I recently re-watched War Games, the 1983 movie staring Matthew Broderick and Ally Sheedy. If you haven’t seen it, stop. Go watch it. We’ll play a game of chess while we wait for you.
One of the great things about War Games is that it shows a fairly realistic depiction of a hack. At the beginning of the movie, we see David Lightman use a Wardialer to find phone numbers connected to modems. It turns out NORAD had left a phone line exposed to the outside and that allowed David Lightman to access the WOPR. Later on in the movie, one of the Sys Admins at NORAD said, “The phone company screwed up! They exposed a phone line.” This leads us to our first lesson.
LESSON 1: Do you understand your perimeter?
In the movie, NORAD should have been scanning their external resources so they would know what was exposed. They would also be able to detect any changes. As security professionals and sys admins, we need to be doing the same.
=== WARNING ===
Before doing anything below, make sure you have written permission. Scanning computer systems without permission can get you fired or worse.
First, how many modems are in use in your environment? You can use a program like THC Scan to proactively scan your environment so you know how many modems are in use. Many older devices use modems as out-of-band management (switches, disk arrays, sometimes even servers). Knowing where those are is the first step to managing them.
Second, what ports and services are accessible on your external IP addresses? Good old NMAP can help here. Once you finish the NMAP scan, take it to your firewall team and see if reality matches their documentation.
Third, how many wireless access points are running in your office? Are they authorized or rogue? There are a lot of tools for performing basic wireless auditing. Kismet and Netstumbler are popular (and free!). Or just download WiFiFoFum for your Android or WiFi Scanner for iPhone. If your company has a policy against rogue WAPs, you can start the process of getting those removed.