Dial-in modem IDS and introduction

[justin.lister () csfb com (Lister, Justin)]

Message-ID: <3847FDBF.F8BA4B4C () appsig com>
Date: Fri, 03 Dec 1999 09:28:31 -0800
From: "JOE MITCHELL" <jbm () appsig com>
Organization: Applied Signal Technology
X-Mailer: Mozilla 4.5 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: ids () uow edu au
Subject: Dial-in modem IDS and introduction
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hello fellow IDS subscribers:
The intro material asked me to introduce myself to the group.  My name
is Joe Mitchell. I am an Engineering Specialist at Applied Signal
Technology.  Solving the dial-in problem is my prime interest in IDS.

My first questions to the group are:
Have you been hacked through dial-in modems?
Do you know where the dial-in modems within your organization are
located?
What is your interest in monitoring dial-in modems similar in a manner
similar to monitoring your network?
Is this a big problem, or no problem at all?

Security conferences I have attended seem to repeat the three ways into
a system: internet, dial-in and insider.  Then, the rest of the
conference is spent solely on internet attacks and detection.  We have
solved the dial-in issue by reassembling modem sessions.  Our next step
is
integrating this system with a network IDS.

We have developed a passive, non-intrusive dial-in detection and
prevention
tool.  The tool watches all phone lines coming into an area you want to
protect, detects modem activity, and reassembles the modem session to
either the IP or application layer (user choice). Unwanted users can be
prevented from making dial in connections into, or out of, the
enterprise. In simplistic terms, this can be equated to a network IDS.
We call it Telecommunication IDS.

This tool is operates on inbound and outbound trunks (such as single of
multiple T1's or Primary Rate ISDN) to the telephone switch.

Unlike a 'wardialer' that checks the system periodically, the TIDS is on

24x7 and detects all modem activity.  This helps with the insider
problem.  If someone has the auto answer turned off on their computer
modem,  and is periodically sending data out of the enterprise, a
wardialer will not detect this. TIDS will.

My interest is your level of interest.  Today TIDS is used by a private
customer. We are exploring the possiblity of taking TIDS public.  Before

we go down that path, I wanted to get input from the experts in the
field.

I want to open the discussion on the dial-in modem problem. I hope this
does not sound like a product pitch.  I needed to share how we have
approached the problem to make a meaningful contribution to the group.

Thanks in advance for your feedback.

Joe Mitchell
Engineering Specialist
Applied Signal Technology

jbm () appsig com
408 522-3383
END

This message is for the named person's use only.  It may contain
confidential, proprietary or legally privileged information.  No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and all
copies of it from your system, destroy any hard copies of it and notify the
sender.  You must not, directly or indirectly, use, disclose, distribute, 
print, or copy any part of this message if you are not the intended 
recipient. CREDIT SUISSE GROUP, CREDIT SUISSE FIRST BOSTON, and each of
their subsidiaries each reserve  the right to monitor all e-mail 
communications through its networks.  Any views expressed in this message
are those of the individual sender, except where the message states 
otherwise and the sender is authorised to state them to be the views of 
any such entity.
.