Sword & Shield performs a sweep of the telephone address space to detect unauthorized modems and authorized but insecure modems. We can perform a phone sweep as a stand-alone service, or as part of another service, such as an external network vulnerability/penetration test.
Our Phone Sweep Approach
Sword & Shield security engineers will consult with you to understand the telephone number scheme, acceptable use policies associated with modems, and any known modems in existence within the environment. Once we have this information, we will conduct a sweep of the telephone address space to detect unauthorized modems and authorized but insecure modems. The test will reveal whether telephone devices are being used to gain backdoor access to IT resources. Sword & Shield can perform this service remotely from its test center. The end result is a detailed, actionable report that will list all of our findings and the steps we recommend to reduce your risk.
Questions Our Report Will Answer
- Has someone attached an unauthorized modem to your network?
- Are your authorized modems susceptible to a break-in with a war dialer?
- Do your authorized modems display login banners that identify the system?
- Do your authorized modems still have default manufacturer passwords?
- Is there unknown or open access to a legacy system?
- Are you at risk by not conducting regular audits across your organization?
Real Success Story
While conducting a telecommunications sweep for a small bank, Sword & Shield analysts identified a modem which provided access to the unprotected administrative console of the bank’s VOIP gateway. Once connected, the Sword & Shield team had the ability to make arbitrary configuration changes. Per conversations with the bank’s IT staff, the modem was used by a third party that managed its VOIP system.
Based on Sword & Shield’s findings, the bank implemented a policy which required the modem to be disabled and only re-enabled when access is required by the third party who manages it (i.e., upgrades, patches, and authorized configuration changes). The bank also instituted a configuration change that required the third party to authenticate to the administrative console prior to making any changes. Sword & Shield’s phone sweep assisted in identifying a serious vulnerability that could have put the bank’s telecommunications infrastructure in jeopardy.
Find Out More
Sword & Shield has been outsmarting cyber-criminals and improving security for enterprises around the world since 1997. Fill out our Consultation Request form or call us so we can begin securing your future.
U.S. Toll-free: 800-810-1885