Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Containing the dial-up problem is conceptually easy: by installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall, any access to internal resources through the RAS can be filtered as would any other connection coming from the Internet.
The use of a TACACS+ Server by itself cannot eliminate hacking.
Setting a modem ring count to 5 may help in defeating war-dialing hackers who look for modem by dialing long series of numbers.
Attaching modems only to non-networked hosts is not practical and would not prevent these hosts from being hacked.
Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 2: Hackers.
Remote Access Servers (RAS) are used to enable remote users to access a network from a remote location. Dial-up access through a RAS can be a potential hacking vector, as attackers can use various techniques to exploit vulnerabilities in the RAS to gain unauthorized access to the network. To eliminate this risk, the best approach is to implement a combination of security measures.
Option A: Using a TACACS+ server can enhance security by providing centralized authentication, authorization, and accounting for remote access users. However, it alone cannot eliminate dial-up access through a RAS as a hacking vector.
Option B: Installing the RAS outside the firewall and forcing legitimate users to authenticate to the firewall can also improve security. This can prevent unauthorized access to the RAS, but it does not eliminate the risk of dial-up access through the RAS.
Option C: Setting modem ring count to at least 5 is not an effective way to eliminate dial-up access as a hacking vector. Modem ring count is a parameter that determines the number of rings a modem will wait before answering an incoming call. While increasing the ring count may reduce the number of automated dial-up attacks, it does not address other vulnerabilities in the RAS.
Option D: Attaching modems only to non-networked hosts can improve security, but it is not a practical solution for most organizations. This would require separate phone lines and modems for each host, which can be expensive and difficult to manage.
In conclusion, the best way to eliminate dial-up access through a RAS as a hacking vector is to implement a combination of security measures, including strong authentication, access control, and intrusion detection. This can be achieved through a combination of technologies, such as firewalls, VPNs, and endpoint security solutions. Additionally, regular security assessments and penetration testing can help identify and mitigate vulnerabilities in the RAS and other network infrastructure.