|DSL vs. Cable Modem Comparison - Security|
Considerations for Both DSL and CableBoth DSL and cable provide always-on connection capability. By design, DSL and cable customers can stay logged into the Net indefinitely if they choose. This feature provides great convenience but also creates a security risk. First, the "law of averages" means simply being online longer increases the likelihood of attack proportionately. But more importantly, the always-on feature typically means the customer will be using the same network address -- a static IP address -- for the duration of their online session... (see below)
Static IP addresses provide network attackers with a fixed target. The analogy to baseball and other sports applies: a moving target will generally be harder to "hit." Many DSL and cable providers offer DHCP address assignment, that causes one's address to change each time they sign on. However, this feature helps only slightly if this address stays the same throughout the days and weeks one remains online.
How do attackers actually penetrate a home or small office network? In general, they exploit weaknesses in applications or in the underlying operating system. Typically vulnerable applications include email, databases, and instant messaging and conferencing tools. Operating systems contain many potentially vulnerable network services like FTP that utilize specific network ports.
Many DSL and cable modem customers choose to purchase routers to protect their internal systems. A DSL or cable router enhances the functionality of the basic modem with security features such as packet filtering and network address translation (NAT). One can usually build an equivalent security system with the basic modem and proxy software installed on the computer directly connected to the modem. Broadband routers simply provide a convenient and operating system-independent packaging of security features.
Both DSL and cable provide reasonably safe Internet access as long as one follows reasonable security precautions. Considering the numerous security holes found in operating systems and applications in the past, these precautions should be followed regardless of the form of Net access one uses.
Customers of DSL or cable can choose from a number of possible precautions including use of a broadband router, firewall software, or proxy server software. When possible, one should also disable network file sharing on the internal LAN. Anytime one signs up for new Internet service, or changes providers, one should immediately perform vulnerability tests. A number of different security testing tools exist for popular operating systems.
Finally, when evaluating cable modem service providers, consider the technology they offer. Does their modem implement DOCSIS, for example, and if so, what security options have been enabled? Does the provider offer dynamic IP assignment, and does one's IP address change at a periodic interval, or only when one first goes online?
The growing popularity of DSL and cable is helping to raise awareness of private network security issues, but these services really add very little in the way of new security holes themselves. Home networkers who haven't yet studied the security of their LAN should do so immediately whether they use DSL, cable, ISDN, or traditional dial-up access.