Theos-Talk Archives (October 1999 Message tl00260)

> Now that you have succeeded in scaring everybody who is not computer
> literate, please explain to us what the difference is between security
> concerns with a cable modem and any other kind of modem?
> Answer: There IS none. If you have no server software running, and you
> almost certainly don't unless you put it up on purpose, you can get
> attacked again and again, and nobody will get through.

> Yes there is. While I am not a computer "expert", there were cases where
> neighbors can get into others files and cases where the print outs got
> printed in a printer in the neighbor's home.
>
> The basis issue is buyers beware. If they have any questions, they should
> address it to their ISPs.

No *kidding*. I'm not sure if I'm a computer "expert" - but I am an internet
administrator, and do have to fiddle with security in a significant way at
times. In fact, now and then I have to hack (not in an evil way ... but
because the only real way to learn how to secure one's own networks and
severs is to get at least a bit of experience trying to crack them). And
cable modems *are* dangerous, for a number of reasons. They are *different*
than analog modems or any of the DSL flavors in several significant respects
... some of them behavioral and some technical. For instance, the average
modem user (often sharing a phone line in their house) dials in while they
are active on the internet, is assigned an IP address by the ISP that only
lasts through that session, browses, and then logs off (Note: an IP is a
unique numerical address that identifies the location of the computer to
other computers on the internet - for instance, simply type the number
"207.46.130.14" into your browser, hit enter, and you'll go to Microsoft's
home page) .

With a cable modem, it is more like a local area network. The user is
assigned a permanent unique IP, and many cable modem users (because their
ISP doesn't log them off after 20 minutes of idle time to conserve IP
addresses, and because the user isn't sharing a phone line) simply leave
their connection up 24 hours a day. So to a hacker, a cable modem user
*appears* to look far more like an internet server than a home user, in that
it has a stable IP address bound to a particular user, and it can often be
on - and idle - for many hours at a time.

And BTW, hackers most definately *can* get into a Windows machine without
server functions being enabled - in fact, one can just go download, for
free, things like "Back Orifice", a beginners hacking program that exposes
numerous security flaws in Windows, and allows people to take almost
complete remote control over a Windows machine. Many cable ISP's will
implement proxy servers and various kinds of firewalls - meant to mask those
those IP addresses to the outside world, and try to block common hackers
tools - but users need to know they are dependent upon the security skills
of the ISP ... guarding a network is *not* something that can be done once
and forgotten ... every time a new sort of wall is built, groups of hackers
figure out how to get around it.

Additionally, all other users of that particular cable service are, in a
sense, *inside of* the firewall. What does this mean? Just as a for
instance - many of the cable modem ISP's (including @Home and Time Warner)
basically configure like a big LAN (Local Area Network).
What does this mean?

First, say you have "File and Print Sharing" turned on on your PC. If
someone *else* on your cable modem system goes to their "network
neighborhood", and clicks on "Entire Network", they very well may see your
entire hard drive as though you are on a LAN with them. (This was first
brought to light by a now almost infamous article in late 1997, a computer
consultant in California had just signed up with "@Home", the largest
provider at the time, and was surprised to find, in his Network
Neighborhood, close to 150 other compters - he browsed through their hard
drives, look at a number of Turbo Tax, Quicken and banking files, saw
personal letters in Word, etc., etc.).

A second for instance ... if you have Windows 95, and you install the
network card you need to use cable modem, it generally automatically binds
itself to both MS Networking and TCP/IP. It *needs* to be bound to TCP/IP to
use the cable modem, but when it is also bound to Networking ... well ...
this is a big 'ol security hole that can allow a hacker to plant files on
your hard drive.

Yes, both of these security holes (and many others unique to cable modems)
can be protected against, and often the cable modem ISP will configure both
the modem and the user's PC to be safe. But, as a computer professional, I'd
like to suggest that people *don't trust computer professionals* (-:), not
every tech is exactly fully experienced, and not every user knows enough not
to inadvertantly open a big security hole - for instance, a person buys a
new PC, Time Warner hooks it up correctly, makes sure everything is safe.
Then a month later, the family decides to have two different login accounts
to the machine, one for the kids ... with content-filtering software enabled
... and one for the adults. However, they do want to share some files
between the two accounts, so (reading right out of a Windows 95 book) they
turn File and Print Sharing on. They are now sharing those files. With each
other, but also potentially with the cute little 10 year old next door that
is just learning to hack. Etc., etc.

Anyway - I've probably gone on too long here ... point is, while cable modem
security *can* be made relatively robust, it is simply wrong to say that
there is no difference between going online with a 56k dial-up modem and
going online with a cable modem. There are significant differences, several
additional steps need to be taken, a number of additional potential security
holes exist. People considering going to a cable modem should *not* just
look at it as just a faster connection - it is a fundamentally different
*kind* of connection, and (IMO) the ISP should be questioned at length both
about what security measures *they* take on their side, and that the user
needs to take on the PC side. -JRC