War Dialing
Essentials
War dialing is an assessment where the SecureState team dials
into an organization’s phone block attempting to identify
numbers where a modem is present. When a modem is present,
SecureState will attempt to circumvent security controls and
access data. The goal of a war dialing assessment is to review
the overall level of security and identify exposures associated
with a company’s dial-in environment. This is accomplished by
first, “War Dialing” selected telephone ranges from a remote
telephone connection to identify modem connections to the
internal network. Second, controlled penetration attacks are
performed on the modem connections that are identified in order
to gain access to the company’s internal network.
- Assesses the overall level of security and identify
exposures associated with a company’s dial-in
environment Identifies modems currently present in your
environment Performed controlled penetration attacks on
discovered modems to identify insecure systems
- Identifies modems currently present in your
environment
- Performed controlled penetration attacks on
discovered modems to identify insecure systems
Benefits
Although most companies have made the switch to Internet
based remote access solutions, analog (legacy) remote access
solutions are still present. Often times, building management
systems such as elevators, HVAC systems and lighting control
systems have modems attached to allow vendors remote access to
administer these systems. Similarly, Storage Area Networks
(SANs), mainframes and PBX systems will often have modems
attached allowing for remote support by the vendor. Frequently,
these modems are insecurely setup when the equipment is
installed and are quickly forgotten about. A War Dialing
assessment will find these back doors into your network.
Expertise
SecureState provides the most comprehensive discovery and
penetration tests of these devices with our War Dialing service.
SecureState’s engineers are some of the top War Dialing
professionals in the country, having been quoted by publications
as well as a “white paper” published by SANS.
Did You Know?
- Legacy devices allow an attacker an avenue to
attack your systems and steal your data
- SecureState’s engineers are some of the top War
Dialing professionals in the country
- War dialing should be performed quarterly to
verify modems in the environment are securely
configured; and to detect new modems added to the
existing environment
- Attackers still use war dialing today to
compromise systems
- Many building management systems such as
elevators, HVAC and lighting systems have modems
attached which are often poorly configured
- Multi-Function Printers which contain fax modems
can be misconfigured to allow attackers to access
your internal network
- SecureState has a 90% success rate of
compromising one or more systems during the course
of a war dialing engagement
- Many Supervisory Control and Data Acquisition
(SCADA), Programmable Logic Controllers (PLC) and
Industrial Control Systems (ICS) have modems
attached. These modems, if insecure, would allow an
attacker to easily compromise critical
infrastructure components.
- Traditional phone lines are still used for SCADA
and Industrial Control Systems.
- Many organizations feel like they are secure
because they have a solid external perimeter. The
reality is the fact that unsecured modems can be
used by attackers to bypass the external perimeter
and place the attacker directly on the
organization's internal network.