Securing Control Systems Modems

created by modem connections. A modems
connection to the public telephone system is similar to a corporate network
connection to the Internet. By tracing typical attack paths into the system, this
paper provides the reader with an analysis of the problem and then guides the
reader through methods to evaluate existing modem security. Following the
analysis, a series of methods for securing modems is provided. These methods
are correlated to well-known networking security methods.

iv

ACKNOWLEDGEMENT
This document was developed for the U.S. Department of Homeland
Security to provide guidance for modem security for control systems. The author
team consisted of subject matter expertise from the Idaho National Laboratory
(James Davidson & Jason Wright)
For additional information or comments, please send inquires to the Control
Systems Security Program at
cssp@hq.dhs.gov
.

v
CONTENTS
ABSTRACT.................................................................................................................................................iii

ACKNOWLEDGEMENT ........................................................................................................................... iv

ACRONYMS.............................................................................................................................................. vii

1.

INTRODUCTION.............................................................................................................................. 1

1.1

Scope........................................................................................................................................ 1

1.2

Background .............................................................................................................................. 1

2.

IP VERSUS MODEM SECURITY ................................................................................................... 3

2.1

IP-Based Cyber Attack............................................................................................................. 3

2.2

Typical PSTN Attack Path....................................................................................................... 4

3.

MODEM ASSESSMENT .................................................................................................................. 5

3.1

Identify Points of Contact ........................................................................................................ 5

3.2

Obtain Documentation ............................................................................................................. 5

3.2.1

Company Level Documents........................................................................................ 5

3.2.2

Regulatory Level Documents...................................................................................... 6

3.2.3

Equipment Level Documentation ............................................................................... 6

3.3

Tools of the Trade .................................................................................................................... 6

3.3.1

War Dialing................................................................................................................. 6

3.3.2

Modem Diagnostics .................................................................................................... 7

3.3.3

Modem Monitoring Software...................................................................................... 7

3.4

Modem Identification............................................................................................................... 7

3.4.1

Known Modems.......................................................................................................... 7

3.4.2

Modem Discovery....................................................................................................... 7

3.4.3

Finalize List ................................................................................................................ 8

3.5

Analyzing the Modem Connections......................................................................................... 8

4.

MODEM SECURITY METHODS .................................................................................................. 10

4.1

PBX System ........................................................................................................................... 10

4.1.1

Networking Equivalent ............................................................................................. 10

4.1.2

Limitations ................................................................................................................ 10

4.2

Telephony Firewalls............................................................................................................... 11

4.2.1

Networking Equivalent ............................................................................................. 12

4.2.2

Limitations ................................................................................................................ 12

4.3

Telephony Authentication...................................................................................................... 12

4.3.1

Networking Equivalent ............................................................................................. 12

4.3.2

Limitations ................................................................................................................ 12

4.4

Logging .................................................................................................................................. 13

4.4.1

Networking Equivalent ............................................................................................. 13

4.4.2

Limitations ................................................................................................................ 13

4.5

Dialup Modem Connections .................................................................................................. 14

4.5.1

Modem Power........................................................................................................... 14

vi
4.5.2

Modem Phone Line................................................................................................... 14

4.5.3

Networking Equivalent ............................................................................................. 15

4.5.4

Limitations ................................................................................................................ 15

4.6

Dial Back................................................................................................................................ 15

4.6.1

Multiple Dial Back.................................................................................................... 15

4.6.2

Networking Equivalent ............................................................................................. 15

4.6.3

Limitations ................................................................................................................ 15

4.7

Caller ID Filtering.................................................................................................................. 16

4.7.1

Networking Equivalent ............................................................................................. 16

4.7.2

Limitations ................................................................................................................ 16

4.8

Leased-Line and Dialup Modems .......................................................................................... 16

4.8.1

Authentication........................................................................................................... 16

4.8.2

Encryption................................................................................................................. 17

4.8.3

Networking Equivalent ............................................................................................. 18

4.8.4

Limitations ................................................................................................................ 18

4.9

Control System Device Security ............................................................................................ 18

4.9.1

Networking Equivalent ............................................................................................. 18

4.9.2

Limitations ................................................................................................................ 18

4.10

Modem Escape Sequence Vulnerability ................................................................................ 19

4.10.1

Modem Escape Sequence Mitigation........................................................................ 19

5.

CONCLUSION ................................................................................................................................ 20

Appendix A Resources Used in Creating this Document .......................................................................... 21

Appendix B Recommended Network Architecture ................................................................................... 25

FIGURES
Figure 1. Simplified Network Attack Path.................................................................................................... 3

Figure 2. Simplified PSTN Attack Path........................................................................................................ 4

Figure 3. Telephony firewall installation.................................................................................................... 11

Figure 4. Bum

Download

Electricity-Tool

Securing Control Systems Modems