Broadband Internet Security
- Internet is the channel to access vast pool of information & services available globally.
- Many home users use broadband Internet for accessing e-mail, online shopping, online banking, taking online courses, and many more.
- When the Internet connection is on, it is possible for other people to access our personal data by manipulating open ports on our computer.
- Without our knowledge, computer can be compromised and it can be used as launching pad for carrying out disrupting activities on other computers.
- Traditional Internet services are accessed in "dial-on-demand" mode, whereas broadband Internet is an “always-on” connection, therefore risk is very high.
- As broadband Internet is widely penetrated, it is very important for every citizen to securely configure for safe usage.
- Direct Attacks through Broadband Internet connection with their “Always On” state
- Default configurations and poorly configured systems are extremely vulnerable
- Network Sniffing (Capturing data in the network)
- Denial of Service attack
WiFi (Fixed Wireless):This type of broadband is widely used and delivered through radio signal rather than telephone wire and it provides us with all usual benefits. It requires “Line of Sight” between user and provider. ADSL / VDSL modems with WiFi are suitable for broadband access within home or office.ADSL (Asynchronous Digital Subscriber Line):
This is most commonly used for broadband Internet and it is 10 to 40 times faster than standard dial-up connection. This type of modems are also used to access Internet through telephone lines with speed upto 12 Mbps depending upon distance and quality of telephone line.VDSL (Very high Speed Digital Subscriber Line):
This type of modems are used for accessing very high speed broadband Internet above 16 Mbps and distance of 1 Km.Cable Modem:
This allows accessing Internet by utilizing existing cabling of telephone and TV.TA (Terminal Adapter):Modems using TA would allow us to make voice calls through service provider (like BSNL).Satellite broadband modem:
This uses a small antenna receiver dish fitted outside, which helps the user to link up with a satellite in geo-stationary orbit at an altitude of approximately 24,000 miles.Wireless Modem Setup
- Read guidelines given in manufacturer’s manual for wireless modem connection setup
- Check for proper power connectivity to PC as well as modem device
- Connect the power cable of the modem to the power plug
- Install the modem driver and associated software provided with the modem
- Submit the user credentials and wait until the system is initialized
- Once initialization is done, user can start accessing Internet
Do's and Dont's
- Change the default administrator or admin password of broadband router modem, as these details are given by manufacturer which can be misused by anyone. Admin account acts as “superuser” and helps to configure and manage the router modem.
- Enable SSH (secure channel) for remote administration.
- Use effective end point security solution (with anti virus, anti spyware, desktop firewall etc) to protect PC / Laptop from broadband Internet threats.
- Download broadband drivers from web sites recommended by the manufacturer
- Regularly download the firmware (driver code) updates of the broadband router modem
- Install broadband Internet bandwidth usage monitoring tool
- Make sure that filter is enabled for broadband lines. This helps to filter unnecessary noise added during the transmission to avoid interruption
- Power-off the modem router after completing the Internet access.
- In case of broadband Internet access through USB, disconnect and remove the device
- Make sure that broadband filter is used for each broadband Internet line
- Use only the power adapter supplied by the manufacturer along with the modem
- Don’t enable the option for remote administration (via Internet), as it is not required for a home user
- Don’t enable the option “Restore Factory Default Setting” in broadband modem
- Don’t use USB broadband modem with insecure Computers / Laptops
- Don’t use connection without a filter for each broadband Internet line
- Don’t tap the line before the splitter (a small device that separates phone line from data / PC port).
Guidelines for securing Broadband Internet access:
- Change Default Administrator Password (and Username): In order to allow only authorized person to configure the equipment, manufacturer provides username & password to the owner. However, username & password details are simple and very well-known to hackers on the Internet. So, it is very important to change default Administrator Username and Password.
- Enable Wireless Security: Some modem routers like ADSL type II router supports wireless security. Many security protocols are supported. User can select any one protocol and a protection key. The same wireless security protocol and protection key has to be enabled in laptop.
- Turn on WPA / WEP Encryption: All WiFi equipment supports some form of encryption technology. Once enabled, this technology scrambles messages sent over wireless networks so that messages cannot be read by unauthorized people. In order to use this feature, all WiFi devices must share identical encryption settings. Therefore we need to find a “lowest common denominator” setting.
- Change Default SSID (Service Set Identifier): Access points and routers all use a network name called SSID. Manufacturer normally ships their products with the same SSID set. SSID for Linksys devices is normally “linksys”. Change the default SSID while configuring wireless security, as it can be used by the attacker to break into the network / PC. <li">Enable MAC Address Filtering: Every device is provided with an unique MAC address. Broadband access points and routers provide an option for the user to key in the MAC address of the home equipment. This helps to allow connections only from those devices.
- Disable SSID Broadcast: In WiFi networking, wireless access point or router typically broadcasts the network name (SSID) over the air at regular intervals. This feature was designed for businesses as well as to access public hotspots. For a home user this feature is unnecessary and can be an entry point to break into the network.
- Disable Auto-Connect to Open WiFi Networks: In case if Auto-connect setting is enabled, computer can connect automatically without notifying to the user. This may expose our computer to security risks. This setting should not enabled except in specific cases.
- Assign Static IP Addresses to Devices: Most of the home users are bent towards using dynamic IP addresses, as DHCP technology is easy to setup. This convenience even helps the attackers who can easily obtain valid address from DHCP pool. Therefore turn off DHCP option in router or access point and use fixed IP address range.
- Enable Firewalls on each of the computer and the Modem Router: Broadband modem routers contain built-in firewall feature, but this option has to be enabled. Computer connected to the broadband modem can be provided with desktop firewall for extra protection.
- Turn off Network during extended periods of Non-Use: Shutting down a network will certainly prevent outside unauthorized people breaking into the network. Since it is very difficult to frequently turn on and off the devices, at least it can be considered during travel or extended period offline.