Solved

Broadband Internet security over ADSL, Cable, ...

Posted on 2001-08-13
23
531 Views
Last Modified: 2013-11-16
Dear all professionals,

What is the security difference between ADSL, Cable and leased Internet connectivity?

I would appreciate it if you could share your knowledge and experience with me in comparing the security aspects between each mentioned broadband access technologies, or sends me web link of useful documents that discussing the topic.


Grateful and Thanks.
dicksonay
0
Comment
Question by:dicksonay
  • 5
  • 5
  • 4
  • +6
23 Comments
 
LVL 3

Expert Comment

by:erikdr
ID: 6379219
Well, depends...

Once you have been connected (logged on), security is 100% the same. You are a TCP/IP node and have to make sure that traffic between you and other nodes is as you want it - restricted by firewalls, DMZ etc.

There might be differences in security in order to get connected; these apply more to 'home' subscriptions than to business subscriptions. E.g. for cable usually no logon is needed, for ADSL with our local providers you _do_ need to logon in order to activate the line after startup of the workstation.

Hope this helps,

<Erik> - The Netherlands
0
 
LVL 3

Expert Comment

by:Beluga
ID: 6379519
Yup, once you're connected and logged in, there's no difference in security.

On a more "paranoid" level, all three types of connection will go through wiring panels, switches, etc. that are shared with other connections and services (eg. voice) and could be accessible by a number of personnel. So even in terms of wiretapping or eavesdropping, there's still no difference.
0
 
LVL 1

Expert Comment

by:CompuNerd19
ID: 6380235
The above is so paranoid it almost scares me :)  I agree fully with the statements already made, security (on the WAN side) is going to be dependant on the platform and software that you are running.  The way protocols such as TCP/IP is setup is that most of the time the actual hardware medium will be irrelevant.  The characteristics of a type of connection (also stated above) could be a factor concerning security onsite.  Great stuff guys, hope it helps.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6380255
Actually, there is a big difference.

Getting your data with DSL or leased lines involves some illegal activity like taping the line or social engineering the telco.

With Cable, all your data is broadcast to everyone on the same cable segment (usually everyone on your block or something like that) without them having to do anything special.

That's not to say you should asse DSL and leased lines are secure and Cable isn't, but you should know htat there's a different level of effort involved in cracking things, at least on the near end.
0
 
LVL 12

Expert Comment

by:Otta
ID: 6383067
> With Cable, all your data is broadcast to everyone
> on the same cable segment (usually everyone on your block
> or something like that) without them having to do anything special.

This statement is not true, at least with the Terayon cable-modem, which does encryption of all the data leaving your computer.
0
 

Author Comment

by:dicksonay
ID: 6383357
So how about the difference of security nature between DSL and leased line access?

thanks for all.
0
 
LVL 12

Expert Comment

by:Housenet
ID: 6383810
dicksonay , cable, DSL... IMO are just means to "get on the internet". There is no inherant security, it is simply network connectivity. The security comes from how & what you do to limit access to & from the internet for your connection. I think a good alagoly would be.. Is it safer to plug your radio into a power socket in the kitchen or the living room ?
-Leased lines are a different story.. Typically when someone refers to a leased line, it is a connection that exists from one office to another & is not tapped into anywhere else... Its a private line. Sort of like as if you ran a cable from your house to your neigbors & hooked up a radio.. Its very safe & secure because there are only 2 end-points therefore no way to be hacked. In the old days when people would ask for leased lines typically what they would get is a private connection using x25 frame relay, which is excellent for serial networking.
-When you say leased line to the internet...it kind of destroys the whole security aspect of a private connection & becomes a question of symantics.. In the way you're using the terms "leased line" again there is not inherant security & is simply another type of network technology used to access a public network.

-You should choose whatever gives you the most bang for the buck & purchase a firewall for the security portion.  
0
 
LVL 3

Expert Comment

by:Beluga
ID: 6384192
I've heard of ADSL internet providers that use NAT (Network Address Translation) with their own internal IP addressing scheme. It stops users running web servers from home, but it also slows down some hackers.

The ISP will have a gateway or proxy of some kind with a "real" IP address. The client will be assigned an IP address that will work within the ISP's systems but isn't recognised on the Internet (eg. 10.x.x.x). NAT bridges the gap for outgoing connections.

Clients with leased line routers are often permanently assigned "real" IP addresses as needed. This usually means one for the router, plus one for each server (mail, web, etc.). PCs on the client's LAN (eg. for web browsing) are expected to have a "local" IP address and go through a device with NAT such as a router, proxy server or firewall.

In reality, you would probably want to install a firewall on both types of connection, which makes the above comparisons somewhat redundant. :o)
0
 
LVL 5

Expert Comment

by:Droby10
ID: 6385262
yeah i would collaborate and support a few statements that there are some significant differences...

as calabrese noted the broadcast vs _switched_ architectures (although some providers do use encryption on the cable side)

the other stemming from the fact that cable is typically a pppoe connection using a virtual mac address (this typically limits the capability for internal lans using nat as stated by beluga)

from my experience, the provider hardware with cable is less secure than dsl, both in terms of physical security and network lockdown.

naming and addressing conventions are generally predictable for both technologies.

cable providers tend to filter nbt traffic better.

cable providers that implement dhcp, permit traffic from windows hosts to be source routed via icmp/arp attacks.

0
 

Author Comment

by:dicksonay
ID: 6386788
Yes, it all true.

In fact, I am interesting on what security solutions are being implemented by ISP in order to minimize unauthorized access (from both external and internal attacks) to his client's network, especially for those non-business users without security device at home.

Also, is that mean use DSL topology for accessing private network is in same security level as leased line connection? I wondering if private leased line also face the risk of line tapping activity, such like DSL.

many thanks for all of your comments.
0
 
LVL 3

Accepted Solution

by:
Beluga earned 300 total points
ID: 6387369
ISPs usually don't provide security for end-users, be they business users or home users. Some ISPs install firewalls or filters to limit damage to their internal network, which, although not designed to do so, sometimes have security benefits for end-users. But ultimately, the security of your own network is up to you and should be within your control. That's usually the stance ISPs take too.

In terms of gaining access to the copper or fibre cable for wiretapping, DSL and leased lines are pretty much alike. At the end of the day, it's still a cable running from the exchange, through various junction boxes, and into your premises. The main difference is the telco's termination equipment at each end.

However, if you're going for a *big* leased line (over 2Mb), some telcos might be persuaded to install a microwave link between your premises and the exchange. This is a bit more secure, as there are fewer physical access points.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6388172
Yes, private DSL links have roughly the same level of privacy as leased lines.  Which is to say, it's fine for most things, but not sufficient to protect things like like medical records or sensitive financial data (US financial regulations require encryption over leased lines, for example).

It's all too easy to listen in on a leased line or DSL link through physical wiretapping,  or by social engineering the Telco into putting you on the same private network (yes, this has really been done).

The question is the value of the data you're trying to protect vs. the cost of obtaining it.
0
 
LVL 1

Expert Comment

by:batkung
ID: 6391010
my DSL provider adds an extra level of security through DHCP, my IP address changes every 5-10 minutes. Great if you are just using the connection for surfing, but no good at all if you want to serve anything using the connection.

you *really* need a firewall between your router and local network...nuff said
0
 
LVL 12

Expert Comment

by:Otta
ID: 6391179
> my IP address changes every 5-10 minutes.

That is _VERY_ weird.

The DHCP-client on your computer will send a "renew" request
when the current license has aged to 50% of its value,
so you should be keeping the same IP-address,
because your computer keeps "renewing" it,
as long as it is running.

Even when your license "expires", most DHCP-servers
will grant you the _same_ IP-address, if you try to
renew soon after the expiry.

What ISP do you have?
Does 'WINIPCFG /ALL' show a changing IP-address?
What is the duration of the lease?

0
 
LVL 5

Expert Comment

by:Droby10
ID: 6391236
ouch...i wouldn't say that this increases security, it just closes one door and opens another.

dhcp itself presents a major security issue.  the increase in requests/allocations just adds to the likelyhood of someone exploiting these weaknesses.

if such a short interval of ip reassignment existed on a shared resource (cable), it would be scary what could be done.  ease of consumption of the original pool...route all traffic through host x...resolve all names from host y.  it wouldn't matter that the ip may or may not be changing; as there would be no control over the route and destination of traffic.
0
 

Author Comment

by:dicksonay
ID: 6392061
OK since cable will cause exposure of personal privacy to other users in same cable segment, for sure it is better to encrypt data before sending it out to cable. But finally I want to make sure whether someone can use such kind of LAN monitoring software to capture my data over DSL line?
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6392514
No, they can't use such LAN monitoring software to capture you data over a DSL line at _your_ end.  What they can do anywhere else in the connection is entirely a different matter.

Bottom line is that you need to use encryption if your're sending very sensitive data over any network that's outside your direct physical control (i.e., there are parts you can't see from your desk and aren't locked in a closet), or when sending medium-sensitivity data over the Internet (even with DSL, since you can't control what's in the middle and possibly not the other end).
0
 
LVL 12

Expert Comment

by:Otta
ID: 6393301
> cable will cause exposure of personal privacy to other users in same cable segment

No.  This is not always true.

Would you also say "every automobile-driver always exceeds the speed-limit" ?

Neither statement is always true -- there is nothing inherent in either cable-modem networks or automobiles which causes such results.
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6393320
There is something inherent in cable-modem networks that exposes your data.  Some carriers supply their users with cable-modems that are setup block snooping of other people's data, but this is easily gotten around.  A very few operators use encryption, which is not so easy to get around (depending on how they do it, but it's going to be a lot harder in any case).
0
 
LVL 12

Expert Comment

by:Otta
ID: 6393325
A followup ... imagine the wide-spread press-coverage there would be if cable-modem networks were "insecure".

Any computer-cracker (private or US Secret Service) could "sniff" your E-mail ID and your E-mail password, and intercept your E-mail.

I guess that it is possible that cable-modem networks are insecure, and the USA government is suppressing all media-reports and/or shutting-down any web-sites and/or online discussions that are trying to "blow-the-whistle" on this lack of security.   :-)


0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 6393347
Actually, most cable modem networks are insecure.
And the cable providers have all kinds of warnings in their literature.
And there are lots of known break-ins.
And the press has covered it.
But most people don't care because they take the attitude of "it will never happen to me".
0
 
LVL 12

Expert Comment

by:Otta
ID: 6395435
> Actually, most cable modem networks are insecure.

Your source for this statistic?

Actually, all cable-modem networks are secure,
from the "head" through the network to each cable-modem,
i.e., a cracker cannot access any of the cable-company's systems,
nor access any cable-modem.

> And the cable providers have all kinds of warnings in their literature.

True, but only because the client's computer which is
connected to a cable-modem is not always "secure".

> And there are lots of known break-ins.

I log 20 to 50 attempts per day.
I don't log the "successful" break-ins.  :-)

> But most people don't care because they take the
> attitude of "it will never happen to me".

I disagree.

Most people just don't know enough about "computers" and "security".  
To them, a computer is an "appliance" -- they use the
keyboard and the mouse, and that's it.
They enable "file and print sharing",
and fail to set a password,
or they install Windows NT Server (or Windows 2000 Server)
and they don't realize that they are running SMTP,
DNS, and HTTP servers.
They open virus-infected attachments.
They don't spend the money on a virus-scanner.

It is "ignorance", rather than a "don't care" attitude, which causes the insecurity.



0
 

Author Comment

by:dicksonay
ID: 6395636
If there is no built-in encryption mechanism in cable-modem, all send out contents (including non-sensitive information, such as online chatting etc. or your logon info of this site without SSL), can be definitely exposing to other parties in same network segment.

Is that all cable network providers will seriously look into this matter, and ensure highly secure access encryption environment.


0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now