Path: utzoo!attcan!uunet!ns-mx!iowasp.physics.uiowa.edu!maverick.ksu.ksu.edu!rutgers!usc!sdd.hp.com!hplabs!hpcc01!hpcuhb!hpda!hpcupt1!swh From: swh@hpcupt1.HP.COM (Steve Harrold) Newsgroups: comp.sys.ibm.pc.misc Subject: Re: Dial-in security Message-ID: <51100001@hpcupt1.HP.COM> Date: 17 Jul 90 16:36:52 GMT References: Organization: Hewlett Packard, Cupertino Lines: 16 The poster asks about securing phone numbers and passwords on a distribution (bootable) diskette. It seems to me that this is ultimately a hopeless task. Whether or not the data is encrypted, it will eventually appear as clear text at the COM1 port, and thus can be eavesdropped by a capable "cracker". A better solution would be the use of a call-back system, whereby the user dials the target computer, enters a password, and then hangs up. If the caller is successfully authenticated, the computer will dial the caller back at a pre-arranged phone number. Even if the dial-in phone number and/or password is breached, the "cracker" would still have to be physically located at the pre-arranged call-back phone. This obviously costs more than a mere dial-in facility, but the poster did say that his client was "security conscious".