Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!unixhub!linac!att!news.cs.indiana.edu!maytag!xenitec!zswamp!root From: root@zswamp.fidonet.org (Geoffrey Welsh) Newsgroups: comp.dcom.modems Subject: What do you think about security functions in modems? Message-ID: <7126.27F41B8A@zswamp.fidonet.org> Date: 29 Mar 91 17:39:16 GMT Organization: Izot's Swamp BBS - Kitchener, Ontario Lines: 69 >From: tnixon@hayes.uucp >[...] commonly-used techniques such as call-back security >(within a modem; I, for example, think it is more effective >when controlled by an external device so that incoming and >outgoing calls are on different lines), Given current technology (i.e. that it is possible to intercept outgoing calls on that same line and simulate an outbound connect), you're right... but this applies to big companies which can afford racks of modems and hunt groups. Let's not forget that I, typical of many manufacturers' end users, have only one modem and one line for it. Many of my fellow BBS operators have a callback validation system which is used only once, to verify the phone number given. Naturally, the database to be used (the user file) for duplicate number searching, prank filtering, and general logins (if callback security were to be enabled) would be beyond the capability of inexpensive modems... what would it add to the cost of a modem if it had to store 100 to 1,000 names & numbers, as well as be programmable to recognize the local police emergency, pizza order, and suicide crisis phone numbers? This should be left to the host system! The modem is a data link tool. Its job is to interface a computer to a set of phone lines, be they public switched or private leased. Manufacturers should concern themselves with the quality and features of that interface, not with assuming roles beyond it. For instance, it would be a great help to public access system operators if modems would be taught to recognize ANI and/or caller-ID; I'd *love* to see my Smartmodem 2400 announce proudly, "RING FROM 658-0311"! >encryption (built into the modem, like data compression), This is a less clear-cut issue; I suppose that there is a market for modems which could be programmed to scramble the data internally. I would suggest keeping this feature separate (an optional daughtercard?) for the more security-conscious customers. Then again, really security-conscious types would use scrambling in their in-house software over leased lines, wouldn't you think? >I'm also interested in your opinion on whether new techniques >such as modem-based decoding of caller-ID information would be >useful. I think I've already touched on that one; please do pursue this! >There are currently no US or CCITT standards regarding these >functions (in modems), Do you mean that there are standards suggesting how modems should convey this information to their hosts, or that the FSK codes for the caller's number have been standardized? I'd be surprised at the former, disappointed if the latter were not the case. What's Bellcore been up to for the past decade, aside of assigning south-central Ontario the area code that used to be for Mexico City?!? -- UUCP: watmath!xenitec!zswamp!root | 602-66 Mooregate Crescent Internet: root@zswamp.fidonet.org | Kitchener, Ontario FidoNet: SYSOP, 1:221/171 | N2M 5E6 CANADA Data: (519) 742-8939 | (519) 741-9553 The mile is traversed not by a single leap, but by a procession of coherent steps; those who insist on making the trip in a single element will be failing long after you and I have discovered new worlds. - me