Threat

1. A search for modems connected to the phone lines (war-dialling) will easily lead hackers to the computer. It will be an easy target, through which further penetration into network would be easy.


Vulnerability


2. Many rules set in the corporate firewall to protect the network from various threats are by-passed by installing a modem. Script Kiddies / Hackers may exploit this for further penetration / intrusion into the network.

3. Even if an host based firewall and Intrusion detection is installed, it cannot replace the corporate firewall. Host based intrusion detection system would be a reactive control.

Impact

4. If hackers manage to exploit the soft target and install a Root Kid it would be very difficult to trace the existence, and the damage caused would be high.

There are many instance where the hackers were able to use HTTP tunnel and deploy the malicious payload.


Solution

1. If the server connected with Modem is stand alone certain threats can be minimized.
2. The server should be hardened as specified in server hardening policy, should have latest antivirus, Desktop firewall, Host based IDS/IPS.
3. All the ports should be closed except the port required for receiving the fax.


Pl. suggest how this can be improved further