Broadband Security

By Jon Udell

January 21, 2002

(Broadband Security :  Page 1 of 1 )

A new DSL circuit ends Jon's sheltered life

The Honeynet Project estimates the lifespan of a stock system newly attached to the Net to be about one day. "Lifespan" refers to the time it takes to be found, and then hacked. Recently, while switching DSL providers, I got a chance to do the experiment. On my old DSL setup, things were very quiet. That's because my access device, a Cisco 675 (which combines the functions of DSL modem and router), was configured by the ISP to block all inbound requests, and altering that configuration would have voided my agreement with the provider. Not offering public services from my home network was, I decided, a reasonable tradeoff for peace of mind. Once I installed the 675, my software firewalls — first BlackIce Defender, then ZoneAlarm — went completely quiet except for occasional outbound alerts.

In my new setup, the DSL modem is a dedicated Westell Wirespeed. (The service, by the way, is called DSL/V, and shares the same wires used by my voice line; you have to filter the voice line, but amazingly it all works like a charm.) The ISP, in this case, drew the line at the Westell. What happened on the other end was entirely up to me: I could have cabled it straight to a PC or router, with or without firewall/NAT protection. I like my new ISP better than the old one, that's why I'm switching, but the difference between these two cases highlights the uncertain state of broadband security:

Randy Switt:

I've found that the high-speed Internet providers either ignore or actively *discourage* end-user security practices. The discouragement usually comes in the form of trying to blame anyone but themselves for system problems; i.e. "You can't access your e-mail? It must be that Linksys router you have that's blocking it. Call us back when you've disconnected and returned you system to the default state."

 Page 1 of 1 

BYTE.com > Tangled in the Threads > 2002 > January