Security Basics mailing list archives
RE: Cable Vs. DSL
From: Lucas Zaichkowsky <Lucas () dnsys com>
Date: Tue, 22 Apr 2003 12:35:08 -0500
First, I'd like to say that I'm not an expert, but here's my thoughts based off my understanding of the technologies and some research I just did. Most modern cable modems utilize DOCSIS, which has secured communication. DOCSIS 1.1 introduced much better security (Over 1.0) with SSD and BPI+. We're talking 3DES for the key exchange and CBC for data encryption (64-bit key). I don't believe there was much added in terms of security in DOCSIS 2.0. Cable runs on a bus, but with this level of encryption, that's not a problem. DSL can run in many different modes. The most common modes are bridging and PPPo(E or A). I would estimate that 90% of the DSL ISPs out there use PPPoE. Bridging sends the data like it's on an Ethernet segment. No encryption. PPPoE and PPPoA use PPP as the data link protocol, which in turn can encrypt the data. I am unable to find any statistics or comments on how common it is for ISPs to encrypt the data. If I were concerned about eavesdropping, I'd pick a cable modem with an ISP using DOCSIS 1.1 or higher. For securing the home/business network, I'd then use a simple router like the Linksys BEFSR11. Update it to the latest firmware and lock it down. If you have some big bucks, I'm sure you can find firewall and IDS devices that'll put a dent in your wallet instead of the $50 for the BEFSR11. Install all the latest vendor patches on your computers and keep that anti-virus software up to date with virus definitions. DOCSIS Security http://www.cablemodem.com/downloads/Security_in_DOCSIS.pdf Block Cipher Info http://www.rsasecurity.com/rsalabs/faq/2-1-4.html -Lucas -----Original Message----- From: Jacob McMaster [mailto:jmcmaster () appliedsystems com] Sent: Tuesday, April 22, 2003 8:08 AM To: 'Hornat, Charles'; security-basics () securityfocus com Subject: RE: Cable Vs. DSL also remember cable is all on one network which is shared, and with the dsl it use BPI+ for most of them, which is encrypted and hard to read, sans had a good article on this, but dsl is your own line no bandwidth is shared -----Original Message----- From: Hornat, Charles [mailto:Charles_Hornat () standardandpoors com] Sent: Monday, April 21, 2003 3:13 PM To: security-basics () securityfocus com Subject: RE: Cable Vs. DSL Let me just throw this out for debate... Cable splits its up and down traffic, making it more difficult to sniff valuable data. Does this change anything? -------------------------------------------------------- The information contained in this message is intended only for the recipient, and may be a confidential attorney-client communication or may otherwise be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, please be aware that any dissemination or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify us by replying to the message and deleting it from your computer. Thank you, Standard & Poor's -------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-security-basics ----------------------------------------------------------------------------
Current thread:
- RE: Cable Vs. DSL, (continued)
- RE: Cable Vs. DSL Imran K (Apr 22)
- RE: Cable Vs. DSL Jacob McMaster (Apr 22)
- Re: Cable Vs. DSL Paris Stone (Apr 23)
- RE: Cable Vs. DSL Jacob McMaster (Apr 23)
- RE: Cable Vs. DSL Mike Heitz (Apr 23)
- RE: Cable Vs. DSL Xueyan Liu (Apr 24)
- RE: Cable Vs. DSL David Gillett (Apr 25)
- Re: Cable Vs. DSL Chris Travers (Apr 25)
- Re: Cable Vs. DSL Callan K L Tham (Apr 25)
- Re: Cable Vs. DSL Frank Gearhart (Apr 28)
- RE: Cable Vs. DSL Xueyan Liu (Apr 24)
- RE: Cable Vs. DSL Lucas Zaichkowsky (Apr 23)
- Re: Cable Vs. DSL David Vertie (Apr 24)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
- RE: Cable Vs. DSL Cosentino, Guilherme V. (Apr 28)
- RE: Cable Vs. DSL Xueyan Liu (Apr 28)
- Re: Cable Vs. DSL Chris Berry (Apr 29)
- Re: Cable Vs. DSL Brian Eckman (Apr 30)
- RE: Cable Vs. DSL Jordan Jesse - Toronto-MROC (Apr 30)