Security and xDSL
Connections
by Dave
Piscitello
Broadband local access technologies (cable
modem, digital subscriber line, and fixed wireless) deliver significantly
higher bandwidth than traditional analog and digital modems. All this is
achieved using the same wires that deliver TV signals, the copper pairs
that deliver telephone service, and/or the microwave radios and
infrared beams aimed at and transmitting to your residence or office.
Over the next twelve to eighteen months, the
market for broadband local access in all forms is expected to explode. Of
all the services that will be offered using these technologies, Digital
Subscriber Line (DSL) has particular appeal for telecommuters, homes,
small businesses and branch offices.
Besides delivering higher
bandwidth, these technologies are fundamentally different from traditional
"dialup" modems. Just like the WAN services and leased lines that
enterprises use to connect to the Internet, these technologies are always
on. From a security perspective, a reasonable initial reaction is that
broadband local access connections should be protected to the same degree
that one protects enterprise Internet connections.
This is the
first in a series of related editorials. From the perspective of a system
administrator, I'll consider many of the perceived threats,
vulnerabilities and issues presented by broadband local access
connections—particularly DSL. Part of this exercise is to de-bunk myths
that these threats are pertinent only to broadband local access
connections. Subsequent columns will consider policies and technologies to
mitigate these threats.
What is DSL?
Digital Subscriber Line
(DSL) is a method of using the unused parts of the spectrum available on
ordinary copper telephone pairs to provide higher bandwidth than
traditional analog and digital modems. DSL technology uses "frequency
division multiplexing" and special coding so that data transmission
occupies spectrum ranges not used for standard telephone service. This
allows DSL deployment to provide voice and data over the same copper pair.
DSL, however, works only over a telephone line no longer than about
eighteen thousand feet—about 3.4 miles or 5.6 kilometers.
Despite
early struggles between incumbent and competitive local exchange carriers
(ILECs and CLECs) over the interpretation of the US Telecom Reform Act of
1996, xDSL service is now available nationwide from several large national
CLECs (Covad, Rhythms, Northpoint), the Baby Bells (ILECs), and many other
regional carriers. Using DSL, ILECs and CLECs can deliver up to one Mbps
service over existing copper to 80% of 550 million residences
worldwide.
The widespread availability and performance
characteristics of DSL make it very attractive for telecommuters, homes,
small businesses, and branch office connectivity. For this reason—and
because I use DSL every day—I concentrate on DSL here. However, much of
what I say about security in this and ensuing editorials will apply to
cable modem and broadband wireless as well.
How is DSL deployed?
DSL is typically provided as a layer 2 Permanent
Virtual Circuit (PVC) service, and the service model is nearly equivalent
to an ATM or Frame Relay PVC. Each PVC is a private point-to-point
connection—think of this as an Ethernet hub with only two jacks. Data is
transported over DSL access networks without examination. Each PVC
requires explicit initial setup by both customer and the service
provider.
The majority of DSL service is sold through ISPs. In this
service model, you install a DSL access modem at your home or office, and
run IP over DSL in one of the recommended encapsulations. The DSL (layer
2) service runs over an ordinary telephone copper pair and terminates in a
telephone company Central Office at a device known as a DSL Access
Multiplexer (DSLAM for short). An ATM PVC, or leased circuit, aggregates
traffic from all the DSL subscribers of a particular ISP and sends it
to a router or layer 3 switch at that ISP's point-of-presence (POP). (In
some cases, this ATM PVC, or leased line, is connected directly to a
router or switch at an enterprise or private network). As you can see,
this scenario is not at all similar to how your dialup modem connects over
the public switched telephone network (PSTN) to a modem bank at an ISP
POP, or company RAS.
This is only a basic outline, there are common
variations to this topology. In multi-tenant units, for
example, DSLAMs may be located in building wiring. Often times, the
CLEC or ILEC may also be an Internet Service
Provider.
Security Issues for the System
Administrator
The most frequently cited "worries" expressed by
system administrators about empowering telecommuters and remote offices
with remote access via broadband local access services are:
1. The
transmission facility is not a secured link, so communications over the
link are vulnerable to hijacking, replay, and modification. This is
perceived as a BIG problem for cable modem, which is a shared medium, and
for broadband wireless. But DSL is not immune, especially since the most
common deployment of DSL is via a public Internet provider.
2. The home or small office now has an always-connected link to the enterprise's network. Like enterprise Internet connections, the link is always available and thereby subject to attack.
3. The home or small office frequently lack sufficient physical security. Equipment and sensitive information are vulnerable to theft and unauthorized access.
4. The connection from home or small office is
a high speed link: Think of the higher bandwidth in terms of the rate at
which information can be stolen (downloaded) from a compromised
server.
What is troubling from a security "purist" standpoint is
that some of these concerns have a wider applicability than broadband
local access. As we seek to leverage the Internet infrastructure to reduce
communications costs we multiply our exposure to its
dangers.
Are these problems unique?
Too often,
most of the attention to security outside the corporate perimeter is
focused on data transport. But all communications services used by
telecommuters, SOHOs and roaming employees exhibit some of the same
characteristics described in (1) and (2) above. How is "always connected"
any less secure than remote or roaming access via modem or ISDN via the
public Internet? From a transport perspective (just the underlying
technology), and absent the use of secure remote access (VPNs), it's not.
You should worry equally about securing communications for your
laptop-encumbered road warriors as for your broadband-enabled
telecommuters regardless of how they connect.
Regarding the issues raised above:
1) If you are connecting telecommuters directly back into your enterprise with DSL, no leg (hop) of your data transport will traverse the public Internet. Given this, you should apply the same security policy regarding encryption over untrusted links as you do for your Frame Relay and ATM PVCs. Cable modem and broadband wireless, on the other hand, are easily eavesdropped "broadcast" technologies. Treat these with the same policy as access via the public Internet.
2) The perception that you achieve some level
of security through obscurity by using dialup or ISDN services, and so can
avoid the responsibility of protecting a PC or LAN in these
configurations, is plain wrong. Connectivity is easily automated using
autodial analog modems, ISDN or dialup modem SOHO routers. User connect
time to Internet services now ticks along in hours, not minutes. Following
dialup through an ISP, at least one of your systems has a public and hence
scan-able IP address. IP addresses associated with ISP dialup, and ISDN
modem banks, are published, well known, and routinely scanned. Don't rely
on NAT to protect you, depending on how you are using network address
translation (NAT), there may be ways to hack in to your SOHO LAN. You are
much more vulnerable, even with an intermittent connection, than you may
care to believe.
3) Many telecommuter residences, homes and small
offices don't have the kinds of physical security that enterprises employ.
But there's nothing unique to broadband local access here: The lack of
physical security is an epidemic problem among road warriors,
telecommuters, and many small offices, where laptop theft is increasing at
rate of over 25% per annum (Safeware Insurance Company,
1997).
Arguably, the only truly unique aspect of broadband local
access is its high speed link. But consider the Internet cafés, e-mail
kiosks with complimentary LAN cabling (or wireless LANs!)
and—increasingly—hotel rooms with cable modems. In all these areas,
sensitive information can be downloaded from a compromised host at a
frightening rate, long before the intrusion is discovered or addressed.
What is definite is that the new technologies that enable high speed
access are bringing some of the thorniest problems in network security to
a whole new segment of the wired world.
Initial Conclusions
To react to
broadband local access as somehow different from all other forms of
communication is to fail to appreciate the overall security picture.
Broadband local access doesn't create that many new issues, but it does
call attention to security policy and implementation issues that may have
been overlooked or neglected. It creates an opportunity to address the
larger set of issues facing a company when it acknowledges that security
can no longer be implemented solely with, (as Fred Avolio discusses in his
April editorial Extending the Perimeter), a "secure perimeter"
mentality.
Forthcoming
Forthcoming columns in
this series will consider problems system administrators will face as they
attempt to:
§ Cede administrative control of desktops, stored
information and information confidentiality to telecommuters
§
Provide telecommuters and roaming employees with access to intranets and
mission-critical servers over untrusted links, particularly over the
Internet
§ Deal increasingly with telecommuter and small office
LANs
In my next editorial, I'll suggest appropriate
security policies for each scenario and discuss technologies you may find
helpful when implementing these policies.