<HTML
><HEAD
><TITLE
>Security</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Remote Serial Console HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Where to next from here?"
HREF="end.html"><LINK
REL="NEXT"
TITLE="Use good passwords"
HREF="security-password.html"></HEAD
><BODY
CLASS="CHAPTER"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Remote Serial Console HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="end.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="security-password.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="CHAPTER"
><H1
><A
NAME="SECURITY"
></A
>Chapter 9. Security</H1
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>9.1. <A
HREF="security-password.html"
>Use good passwords</A
></DT
><DT
>9.2. <A
HREF="security-dtr.html"
>Obey Data Terminal Ready and Data Carrier Detect</A
></DT
><DT
>9.3. <A
HREF="security-dumb.html"
>Use or configure a dumb modem</A
></DT
><DT
>9.4. <A
HREF="security-messages.html"
>Restrict console messages</A
></DT
><DD
><DL
><DT
>9.4.1. <A
HREF="security-messages.html#SECURITY-MESSAGES-LOG"
>Restrict console messages from the system log</A
></DT
><DT
>9.4.2. <A
HREF="security-messages.html#SECURITY-MESASGES-WALL"
>Restrict broadcast messages to the console</A
></DT
></DL
></DD
><DT
>9.5. <A
HREF="security-modem.html"
>Modem features to restrict usage</A
></DT
><DT
>9.6. <A
HREF="security-bios.html"
><SPAN
CLASS="ACRONYM"
>BIOS</SPAN
> features</A
></DT
><DT
>9.7. <A
HREF="security-bootloader.html"
>Use a boot loader password</A
></DT
><DT
>9.8. <A
HREF="security-rhl-prompt.html"
>Non-interactive boot sequence</A
></DT
><DT
>9.9. <A
HREF="security-sysrq.html"
>Magic <B
CLASS="KEYCAP"
>SysRq</B
> key</A
></DT
><DT
>9.10. <A
HREF="security-ctrlaltdel.html"
>Adjust behaviour of <B
CLASS="KEYCAP"
>Ctrl</B
>-<B
CLASS="KEYCAP"
>Alt</B
>-<B
CLASS="KEYCAP"
>Delete</B
></A
></DT
><DT
>9.11. <A
HREF="security-log.html"
>Log attempted access</A
></DT
><DT
>9.12. <A
HREF="security-interception.html"
>Countering interception of telephony links</A
></DT
></DL
></DIV
><P
>Using a serial console with a modem gives anyone the
opportunity to connect to the console port. This connection is not
mediated by firewalls or intrusion detection sniffers. It is
important to prevent the misuse of the serial console by
unauthorized people.</P
><P
>The resurgence of the <SPAN
CLASS="ACRONYM"
>BBS</SPAN
>-era technique of
<SPAN
CLASS="QUOTE"
>"war dialling"</SPAN
> is described in @Stake's <A
HREF="http://www.atstake.com/research/reports/acrobat/wardialling_brief.pdf"
TARGET="_top"
><I
CLASS="CITETITLE"
>Wardialling
Brief</I
></A
> and reported upon by <I
CLASS="CITETITLE"
>The
Register</I
>, see an extract in <A
HREF="security.html#SECURITY-LEYDEN"
>Figure 9-1</A
>.</P
><DIV
CLASS="FIGURE"
><A
NAME="SECURITY-LEYDEN"
></A
><P
><B
>Figure 9-1. Extract from <I
CLASS="CITETITLE"
>Crackers favour war dialling and
weak passwords</I
></B
></P
><A
NAME="AEN2171"
></A
><BLOCKQUOTE
CLASS="BLOCKQUOTE"
><P
>With all the talk about zero day exploits and sometimes
esoteric vulnerabilities its easy to lose sight of the role of
older, less sophisticated techniques as a mainstay of cracker
activity.</P
><P
>During a hacking debate at InfoSecurity Europe yesterday
[2002-04-25], black hat hacker KP said that when he broke into a
network he did so 90 per cent of the time through an unprotected
modem, often through war dialling.</P
><P
>War dialling involves systematically trying to locate the
numbers associated with corporate modems through testing each
extension of a corporate phone system in turn.</P
><P
><SPAN
CLASS="QUOTE"
>"Intrusion detection systems are no real deterrent for
me because I get in through the back door,"</SPAN
> he
said. <SPAN
CLASS="QUOTE"
>"Many networks are constructed like Baked Alaska
— crunchy on the outside and soft in the
middle."</SPAN
></P
><P
>KP often takes advantage of weak or default passwords to
break into networks…</P
></BLOCKQUOTE
><P
CLASS="LITERALLAYOUT"
><I
CLASS="CITETITLE"
>Crackers favour war dialling and weak passwords</I
><br>
John Leyden, <A
HREF="http://www.theregister.co.uk/content/55/25044.html"
TARGET="_top"
><I
CLASS="CITETITLE"
>The Register</I
></A
>, 2002-04-26.</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="end.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="security-password.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Where to next from here?</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> </TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Use good passwords</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
