A useful feature for authorized users is to have remote access to
the systems when these users are not on site. A dial-in
capability allows them to access systems from locations where
Internet access is not available. However as discussed in
section 
, dial-in capabilities add another avenue for
intruder access.
Authorized users may also wish to have a dial-out capability to access those systems that cannot be reached through the Internet. These users need to recognize the vulnerabilities they may be creating if they are careless with modem access. A dial-out capability may easily become a dial-in capability if proper precautions are not taken.
The dial-in and dial-out capabilities should be considered in the design of the firewall and incorporated into it. Forcing outside users to go through the advanced authentication of the firewall should be strongly reflected in policy. Policy can also prohibit the use of unauthorized modems attached to host systems and personal computers at the site if the modem capability is offered through the firewall. A strong policy and effective modem service may limit the number of unauthorized modems throughout the site, thus limiting this dangerous vulnerability as well.