War Dialing

TeleDesign Security Services tests your telecommunications and data network by identifying existing modems and their potential vulnerabilities

What is War Dialing?

Hackers have thousands of different ways to access or exploit computing environments. One of these many avenues of trespass that TeleDesign Security focuses on is remote access via dial-up, better known in the hacking community as War Dialing.

War Dialing is like a port scanner for telephones. Numbers are dialed systematically and the answering tones are assessed. Just as with a port scanner, available War Dialing products only look for resources that they have been programmed to recognize. These products are useful for generating a coarse level understanding of your telephony-based resources. Automated products can suffer from both false positives (they categorize a resource incorrectly) as well as false negatives (they categorize a number as having no exploitable resource when, in fact, they were just unable to negotiate correctly in the time allotted). A loophole lets them in.

Understanding the Need for War Dialing

While dial-based exposures were the original hackers’ entry points, in recent years IT managers have focused assessment monies on Internet-based vulnerabilities, largely ignoring those associated with their telephone systems. But these phone-based vulnerabilities represent the easy way into many network environments. The best firewall cannot protect against rogue modems operating on critical servers or user desktops.

Based on performing dial assessments over many years, our TeleDesign Security Consultants usually find some type of carrier tone on 3 percent to 5 percent of the numbers dialed. We are usually able to obtain an interactive session on at least 10 percent of those targets. In large organizations, that can mean a significant number of easily exploitable vulnerabilities. For example, in a sample size of 100,000 phone numbers (just 10 local exchange ranges) that would mean about 3,000 to 5,000 numbers have carrier tone and at least 300 to 500 resources can be exploited in some way.

War Dialing a Requirement?

Having an independent accounting firm perform a thorough audit of your organization’s financial records is customary; in fact, for a publicly held company, it’s required. In today’s connected society, it's equally important to conduct independent testing to assure that your organization's security policies adequately cover your assets and are correctly implemented in your security systems. A penetration test or security audit provides an assessment of the vulnerabilities in your security. Moreover, a well-conducted penetration test, performed by a competent organization, will help you determine whether your operational practices, equipment, and policies are up to the task.

Why a Third-Party Consultant?

Anyone can scan your network perimeter and probe your services – now, isn’t that one of the problems? So why pay an outsider to do it? Here's why: a War Dialing consultant or organization (the “auditor”) employs staff trained in anti-hacking, and provides comprehensive reports and recommendations to help you improve your security measures. They use a well-conceived test plan that can be repeated (a) to verify that corrective measures you take following an initial "base-line" report are properly implemented, and (b) to distinguish between new vulnerabilities versus deviations from the baseline that are legitimate policy changes.

Understanding the Telecom Infrastructure when Dealing with War Dialing

Perhaps more surprisingly, we, at TeleDesign Security, often find that organizations do not have an accurate understanding of their telephone infrastructure. It is not uncommon for organizations not to know how many direct inward dial numbers (DID) they have or the ranges of telephone numbers they control. We regularly find that organizations mistakenly believe they control phone numbers that belong to others, and conversely, we find many telephone numbers thought to be active that are not.

In many cases, establishing a modem connection to an inside computer bypasses most (if not all) of the security measures that have been put in place to protect the organization. Only in rare instances do we find intrusion detection coverage of dial-in access ports. Compounding the problem, we often find that the authentication and authorization barriers that might have prevented access are ineffective because defaults configurations have been left in place.

The combination of loosely controlled telephone infrastructures (compared to a typical Internet perimeter) and the ubiquity of modems, means that it is prudent to understand and manage your telephone-based vulnerabilities. The place to start is with a careful inventory of your DID/Analog lines. This will enable you to focus your efforts on the small percentage of telephone numbers that connect to vulnerable resources.

Deliverable Expectations

War dialing is generally accomplished in three phases:

• Carrier Scanning
• Banner logging and identification
• System identification

At the conclusion of the project, TeleDesign Security will present all identified vulnerabilities and risks in a final report.

Each vulnerability or risk identified will be categorized as high, medium, or low, as follows:

• High Risks: Are the most critical issues, posing an immediate danger to the security of the network and connected systems/hosts, and should be addressed first.
  
  
• Medium Risks: Are issues that should be addressed in a timely manner.
  
  
• Low Risks: Should be noted and implemented at a later date, but do not pose a significant threat to the network and connected systems/hosts.
  Conclusion

Telephone exploitable vulnerabilities are a latent and ongoing problem for most organizations. Forward-looking entities recognize the problem and have integrated telephone infrastructure testing in their overall security programs. At TeleDesign Security, our expert Senior Security Consultants Conduct a dial inventory, which takes some time and a degree of skill. The results, however, offer a substantial benefit by dramatically and inexpensively eliminating major (unmonitored) vulnerabilities.

With the results of our War Dialing project and recommendations, you can optimize your company’s security stance and be confident that your network will resist malicious intrusions. We don’t just identify problems—we help define a solution balanced around your business objectives.