I agree that putting this behind a firewall is the best solution, but we don't want the cost and since it's embedded, there is no user to say "yes" or "no" to settings, Zone Alarm and BlackICE are not good solutions. My customers don't want to (don't need to) pay for something they don't need. The firewall is extra expense, we're only communicating between us and it on specific ports (1000 - 5000). A firewall is just out of the question.
However, we have seen in the Advanced properties that you can allow specific ports. We've done this, but it only seems to work on the NIC, the MODEM isn't listed on the devices. Seems odd.
Anyway, the best solution is something I can't do. Any suggestions?