your modem unless:Your computer is turned on.Your modem is connected to a phone line.Your communications software is programmed to answer the phone (often re

-

ferred to as auto-answer mode).Even when all of these conditions are met, making a successful connection can bedifficult, especially the first time that you attempt that particular connection.

A

number of parameters must match exactly for things to work properly. However,once the correct parameters have been determined, they can be stored for futuresessions. This means that subsequent connections are routine. Nevertheless, it is un

-

likely that you will

"

accidentally

"

expose your computer to external attack just by in-stalling a modem. If you still are nervous, you can password protect modem access,as described in the section

"Secure

access?

"

later in

ths

chapter.

The network factor

Unfortunately, previous discussion applies only to accessing your computer viayour modem. If your computer is not protected by access controls, then an unau-thorized user can activate the modem to allow an outsider to gain access or to sendconfidential data out to an accomplice. Furthermore, if your computer is networkedto other computers, then the problem of modem access is much more complicated.If just one modem on one computer on a network is left unprotected in auto-answermode, a hacker might well be able to gain access to any computer that is logged onto the network (see Figure 13.1).As an individual network user, there is little that you can do about this besidesmake sure that your private files are well-protected by

lirmting

access rights and us

-

ing password protection (encrypting sensitive personal data on your machine mightwell be advisable). The implication for network managers are more wide

-

ranging.With internal modems costing as little as

$50,

today's network manager must be

"

mo

-

dem

-

aware

"

at all times. Fortunately, some network auditing programs, such as FryeComputer Systems'