Residential broadband-hiding in a virus Park

Residential broadband access is gradually becoming a "cake" for major ISP vendors ". This "Bundled sales" method provides new selling points for real estate developers and a group of fixed user groups for access providers, however, from the current situation, the "three powers separation" residential broadband (the network management and maintenance functions of broadband providers for users are handled by the district managers) has exposed many drawbacks in terms of security.

At present, most residential areas in China use fiber-optic Ethernet (FTTX + LAN) access technology to provide users with FTTZ (fiber-to-Residential Areas) + LAN (network cable to households) broadband access form. Theoretically, the bandwidth and speed are ideal, but in many places in China, a large number of users have abandoned low-cost residential broadband and switched to other access methods. Why?

Virus, breeding in residential broadband

1. Individual residents lack awareness of anti-virus attacks

According to the reporter's investigation, although the access provider of the residential network and the manager of the residential area are jointly responsible for the normal broadband communication of the residential area, however, it is up to the user to protect the computer connected to the network. On the one hand, managers do not have the permission to restrict users' access to the Internet (the Internet is the biggest source of viruses); on the other hand, some households do not have a strong awareness of anti-virus and do not have installed basic anti-virus programs such as firewalls.

2. rapid spread of viruses

The residential area is a medium-sized network based on the computer LAN technology. If a household's computer is infected with the "Shock Wave" virus, the virus uses IP scanning technology to scan the IP address of the current network and trace the computer information under the IP address, computers that meet Transmission Conditions are detected to replicate and infect themselves. The number of infections will grow in a geometric manner. Once the virus is infected with the master server, all tenants may be infected with data transferred from the primary server.

3. Lack of countermeasures

In terms of management mode, residential broadband users are also different from the "one-to-one" form obtained after a single user applies. In the past, ISP and user were responsible for network disease defense. After a malignant virus exists in the residential broadband, the access provider cannot immediately detect and solve the problem, the local management department must handle the issue and seek help from the access provider if the problem cannot be solved. In this way, the troubleshooting time will be greatly delayed.

4. It is not easy to completely clear

As we all know, the construction of the Community network cannot be comparable to that of the professional network, which makes it more difficult to clear the disease, especially after cross infection, it is more difficult to trace its exact origin. In addition, the distance between the network distribution space is large, and the cleanup operation will consume more manpower. It is also a headache to decide who will take the cost of this inspection.

5. Everyone is responsible for Community Network Security

The above introduction is a virus security problem in the community. How can this problem be effectively solved? The author puts forward the following suggestions.

Access Provider: basic security measures should be taken during network construction. For example, you can segment a network, isolate one or more buildings as units, and control connections between them using routers, servers, or other devices. Once there is a virus outbreak, the device can automatically identify and interrupt the connection between this part of the network and the master network, which can not only prevent the spread of viruses, but also reduce the complexity of virus removal.

Administrator: Strengthen Server Authentication. You can use the password authentication mechanism to restrict user logon. When you need to connect to the network, you must use a dedicated authentication program to obtain the server license before accessing the network. During authentication, the server program scans the user's computer for viruses. If a virus is detected, the server prompts and terminates the authentication, which can be implemented through software.

User: enhances the awareness of Virus Defense and consciously installs the virus firewall to upgrade the system. If you see signs of virus infection, you should first cut off the network; otherwise, even if you have cleared the virus, there may be repeated infections.