Analog Modem Security and Requests
This Practice Directive provides guidance for requesting an analog line for modem connections to a computer.
Purpose and Scope
This Practice Directive is applicable to all SF State departments and operational units operating network devices, production servers, academic systems, and academic servers. This document describes San Francisco State University's Practice Directives for analog lines connecting modems to computers.
Computer-to-Analog Line (Modem) Connections
Remote access should occur via secure and approved methods such as VPN rather than via modems wherever possible. Therefore, effective August 1, 2010:
- New requests for computers or other intelligent devices to be connected with analog or ISDN lines from within San Francisco State University will require review by the Division of Information Technology (DoIT) Networking and Information Security before the line is granted.
- Waivers to the Practice Directive above will be granted on a case by case basis only.
- Replacement lines, such as those requested because of a move, fall under the category of "new" lines and will require re-review and justification by the requesting department/unit.
- All modem connections must require strong passwords consistent with San Francisco State's existing Password Practice Directive.
- Analog lines approved for other purposes cannot be connected to computers
- Where university-owned systems are authorized for use at an employee's home, such systems are not to be connected to analog lines without access control and passwords configured to prevent inbound calls.
Requesting an analog line for modem connections to a computer:
Requests for a modem line must be sent to email@example.com.
The individual requesting an analog line for a modem connection must provide the following information to DoIT:
- a clearly detailed business case of why other secure connection options such as VPN cannot be used,
- the business purpose for which the analog line is to be used,
- the software and hardware to be connected to the line and used across the line, and
- to what external connections the requester is seeking access.
In addition, the requester must be prepared to answer the following supplemental questions related to the security profile of the request:
- Will the machines that are using the analog lines be physically disconnected from SF State's internal network?
- Where will the analog line be placed? A cubicle or lab?
- Is dial-in from outside of San Francisco State University needed?
- What other means will be used to secure the line from unauthorized use?
- Is this a replacement line from an old location? What was the purpose of the original line?