<HTML ><HEAD ><TITLE >Security</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Remote Serial Console HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Where to next from here?" HREF="end.html"><LINK REL="NEXT" TITLE="Use good passwords" HREF="security-password.html"></HEAD ><BODY CLASS="CHAPTER" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Remote Serial Console HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="end.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="security-password.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="CHAPTER" ><H1 ><A NAME="SECURITY" ></A >Chapter 9. Security</H1 ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >9.1. <A HREF="security-password.html" >Use good passwords</A ></DT ><DT >9.2. <A HREF="security-dtr.html" >Obey Data Terminal Ready and Data Carrier Detect</A ></DT ><DT >9.3. <A HREF="security-dumb.html" >Use or configure a dumb modem</A ></DT ><DT >9.4. <A HREF="security-messages.html" >Restrict console messages</A ></DT ><DD ><DL ><DT >9.4.1. <A HREF="security-messages.html#SECURITY-MESSAGES-LOG" >Restrict console messages from the system log</A ></DT ><DT >9.4.2. <A HREF="security-messages.html#SECURITY-MESASGES-WALL" >Restrict broadcast messages to the console</A ></DT ></DL ></DD ><DT >9.5. <A HREF="security-modem.html" >Modem features to restrict usage</A ></DT ><DT >9.6. <A HREF="security-bios.html" ><SPAN CLASS="ACRONYM" >BIOS</SPAN > features</A ></DT ><DT >9.7. <A HREF="security-bootloader.html" >Use a boot loader password</A ></DT ><DT >9.8. <A HREF="security-rhl-prompt.html" >Non-interactive boot sequence</A ></DT ><DT >9.9. <A HREF="security-sysrq.html" >Magic <B CLASS="KEYCAP" >SysRq</B > key</A ></DT ><DT >9.10. <A HREF="security-ctrlaltdel.html" >Adjust behaviour of <B CLASS="KEYCAP" >Ctrl</B >-<B CLASS="KEYCAP" >Alt</B >-<B CLASS="KEYCAP" >Delete</B ></A ></DT ><DT >9.11. <A HREF="security-log.html" >Log attempted access</A ></DT ><DT >9.12. <A HREF="security-interception.html" >Countering interception of telephony links</A ></DT ></DL ></DIV ><P >Using a serial console with a modem gives anyone the opportunity to connect to the console port. This connection is not mediated by firewalls or intrusion detection sniffers. It is important to prevent the misuse of the serial console by unauthorized people.</P ><P >The resurgence of the <SPAN CLASS="ACRONYM" >BBS</SPAN >-era technique of <SPAN CLASS="QUOTE" >"war dialling"</SPAN > is described in @Stake's <A HREF="http://www.atstake.com/research/reports/acrobat/wardialling_brief.pdf" TARGET="_top" ><I CLASS="CITETITLE" >Wardialling Brief</I ></A > and reported upon by <I CLASS="CITETITLE" >The Register</I >, see an extract in <A HREF="security.html#SECURITY-LEYDEN" >Figure 9-1</A >.</P ><DIV CLASS="FIGURE" ><A NAME="SECURITY-LEYDEN" ></A ><P ><B >Figure 9-1. Extract from <I CLASS="CITETITLE" >Crackers favour war dialling and weak passwords</I ></B ></P ><A NAME="AEN2171" ></A ><BLOCKQUOTE CLASS="BLOCKQUOTE" ><P >With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity.</P ><P >During a hacking debate at InfoSecurity Europe yesterday [2002-04-25], black hat hacker KP said that when he broke into a network he did so 90 per cent of the time through an unprotected modem, often through war dialling.</P ><P >War dialling involves systematically trying to locate the numbers associated with corporate modems through testing each extension of a corporate phone system in turn.</P ><P ><SPAN CLASS="QUOTE" >"Intrusion detection systems are no real deterrent for me because I get in through the back door,"</SPAN > he said. <SPAN CLASS="QUOTE" >"Many networks are constructed like Baked Alaska — crunchy on the outside and soft in the middle."</SPAN ></P ><P >KP often takes advantage of weak or default passwords to break into networks…</P ></BLOCKQUOTE ><P CLASS="LITERALLAYOUT" ><I CLASS="CITETITLE" >Crackers favour war dialling and weak passwords</I ><br> John Leyden, <A HREF="http://www.theregister.co.uk/content/55/25044.html" TARGET="_top" ><I CLASS="CITETITLE" >The Register</I ></A >, 2002-04-26.</P ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="end.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="security-password.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Where to next from here?</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Use good passwords</TD ></TR ></TABLE ></DIV ></BODY ></HTML >