S 5.30 Activating an existing call-back option

Initiation responsibility: IT Security Management, Administrators

Implementation responsibility: IT users, Administrator

Many modems offer an automatic call-back function. If this option is active, the modem disconnects the line immediately on receiving a call, and then calls a preset number back. This prevents unauthorised users from misusing the modem as long as they are not reachable at the preset number. Callback should be used whenever a specific communications partner needs to dial in automatically. It should be noted that automatic callback also accepts the costs of data transfer.

The required command is described in the operating instructions; AT%S is normally used. Before the call-back option is activated, the relevant subscriber number should be determined.

Some modems also allow automatic call-back to be used with a password. After establishment of a connection, the called modem prompts the calling modem for a password. The validity of this password is checked by the called modem. Every valid password is assigned a subscriber number which is called back. A list of call-back numbers can normally be stored in the local modem and used to establish connections with it from various remote points.

Note that automatic call-back is only active one side, otherwise the mechanism would generate an endless loop. Call-back should be activated on the passive side, i.e. from which data are requested or on which data are imported. A typical example involves an employee on external duty who wants to establish contact with an IT system within his organisation. This requires activation of the call-back function on the modem inside the organisation.

The preset call-back numbers must be checked and updated periodically.

A call-back can take place either by the modem or by the application. If the application used offers this option, the call back should be carried out by the application and not by the modem. If the modem causes the call-back, an attacker can attempt to call the modem when it is about to start the call-back and thus intercept the call-back. If the application causes the call-back, it is considerably more difficult for an attacker to judge the correct moment.

Additional controls:

• Has payment of costs in the callback mode been clarified?

• When were preset call numbers last checked?