Title

When a modem is installed, incoming dial-up capability to the user’s remote device (e.g., laptop, workstation, etc.) will be disabled. (Cat II impact)

Discussion

Accepting incoming dial up connection on a device not intended for dial up opens an attack surface.

Check Content

This check verifies that the remote access software is configured for dial-out only. Navigate to the Services applet in the Administrative Tools folder. Check the services listing for the Remote Access Service (or other third party remote access software service) and view the properties. Highlight the communications port and select Configure. Verify “dial-out only” is selected. If a modem is installed and enabled in the active profile, the SA should demonstrate that auto or manual answer modes are not used. Work with the SA to review the configuration of several remote access devices. On the client device, this setting is usually enabled in the specific communications software used. All communications software, regardless of function must have this capability disabled if available. Some examples are: Winfax and other fax software, PcAnywhere and other remote access software, Internet and POTS phone dialers, etc. While it is not possible to write checks for all possible applications, the reviewer should work with the SA to review the settings of all installed RAS applications. If the remote devices are not available for review, ensure the disabling of this setting is addressed in the user agreement, training materials, or site remote device configuration procedures.

Fix Text

Disable incoming dialup.

Additional Identifiers

Rule ID: SV-6796r1_rule

Vulnerability ID: V-6650

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.