Systems Security Certified Practitioner – SSCP – Question0876

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?

A.
Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses

Correct Answer: B

Explanation:

Knowlege of modem numbers is a poor access control method as an attacker can discover modem numbers by dialing all numbers in a range. Requiring user authentication before remote access is granted will help in avoiding unauthorized access over a modem line.
“Monitoring and auditing for such activity” is incorrect. While monitoring and auditing can assist in detecting a wardialing attack, they do not defend against a successful wardialing attack.
“Making sure that only necessary phone numbers are made public” is incorrect. Since a wardialing attack blindly calls all numbers in a range, whether certain numbers in the range are public or not is irrelevant.
“Using completely different numbers for voice and data accesses” is incorrect. Using different number ranges for voice and data access might help prevent an attacker from stumbling across the data lines while wardialing the public voice number range but this is not an adequate countermeaure.
References: CBK, p. 214 AIO3, p. 534-535