Modem phone lines are not restricted and configured to their mission required purpose (i.e. inward/outward dial only).

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-7989	DSN18.04	SV-8475r1_rule	ECSC-1	Medium

Description
Requirement: The IAO will ensure that all modem phone lines are restricted and configured to their mission required purpose (inward dial only or outward dial only). Ubiquitous phone lines open major security holes in a network. The more tightly they can be controlled, the less the exposure to vulnerabilities. Allowing special features to remain active on modem phone lines create advantageous situations for malicious attacks. An attacker may use special features to forward modem or voice calls to destinations that cause toll-fraud, or forward the number to itself causing a denial of service. Telephone lines that provide DSN modems dial tone will be provisioned only with their required functions. Some components of the DSN “dial back” option may require two modems for proper operation. If a modem is dedicated to receive calls, it should be provisioned to not allow outbound calling. If a modem is dedicated to place calls, it should be provisioned to not accept incoming calls.

Description

Requirement: The IAO will ensure that all modem phone lines are restricted and configured to their mission required purpose (inward dial only or outward dial only). Ubiquitous phone lines open major security holes in a network. The more tightly they can be controlled, the less the exposure to vulnerabilities. Allowing special features to remain active on modem phone lines create advantageous situations for malicious attacks. An attacker may use special features to forward modem or voice calls to destinations that cause toll-fraud, or forward the number to itself causing a denial of service. Telephone lines that provide DSN modems dial tone will be provisioned only with their required functions. Some components of the DSN “dial back” option may require two modems for proper operation. If a modem is dedicated to receive calls, it should be provisioned to not allow outbound calling. If a modem is dedicated to place calls, it should be provisioned to not accept incoming calls.

STIG	Date
Defense Switched Network STIG	2015-01-02

Details

Check Text ( C-7373r1_chk )
Have the IAO or SA demonstrate compliance with the requirement; minimally on a sampling of the related or effected devices. Inspect configuration files as applicable.

Fix Text (F-7564r1_fix)
Ensure that all modem lines are restricted to single line operation and configured to their mission required purpose (inward or outward dial only), without any special features (i.e. call forwarding). DSN System Administrators will ensure that the modems phone line will be disconnected until needed. Site personnel should restrict the functions of all phone lines that provide dial tone to the DSN modems based upon the needs of the modems function.

Fix Text (F-7564r1_fix)

Ensure that all modem lines are restricted to single line operation and configured to their mission required purpose (inward or outward dial only), without any special features (i.e. call forwarding). DSN System Administrators will ensure that the modems phone line will be disconnected until needed. Site personnel should restrict the functions of all phone lines that provide dial tone to the DSN modems based upon the needs of the modems function.