Always on? Always headed for trouble!
An increasing number of Internet users, both at home and in small office environments are turning to "always on" technologies like DSL (Digital Subscriber Line) and cable modems for their connections. These newer Internet links are fast and convenient, but in some ways they resemble a network link to the Internet rather than the kind of intermittent, on-again off-again links typical of dial-up connections. Because of these characteristics, people (or businesses) who use such technologies must be on their guard against potential break-in attempts and other security threats.
Potential Sources of Trouble
Given the foregoing description, it's natural to ask "Why is a connection that works like a network more subject to attack than a connection that works like a telephone link?" Some of the details that distinguish DSL from a cable modem do come into play here, but there are also some elements that both types of connections have in common.
To begin explaining potential sources of trouble, let's start with the IP address that's associated with your connection. Every Internet connection requires an IP address to work. Consider this address a way of describing not just your unique computer and the software it's running, but also to which network your computer is attached. Whenever IP addresses are both visible to and accessible to outsiders, they can present inviting points of attack to those with bad intent.
For both cable modem and DSL users, their IP addresses are typically assigned by a service named the Dynamic Host Configuration Protocol, or DHCP, just as phone-based connections get addresses whenever they establish an Internet link. But whereas phone links tend to get a new (and different) address each time a user logs onto the Internet, because cable modem and DSL connections are "always on" they tend to keep the same addresses for days or weeks at a time. This presents more opportunities for attack, and if the computer attached to an "always on" connection is itself always left turned on, attacks can be mounted in the wee hours of the morning when irate owners are likely to be unconscious, and thus blissfully unaware of what's going on.
To be fair, DSL and cable operators often use a special class of IP addresses known as private IP addresses (as defined in RFC 1918). These addresses may be used on any private network that doesn't interconnect directly with the Internet or directly route across the Internet. But other users on the same subnetwork (those that share the same network address, in other words) can sometimes probe each other's addresses on a local basis, whether IP addresses are public or private.
This is where the distinction between cable modem and DSL comes into play. Each individual DSL connection behaves as if it were on its own private networkmeaning it's quite difficult, if not impossible, to probe other local addresses. But each individual cable modem connection behaves as if it were an Ethernet connection, so that all cable modem users on the same CATV cable segment can see and probe each other's addresses with the greatest of ease! Nevertheless, we recommend that both DSL and cable modem users consider deploying the kinds of barriers and protections we recommend next.