DSL Advances

   

15.1 General Security Issues for Broadband Services

15.1.1 Problems Raised by an Always-connected Service

15.1.2 Naivete of the Typical Broadband Access User

15.1.3 Increasing Complexity of the Networks in Homes and Small Businesses

15.1.4 Complex Interactions between the Broadband Users and the Networks of Others

15.2 DSL -specific Security Advantages

As DSL is implemented to support deployments of low-cost services to large masses of customers, network security issues that formerly were primarily the concerns of the larger enterprises and governments begin to effect the naive user in the home and small business. Many of these emergent issues are common to all forms of mass broadband access, that is, cable modem, fixed wireless, or DSL. Some of the security issues shared among all broadband access methods to mass retail users include:

  • Problems raised by an always-connected service

  • Naivete of the typical broadband accesses user

  • Increasing complexity of the networks in homes and small businesses

  • Complex interactions between the broadband users and the networks of others

In certain regards, DSL architectures provide an amount of inherent security that is not found in the other broadband access methods.

  • DSL does not use a shared physical medium to reach individual customers.

  • The use of end-to-end ATM virtual circuits in many DSL implementations keeps the communications of particular users separate from each other throughout much of the access network.

Even with these positive architectural features, the integrity of both the users data and systems and those of the access network and service providers must be considered in the design of any DSL system.

In ensuring the security of assets on any network or of the services supported by that network, the following areas must be considered:

  • Unauthorized interception of data transmitted

  • Masquerade of one user by another

  • Malicious modification of data transmitted over the network

  • Unauthorized access or modification to data or resources connected to the network

  • Unauthorized modification of configuration of the networks

  • Denial of use of the networks or resources to authorized users

  • Theft of service

  • The legitimate requirements of the government and owners of the networks to detect and prevent malicious and illegal activities

A secure environment has several important qualities. Those authorized to perform a particular action or to access particular resources can do so with relative ease, without being monitored by unauthorized "watchers." Those who are not authorized are blocked from accessing, modifying, or using data or resources that they are not entitled to. Attempts at malicious actions can be detected and prevented.

Although easy to describe, providing such a secure environment for any network is difficult. The security methods must prevent unauthorized activities while allowing users to perform their business with minimal interference. Security methods that are too difficult to use or administer will be ignored, or worse , disabled, by the authorized users who see themselves as being overly inconvenienced. Weak methods that may be easy to use or administer only produce a false sense of security. Those who may attack systems are creative, and will evolve their methods of attack. This evolution will usually occur more rapidly than the increases in security for the network and its resources. Unfortunately security is typically only improved after successful attacks. Security is an expense whose value, in a sense, is only seen when it fails. A successful security system on a network, or lack of loss on an unsecured system, tends to result in complacency among its users and administrators.

In a mass deployment of broadband access such as DSL, these issues are accentuated. The users may have few resources to devote to security, little knowledge, and little desire or time to increase that knowledge. The operators of the networks and the services on those networks are caught in a similar bind. They must keep costs low to be able to offer services at a price that their customers are willing to pay. If services are insecure and can be easily stolen from the carrier, or malicious action can easily bring down the network, the carrier may not be able to afford to offer the services. If the services are made too complex by security functions added by the carriers , the users may reject the services. On the other hand, if security for the user's resources is not sufficient, the users may avoid the DSL services out of fear of theft (of valuable information such as credit card data) or damage to their home and business computing resources.


   
Top

Категории