Security using Caller Line Identification
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Security using Caller Line Identification

  1. #1
    Junior Member
    Join Date
    Jun 2003
    Posts
    4

    Security using Caller Line Identification

    Hiya all.

    First post, so I hope you can help.

    I'm setting up a secure server that is not going to be connected to the net but will be accessed by individual modem dial up.
    Is there a program out there that will allow access to shared folders only if it recognises the number that the person is calling from? That's on top of password checks etc.

    Thanks in advance.

    Colin
    \"Multiple exclamation marks are the sign of a diseased mind\"
    Terry Pratchett

  2. #2
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    hmm not aware of one

    Not aware of any that are available, I guess you could write something in VB though. Why don't you have the RAS call you back. That is an option built into windows and you can add your number to the call back authentication, then use windows security to lock down the folder in question.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  3. #3
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    Sounds like you just want a RAS server whether that be Windows NT4 or 2000 etc, what OS are you using ? in 2000 it is RADIUS.

    With RAS you just specify the call back option which also limits costs to the user and is incurred by the company.

    You can specifya specific number to dial back not a problem.
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    A bit of advice.

    Do not use shared folders from a dial-up connection....far too risky in my opinion. You may want to take a look at some time of VPN solution.

    Having a dial-up connection to a server is a bad idea in the first place.

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,884
    I agree with iNViCTuS,

    RAS servers have posed security issues through both war dialing and misconfiguration (to name just two). Also, data traversing the internet should be encypted so a VPN solution would be *much* more appropriate for business use.

    I'm not sure what kind of money you have but for a few grand, these guys have a rock solid solution for VPN: www.v-one.com

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Use PCAnywhere for this..... It has a function that tells the host that if someone authenticates to the software then it is to hang up and dial the user back, (you tell it what number to dial). Thus, while invictus is correct that dial in to a server is not optimal at least the intruder will be disconnected and the phone will ring at your house......
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Junior Member
    Join Date
    Jul 2002
    Posts
    18
    I remembered to saw a long time ago a piece of software that can recognized the phone number. But I don't remember the name anymore (I used to be in ISP business more then 7 years ago). Do some Google research, you never know what on can find ;-)

    BTW the callback function has some limitation. I saw lot of case where people use call forwarding (on cellphone most of the time) to bypass the callback function, or more exactly route the call where they want. This can also be use by a malicious user. This is a very complicated attack, but I can happen if the value of the data is high.

  8. #8
    Member
    Join Date
    Feb 2003
    Posts
    35
    Originally posted here by thehorse13
    I agree with iNViCTuS,

    RAS servers have posed security issues through both war dialing and misconfiguration (to name just two). Also, data traversing the internet should be encypted so a VPN solution would be *much* more appropriate for business use.

    I'm not sure what kind of money you have but for a few grand, these guys have a rock solid solution for VPN: www.v-one.com

    --TH13
    I would not be that reluctant to set up a RAS server. It does sound like what you are looking for, and as far as I remember, you can encrypt the traffic between the two end points. RAS can be insecure, but so can everything else. The point is to know exactly what you are doing before implementing your server. If you are a fairly security consciuos person and do all the necessary homework before rolling out a RAS server, you should have some success.

  9. #9
    Junior Member
    Join Date
    Jun 2003
    Posts
    4

    Unhappy

    OK, now I'll show that I'm a newbie. Can someone direct me to some info on RAS servers?

    I've had a look at pcanywhere and it looks like it'll do the job but the MD is very keen on dialup so that the server is completely separate from the net.

    BTW I use programs at Orange that have CLI, that's what sparked the thought. And if they can do it, anyone can!

    \"Multiple exclamation marks are the sign of a diseased mind\"
    Terry Pratchett

  10. #10
    Member
    Join Date
    Feb 2003
    Posts
    35
    RAS is M$'s Remote Access Server. It's built into Win2k Server. Most books that cover Win2k Server administration usually have a chapter or two on RAS.

    Now when you say that this is not going to be connected to the net, do you mean the internet or your network? Is this going to be a way for your users to dial into your netowrk and access their folders, or is it going to be a stand alone box that serves a group of files to remote users?

    If you're looking to impliment dial-up access for your network (and you have a Win2k domain) I would suggest RAS over PC anywhere. If this is a stand alone situation, then something like PC anywhere should do the trick.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •