15.1 General Security Issues for Broadband Services

Several issues exist for all mass-deployed broadband services:

• Services are always connected.

• Users can be naive.

• Networks in homes and businesses are becoming increasingly complex.

• Broadband users have more complex interactions with the networks of others.

15.1.1 Problems Raised by an Always-connected Service

Unlike dial-up connections to the Internet, DSL connections are likely to be always connected to the wide area resource. This opens the user from the home or small business to a number of attacks that are less likely in the traditional environment of intermittent connections.

In a dial-up environment, the IP address of the user's system is not static, as it is typically assigned anew from a pool of available addresses owned by the ISP each time the user establishes a connection. Therefore, there is no permanent relationship between a dial-up user and a particular IP address. This provides a certain level of security for the user. In this transient environment it is not possible to establish a relationship between a user and a particular address, which provides some anonymity for a user's communications on the public Internet. In the case of a DSL connection, which is permanently connected, the IP address is never reassigned and the user's communications can associated with a particular address. This opens the user to a number of security issues.

1. Potentially anonymous communications, such as individual access to particular Web sites, can be associated more easily with particular users, as the IP address for the user never changes.

2. Even in the case of encrypted communications such as those based on SHTML (secure Hypertext transfer protocol) and SSL (secure sockets layer), the TCP (or user datagram protocol, UDP) and IP headers to and from the user are not encrypted. The unchanging address potentially allows those not privy to the communication to still gather information about transactions from the user based on their IP address.

3. The fact that the user's resources are always connected to the network provides an opening to attack. The attacker has as much time as required to enter the user's system because the unchanging IP address and always "up" connection allows the attacker to continue the attack until the user's system is penetrated.

Once the attacker has gained access to the user's system, a number of types of mischief are possible. In addition to stealing the user's information or damaging the user's resources, the attacker can use the system for their own purposes by installing their own data or programs on the suborned system. The fact that the user's system is always connected makes the system potentially very desirable to the attacker. The attacked system can then be used for further network mischief, such as denial of service attacks on the network from the user's computer. The user's PC can be configured as a Web server without the user's knowledge. In addition to broadcasting information about the user's system to the outside world, the commandeered system can be used to distribute information that the hacker has installed on the user's computer. The high speed of the DSL connection makes the user's system even more desirable to a hacker than dial-up connections.

A number of relatively simple remedies reduce the danger of the attack on the permanent DSL connection.

1. Most PCs running the Microsoft Windows operating system come with default configurations that are insecure for any computer in an environment that is connected to the Internet. Simply turning off the "file and printer sharing" option does much to increase the security of an always connected PC.

2. If the user turns off their computer when it is not in use, it reduces both the window of vulnerability to attack and the computer's usefulness to malicious users. However, this reduces some of the benefits of the broadband connection for the user. It may not be feasible for users such as small businesses or home offices where the computer is used nearly continuously.

3. Inexpensive personal firewall software can be installed on the users computer. These software packages can perform a number of security functions such as:

   1. Detecting suspicious activities by observing known communications patterns that are likely to be used by hackers.

   2. Blocking communications from suspicious addresses.

   3. Blocking communications from the Internet to TCP/UDP ports on the protected computer that could be used by an attacker.

   4. Auditing the configuration of the operating system and aiding the user in setting up their system to give them maximum protection.

   5. Notifying the user of potential intrusions.

4. A hardware-based firewall provides similar functions to the software based personal firewall tools; however, because it is hardware based, it can have additional functions, improved performance, and protect multiple devices on the home or small business local network. In many cases the DSL modem, a local router or switching hub, and a firewall can be integrated into a single device.

15.1.2 Naivete of the Typical Broadband Access User

Home and small business users are often ignorant of security issues, and even if they are interested in the problem, they are likely to have little time to manage security tools in their homes or offices. Unlike the large enterprise where a specialized staff can oversee the security systems on the network, the smaller users have very limited resources for this complex function. Large enterprises with their professional, full-time network security staffs often experience breaches. How can the home or small business user be expected to learn how to configure and monitor their environment with their much more limited resources? Assumptions cannot be made about the value of the information on any user's computer. Identity theft through hacking a home PC is a serious problem for a particular home user, and the information on a business computer may be vital to the continued existence of that small operation.

Although the vendors of tools such as personal firewalls and simple hardware-based security tools attempt to make their applications as self-configuring and intuitive as possible, some learning and resources are required on the part of the user. Additionally the continuing evolution of attacks requires periodic updates, reconfigurations, and replacements of even the most user-friendly tools.

Addressing this issue is difficult in the DSL environment. However, it also provides a means for access and service providers to offer additional services to their customers and thus differentiate themselves from other providers of broadband service or to obtain additional revenues from additional services to their customers.

1. A service provider could provide appropriate personal firewall and other security software to all users as part of the installation package for new users of the network. The hardware provided to support customers with home or small business LANs should be expected to contain firewall functionality.

2. Security consulting and "for fee" security help desk services to small business customers can be a source of additional revenue for the carriers and service providers.

3. The placing of security functions in common points of the access provider's network can provide protection to all users of the carrier's access network. Placing the firewall in an aggregation point in the carrier's network can support detection and filtering of suspicious communications and forbidden activities at a common point in the access network. However, this can only occur at cost to the carrier (that might be recoverable by making this an added value service to the end user). Also reductions in function, flexibility, and performance of the access system as seen by the end user would likely occur.

4. The carrier could manage the security functionality at the user's premises for the user. The software installed in the DSL access device could be installed, configured, and monitored by the carrier or service provider. Such a service is likely to be especially desirable for small businesses that may have critical resources to protect on their network connected systems. A particular advantage of ATM-based DSL architectures for such a service is the possibility of using a dedicated virtual circuit to allow a provider to manage the security function remotely. This would provide some protection from access by hackers.

15.1.3 Increasing Complexity of the Networks in Homes and Small Businesses

Users of DSL in both the home and small business are likely to support more complex networks at their premises than have been typical of the such environments in the past. In addition to the security issues mentioned in the previous section, DSL environments create security issues that are specific to these environments.

In a home environment with multiple computers, one cannot assume that the users share identical security interests. For example, the PC used by a parent may access that person's employer over the DSL connection from the home office, while children may have PCs used solely for "entertainment" Internet access. In this case, incoming and outgoing access restrictions for the parent and his computer are obviously different from those for the children from their computers. A firewall function at the gateway to the home (or within the access or corporate network) is not sufficient to ensure that only the authorized user can access the parent's corporate network. Only security that extends from the parent's computer to the employer's network can provide such control. The support for a virtual private network from the parent's PC, through the gateway and through the Internet, is one solution to this issue. Additionally, the use of separate ATM virtual circuits (VCs) dedicated to each of the users can ensure that the traffic for these two environments is kept separate.

The existence of home networks with multiple resources connected to them itself adds considerably to the complexity of keeping the home or small business environment secure. Personal firewalls on a single PC are a suitable security solution for the home or small business with such a simple environment. However, in environments with multiple devices on a home LAN, managing separate firewalls on each PC can become an administrative nightmare. In a DSL implementation supporting a home network, hardware-based applications on the device supporting the DSL access to the home is an obvious solution. Not only does this centralize the security function in the home or business, but also it allows the use of enhancements such as multiple VCs, and network address translation to enhance the security to the entire home network.

15.1.4 Complex Interactions between the Broadband Users and the Networks of Others

A PC on a DSL-connected home network that accesses another secure network creates security issues for that network. Breaching of resources on a vulnerable home network may allow access by unauthorized users to the remote secure network. Thus, the protection for the home network becomes part of the security cordon for the remote network; one that is not under the control of the administrators of that network. The home network thus becomes a portal for hacking another network and a weak point for other networks accessed from that home.