Remote Serial Console HOWTO
Prev	Chapter 9. Security	Next

9.5. Modem features to restrict usage

Most modems support the addition of a password. This is not particularly useful as it has the same strengths and weaknesses of all other password authentication schemes. We already have password authentication in the BIOS, in the boot loader and in login.

Many modems support call-back. The modem is called and a few seconds after hang-up it calls a pre-configured number. This limits the locations that can gain access to the console.

Many modems support checking the calling line identification (CLI) against a predefined list. If the calling number is not on the list then the call is cleared. The phone line to the modem must be configured to send CLI, this may incur an additional charge from the phone company. Not all calling phones can send CLI and some valid callers may have asked their phone company to suppress the sending of CLI.

Many modems can be configured to log the calling line identification. This is useful when tracing misuse.

Many modems support encryption. Some modems allow multiple keys. This gives a neat solution: only authorized modems can dial in, but they can do so from any location. The modems usually need to be of the same make, and perhaps of the same model.

Warning

Encryption dual-use technology

Possessing, using, buying, selling, importing or exporting modems with encryption features is a serious criminal offense in some countries.

You must acquiant yourself with the laws in your jurisdiction and the laws of jurisdictions you may travel through.

Many telephone services or PBX lines can be set to allow only incoming calls. This is useful as it prevents misuse of the modem should the computer be compromised. A ‘demon dialler’ can call many numbers seeking an answering modem and the cost of these calls can be significant.

Prev	Home	Next
Restrict console messages	Up	BIOS features