Dial-up access (via modem or ISDN) is a common security exposure
- When you are on-line, you are as much on the Internet as any other Internet host
- Many business users will maintain a dial-up connection for many hours at a time
- Modems in auto-answer mode potentially allow an attacker to get into a business system and then access the corporate network
Let's start with analog or ISDN dial-up connections. Most people don't think that a computer with dial-up access has much security risk on the Internet because they're not on for that long a period of time. This is particularly true in those parts of the country where local calls are billed per-minute; in Vermont, for example, local access is billed at 2.2¢ per minute. But many telecommuters get on the Internet in the morning and stay on the line for hours at a time just to assure that they have a connection.
But regardless of the duration of the call, the point is that while you are connected to the Internet, your computer has an IP address and, therefore, has as much exposure to attackers and other bad people as any other host on the Internet. If a hacker is trolling for addresses and finds your's, a security exposure can still be exploited even if you're only on for a few minutes -- if it's the wrong few minutes!!
ISDN provides some protection if you drop the call during idle periods. The protection comes from the fact that an attacker can not initiate a connection back to your server if the ISDN connection isn't present. Of course, as soon as you're back on line, you're exposed again and many ISDN-connected customers have a permanently-assigned, static IP address.
Another exposure are environments where a PC has an auto-answer modem. In these cases, an attacker can make a connection to an unattended PC and access files on that machine or on other systems on the local network. Attackers might also be able to access a corporate network if the PC also has a dedicated network connection.