- Determining vulnerabilities in the Organization’s phone system;
- Identifying rogue modems, PBXs, and other devices;
- Reducing the risk posed by phone systems; and,
- Finding vulnerabilities not often covered in traditional information security programs.
Our war dialing process consists of dialing each target provided, determining the device type (i.e., voice, fax, modem, etc.), and (if applicable) performing the one or more of the following four steps:
- Scan for Default Accounts – Look for accounts that were shipped with the device, and where passwords were not changed.
- Scan for Easily-Guessed Passwords – Attempt to authenticate to a device using simple well-known passwords that are commonly used.
- Review Device and OS Patching – Determine if any known vulnerabilities exist in devices that haven’t been fully patched.
- Test Dial-in Authentication – Attempt remote/dial-in authentication, and determine password strength and lockout policies.