Steve Goeringer, principal security architect at CableLabs, talked to us about network security challenges as more online services become available. And as it turns out, there are many. Some relate to being able to prove user identity and also verify that devices and software are exactly what they appear to be, according to Goeringer, noting broadband and WiFi networks face the same challenges. He said cable’s DOCSIS technology includes strong security measures to “ensure network operators can be confident that cable modems are authorized and that cable modems use the intended software.” Two key controls that enable these features are device certificates and secure software download.
With more data running on WiFi, some WiFi network operators are starting to use similar approaches to those of DOCSIS, Goeringer said. An example is the Wi-Fi Alliance’s Passpoint 2.0, which CableLabs has helped specify. Another security feature, end user identity, isn’t as strongly implemented, with Goeringer pointing out that most networks still use basic login IDs and passwords. “More creative and effective mechanisms are being developed now, and that will help users protect their broadband and wireless experiences,” he said.
The good news is cable networks today are “reasonably secure” if they are implemented based on DOCSIS specifications, he said, with strong encryption linking connecting devices to network hubs. However, a device in the customer’s home or business network could be compromised through phishing if home routers or devices aren’t sufficiently secured. CableLabs is working on specifications to help ops secure and manage routers and access points within the home and business networks, said Goeringer.
With the increase in bandwidth and the number of connected devices, he expects an increase in the scale and frequency of security attacks. Adaptive networking based on software defined network (SDN) and network functions virtualization (NFV) look promising in dealing with DDoS (a type of security attack where multiple compromised systems are used to target a single system) and other security issues, Goeringer said. Kyrio, a CableLabs subsidiary, is looking to expand these solutions for service providers.