S 5.30 Activating an existing call-back option
Initiation responsibility: IT Security Officer, Administrator
Implementation responsibility: User, Administrator
Many modems offer an automatic callback function. If this option is active, the modem disconnects the line immediately on receiving a call, and then calls a preset number back. This prevents unauthorised users from misusing the modem as long as they are not reachable at the preset number. Callback should be used whenever a specific communications partner needs to dial in automatically. It should be noted that automatic callback also accepts the costs of data transfer.
The required command is described in the operating instructions; AT%S is normally used. Before the callback option is activated, the relevant subscriber number should be determined.
Some modems also allow automatic callback to be used with a password. After establishment of a connection, the called modem prompts the calling modem for a password. The validity of this password is checked by the called modem. Every valid password is assigned a subscriber number which is called back. A list of call-back numbers can normally be stored in the local modem and used to establish connections with it from various remote points.
It must be ensured that automatic callback is only active on one side; otherwise the mechanism would generate an endless loop. Callback should be activated on the passive side, i.e. from which data are requested or on which data are imported. A typical example involves an employee on external duty who wants to establish contact with an IT system within his/her organisation. This requires activation of the callback function on the modem inside the organisation.
The preset callback numbers must be checked and updated periodically.
A callback can be triggered either by the modem or by the application. If the application used offers this option, the callback should be triggered by the application and not by the modem. If the modem triggers the callback, an attacker can attempt to call the modem when it is about to start the callback and thus intercept the callback. If the application triggers the callback, it is considerably more difficult for an attacker to judge the correct moment.