Chapter 9. Security

Table of Contents
9.1. Use good passwords
9.2. Obey Data Terminal Ready and Data Carrier Detect
9.3. Use or configure a dumb modem
9.4. Restrict console messages
9.4.1. Restrict console messages from the system log
9.4.2. Restrict broadcast messages to the console
9.5. Modem features to restrict usage
9.6. BIOS features
9.7. Use a boot loader password
9.8. Non-interactive boot sequence
9.9. Magic SysRq key
9.10. Adjust behaviour of Ctrl-Alt-Delete
9.11. Log attempted access
9.12. Countering interception of telephony links

Using a serial console with a modem gives anyone the opportunity to connect to the console port. This connection is not mediated by firewalls or intrusion detection sniffers. It is important to prevent the misuse of the serial console by unauthorized people.

The resurgence of the BBS-era technique of "war dialling" is described in @Stake's Wardialling Brief and reported upon by The Register, see an extract in Figure 9-1.

Figure 9-1. Extract from Crackers favour war dialling and weak passwords

With all the talk about zero day exploits and sometimes esoteric vulnerabilities its easy to lose sight of the role of older, less sophisticated techniques as a mainstay of cracker activity.

During a hacking debate at InfoSecurity Europe yesterday [2002-04-25], black hat hacker KP said that when he broke into a network he did so 90 per cent of the time through an unprotected modem, often through war dialling.

War dialling involves systematically trying to locate the numbers associated with corporate modems through testing each extension of a corporate phone system in turn.

"Intrusion detection systems are no real deterrent for me because I get in through the back door," he said. "Many networks are constructed like Baked Alaska — crunchy on the outside and soft in the middle."

KP often takes advantage of weak or default passwords to break into networks…

Crackers favour war dialling and weak passwords
John Leyden, The Register, 2002-04-26.