Information, Computer and Network Security Terms Glossary and
Dictionary
Broadband Access Security: Cable Access and xDSL Lines
Cable and xDSL access are becoming the main means for the broadband data access from homes and SOHOs. However, the "Always-on" high-speed services like DSL and cable make a prime target for network attack. The following are the main security risks associated with the broadband access technologies:
Static IP Address: Traditional dial up Internet connections get dynamically assigned each user a different IP address for each session by the ISP. As such, it's difficult for a hacker to target a specific user. With most always-on broadband connections, however, you are assigned a static IP address-your system always has the same address. Your PC essentially becomes an Internet node, and is perpetually open to attack. While it's rare for hackers to attack individual users, you should take extra care and exercise due diligence if your system houses sensitive or valuable information, such as credit card numbers, banking records, social security numbers, or valuable work related material. You're also asking for trouble if you frequent chat rooms, where your IP address is often visible to all, and where hackers and malcontents frequently choose their targets. If a SOHO (Small Office/Home Office) connects a LAN to a broadband connection, all of the LAN-connected PCs could be compromised.
Firewalls and Network Address Translation (NAT) devices can be used to mitigate this risk. A firewall is simply a filter that allows certain types of packets, or message fragments, to enter and exit a network, while rejecting others. Network firewalls can have complex rule sets that determine which packets are accepted and which are rejected. NAT translates your external public IP (assigned by your ISP) into multiple internal private IPs. This allows each computer system to be on an internal network with a private IP address space that is not accessible from outside of the network. In today's market, many cable and xDSL modems are integrated with some basic firewall and NAT functionalities.
Shared cable modem connection : Cable networks are shared among numerous subscribers in a given neighborhood. As a result, your neighbors could potentially place a sniffer on the network to monitor your transmissions. Since the neighborhood is essentially a LAN, a neighbor could exploit your file and print sharing permissions to take control of your PC.
The latest version of DOCSIS (Data Over Cable Service Interface Specification) addresses the shared network problem. Particularly, it provides a modicum of both network and system security. DOCSIS compliant modems encrypt traffic from the providers' communication centers and neighborhood hubs to the end user's PC. This encryption does not carry over to the Internet backbone for end-to-end communications that leave the cable provider's network. Higher level protocols, such as IPsec, PGP and SSL are required to encrypt such communications.
Virus/Spyware/Trojan Horses: For an ¡°Always-On¡± computer on the Internet, it always opens for all those malicious codes, which may coming from anywhere: emails, web visits, instand messages. It is extremely important to install a good Anti-virus/spyware software to guard your system constantly.
Related Terms
DOCSIS, Cable Modem, Firewall, Network Address Translation, xDSL
Reference Links
http://csrc.nist.gov/publications/nistpubs/800-46/sp800-46.pdf: Security for Telecommuting and Broadband Communications |
