Network security in a broadband Environment

With the rapid development of the Internet, more and more users are using broadband access to the Internet. Security issues related to broadband have become increasingly prominent, the series of problems such as account theft, password loss, and system hacking have brought about more serious problems such as multi-level proxy, malicious account theft, and illegal online game currency value filling. Next, let's take a look at the broadband security issues and the protection methods involved.
At present, the main problems involved in broadband security include:

1. Theft of bandwidth accounts and passwords.

2. Broadband Router security issues.

3. operating system problems.

Next, we will analyze various problems and try to find solutions and protection methods.

New drugs for old diseases: theft of broadband accounts

This problem has been around for a long time, but we are not convinced that we have not taken it to the table. In fact, this problem is largely caused by different types of telecom verification and broadband services.

Broadband dial-up users' authentication methods include PPPOE and WEB Authentication. PPPOE adopts the authentication method first, and then IP Address Allocation Method. Note that if it is a monthly subscription system, PPPOE cannot be used to remotely stop or boot illegal users, these users can steal others' accounts and passwords to access the Internet. WEB Authentication cannot solve this problem. At present, most domestic broadband users are PPPOE-based DSL users. When the terminal accesses the INTERNET, dial-up verification is required. The authenticated user name and password are obtained when the user handles broadband services, due to management reasons of China Telecom, this account and password have many rules to follow: many user names are based on phone numbers, and some other simple letters are added with suffixes such as @ 163, almost all passwords are phone numbers. It is very easy to guess the account and password.

Broadband users do not have security awareness at all about account passwords. Some broadband installers even told users that there is no security problem with the broadband password, and only your phone can be used. Over time, this implicit problem is very common and it is very easy to find a broadband account. I used to test and write a special program to guess the bandwidth account. The condition was that the account password was matched. the test time was a.m. and more than 100 accounts were found to be available within half an hour, the results are amazing.

This problem is also rooted in China Telecom's policy. At present, China Telecom's broadband verification process is as follows: first, your phone must handle the broadband service and the physical line is available. Second, the user name and password you use when dialing are matched.

Let's take a look at the second point: the user name and password match, that is, as long as it is a pair of user name and password, even if this user name and password do not match your line, you can also pass the telecommunications equipment room authentication, connect the dial-up IP address to the Internet. Last year, I verified it in various cities across the country. The same account and password can be used by several people at the same time. China Telecom made adjustments this year. Only one user can use the same account and password at the same time. Follow the principle of preemptible, which may cause account theft. Because the ADSL data signal is different from the voice signal of a common phone, And when using ADSL to access the Internet, it does not pass through the telephone switch, therefore, there is no way to identify who is stealing your account and password Based on the phone number. The consequences are actually very serious, that is to say, after using your account and password to access the network, all illegal consequences will be borne by the account and password handler, because the final responsibility is to find the broadband business records of China Telecom.

As we mentioned above, hackers must also handle broadband services. Someone may ask, if they have already handled broadband services, are they still stealing others' accounts and passwords? There are three reasons: first, to hide the identity. In this case, most hackers or others have malicious damage. Second, some people who handle traffic-based Internet access can use broadband without traffic restrictions. A Broadband User who applies for traffic-based Internet access can use the account and password of another broadband user who applies for monthly subscription without traffic restrictions. The result is that the rights and interests of the user who applies for traffic-based Internet access are damaged. In this way, China Telecom records the Internet access records of monthly subscription users, rather than those of users who access the Internet by traffic. Third, you can pay for some online transaction services purchased by game cards after dialing using others' accounts and passwords. In the end, the problem is especially serious, so we should pay attention to it.

If you have activated account and password bundling services in a city, you can go to the telecom business office to handle bundling services, in this way, your bandwidth account can only be used on the line on which you apply for broadband (that is, your bandwidth account can only use your own ADSL/LAN line to dial up the Internet ), you don't have to worry about your account being stolen by others, which affects your normal use. At present, the number of bandwidth users who have applied for bundled services is less than 10% of the total number of users. On the one hand, the security awareness of broadband users is not strong, and on the other hand, not all cities have activated this service. At present, the most important thing for us is to form a security awareness and keep our broadband account and password safe. The leakage of accounts and passwords is often caused by the owner himself. Regular password modification and strong password setting are also required. When we have formed this security awareness, the space for the attackers to survive will be reduced.

Not noticed: Router Security

When you use a vro or a cat with the routing function, when you do not use the routing method to access the Internet, the MODEM only works below the Layer 2 and only serves as a bridge, the SAR and physical layer passthrough functions of MAC frames are completed. The dialing software on the computer completes the dialing process, and the public IP address is obtained by the dialing computer.

Let's take a look at the situation when using the routing function. Now, a considerable number of users enable the MODEM routing function for the convenience of accessing the Internet, and enter the broadband account into the MODEM so that the MODEM can complete the dialing process. In this way, the public IP address is assigned to the MODEM, and then the router is used as the gateway to access the Internet. Most MODEM with routing functions provide Web and Telnet configuration methods for users. The ports 80 and 23 of these MODEM are enabled by default. Then, you can remotely access the MODEM configuration page, view the HTML source code that stores the user name and password page, and view the plaintext user name and password. Below, I will give an example to illustrate this problem:

First, let's start the streamer. Because this is a software familiar to everyone, I will use 5.0 here, and select a network segment in its advanced scan options, check that only FTP and Telnet are selected for the project to speed up. Select the dictionary to start scanning.

Can I see the account and password? The password is an asterisk, and the phone number in the account is judged by experience. Check the source code of the webpage and verify that the conjecture is correct. This is a very popular method to charge the QQ currency value on the Internet!

Routing exposure is a common problem. Currently, mainstream broadband routers support FTP and Telnet access, and most users do not modify their default passwords and ports. vrouters of each brand have their default passwords, which can be easily found on the Internet, we will not announce it here. When using a Broadband Router, you must change the default options, especially the default password. It is best to change the default FTP and Telnet ports, or disable them, this is often caused by improper user settings that pose security risks.

In addition, there are many system problems that make people laugh, such as backdoor problems caused by virus Trojans, empty passwords or weak passwords, and no latest patches. Recalling the four or more stars of viruses in recent years, such as the red code II, cover letter, Nimda, and other backdoor viruses, we were very impressed. Router problems and system problems often lead to the leakage of broadband accounts, which forms a vicious circle. These problems should all attract our attention.

Security seems to be far away, but it is by your side. Security usually depends on the cost of the object to be attacked and a dynamic balance between the cost of protecting data. Only the overall security system built on the basis of in-depth defense is required, in order to effectively protect the security of every point in the system, to effectively prevent external illegal intrusion, and to quickly find the best way to restore services in the case of a fault. In short, users, operators, and network security vendors have joined hands to take active and effective protection measures as soon as possible, which has become a top priority for China's broadband network development.