A: Yes. Any method of accessing corporate resources from external sources should be tested. This could include just the known dial-in phone numbers or perhaps the entire DID block of phone numbers allotted to the client. Don't forget about the phone lines connected to your PBX!
A: Wardialing is a common term for testing connections to various computing devices over normal phone lines. Many organizations still have phone lines connected to routers, servers, PBX's, etc. for diagnostic and troubleshooting activities. If these connections are not secure they can represent a great threat to your organization.
A: Usually, one of two ways. The first method is to only dial the specific numbers that you know are connected to some form of computing device (typically excluding fax machines). The second method involves dialing a block of phone numbers. The goal of the second method is to find "hidden" dial-in access that which IT might not be aware. Blocks of phone numbers can range from several to several thousand.
|