Ethical Hacking:
War Dialing
BT War Dialing services identify unauthorized modems that endanger the corporate infrastructure. Traditionally, War Dialing, also called modem scanning, is time-consuming, labor-intensive and expensive. However, the BT war-dialer suite uses advanced techniques and tone/carrier recognition software to complete in 10 days what conventional war dialers would require over a month to do.
BT utilizes a two-phased approach for its War Dialing engagements: modem identification and vulnerability exploitation. First, BT will find unauthorized modems that provide access to your network. Then BT will attempt to access your network by taking advantage of weaknesses in security.
During the modem identification phase of the engagement, the war dialer will do two sweeps within a range of predetermined numbers to search for modems. Two sweeps will be done. The first will be done during normal business hours. The second sweep, completed after hours, commonly uncovers modems that employees use to access their work from home.
A log that includes the number called, the date, the time, and the call results will be maintained for each number dialed. For each modem found, we will work to ascertain the communications software or host operating system. The team will develop a log of all systems we believe to be potential penetration targets.
During the vulnerability exploitation phase of the engagement, our team will attempt to break into modem-connected hosts and analyze information obtained to establish a customized attack scenario for each device. The techniques used to establish access will vary according to the configuration and location of the systems attached to the modems.
Before the project begins we will work with you to develop boundaries for actions and events that our team can perform during the vulnerability assessment. Any High-Risk vulnerabilities/risks identified during the assessment will be immediately communicated to you. At the end of the assessment, BT will provide a formal report that lists:
- All identified weaknesses and vulnerabilities
- An analysis of the associated risks and recommendations for remediation
- A list of all numbers dialed
- The suspected system type for all carriers
|
privacy policy 
