As an organization grows, too often it finds that the user community
installs unauthorized modems. Some modems may allow unauthorized
access to computer systems on the internal network. A Telecommunications
Audit by ESTec is a thorough search, for the purpose of identifying
all modems, authorized or not, that are connected to the internal
Customer: A Multi-State American Bank
Services: Telecommunications Audit
Problem: As part of a comprehensive security audit, we performed
a telecommunications audit for the bank's phone systems in 12 states.
Solution: An ESTec consultant identified all of the phone numbers
the bank was paying for. Using a Telecommunications Audit tool,
a telecommunications sweep of these phone numbers took place over
several days during off-business hours. Numerous unauthorized modems
were discovered including one connected to the wire transfer room
computer. Several of the modems allowed anonymous connections that
granted access to the internal network.
Results: All modem connections were replaced with a modem pool allowing
access through a firewall. The firewall required token-based authentication
before granting access to the internal network, and access was limited
to the systems required by each authenticated user. The bank reduced
the number of phone lines needed to service the dial-in and dial-out
users, saving enough in the first year to justify the Telecommunications
Audit and the cost of installing the modem pool.