Pages

18 March 2014

ISPs must adopt new measures to ward off cyber attacks: DoT

SANDEEP JOSHI
It has come out with a new set of guidelines for ISPs

Amid growing threats of cyber attacks and hacking of websites, the Department of Telecommunications (DoT) has asked all Internet Service Providers (ISPs) to adopt new security measures for those using fixed-line broadband.

Noting that hackers have been exploiting vulnerabilities in the ADSL (asymmetric digital subscriber line) modems — those normally installed by broadband service providers at homes and offices — to implant malware and manipulate data, the DoT has written to all ISPs to “assist customers to change the password, including by physical visits.” It has also come out with a new set of guidelines for ISPs that must be implemented by May this year to ensure security of almost 1.5 crore fixed-line broadband users.

“The ADSL modems are presently supplied by vendors with default set up of user ID and password as ‘admin.’ The default password needs to be changed to a strong password by customer at the time of installation of modem to avoid unauthorised access to modem. The ISP executive visiting customer for installation of modem should ensure this,” said the DoT note.

“The protocol ports in ADSL modem on WAN side [for example, FTP, TELNET, SSH, HTTP, SNMP, CWMP, UPnP] be disabled. These ports may be used by the hackers to enter into the ADSL modem to misuse/compromise the ADSL modems by way of implanting the malware, changing the DNS entries in the modem,” it added.

In other instructions, the ISPs have been asked to devise a “mechanism to upgrade the firmware of the ADSL modems remotely by ISPs.” For this, the ISPs need to have separate login password, which is not possible in the present system of ADSL modem design. The DoT has asked the ISPs to tell their customers to check their online daily usage, and if any unexpected high usage of data is noticed, they may bring it to the notice of the ISP concerned. Customers should also be advised to switch off their modem when not in use.

Acknowledging that the DoT has alerted all ISPs to implement new security measures on a war-footing, Internet Service Providers Association of India (ISPAI) president Rajesh Chharia told The Hindu that these steps would go a long way in making Indian Internet users secure from hacking, besides creating awareness about how to tackle such vulnerabilities of the world wide web.

“We will also ask the ISPs to adopt all best practices available globally to make our Internet users more secure... The government and the industry will have to work jointly to make our cyber world secure,” he added.

No comments:

Post a Comment