Fraud Prevention in DOCSIS Networks: Security Roles

In this final post on fraud protection in DOCSIS networks, let’s examine how security roles in the Incognito solution can be utilized to prevent service theft.

Administrative Security

Administrator Accounts

Administrator accounts enable you to set up users that function in different assigned security roles:

  • Super User: Super user accounts always have access to all aspects of the DHCP service configuration. This access cannot be removed or restricted by any other security settings or Access Control Lists.

  • Account Administrator: Only super users and account administrators are able to add, modify or delete existing accounts, with one exception: every user can change his or her own password from the File –> Change Password menu item

  • Service Manager: Only super users and users with this attribute set can access service configuration and operations

In addition to the security roles, the DHCP service also supports specific database access privileges. User can be set to have either “read-only” or “manage” access to specific service features.

Continue Reading
  • Share:

Fraud Prevention in DOCSIS Network: Securing Your Platform

Enabling additional features in the Incognito fraud protection solution will go a long way to securing your DOCSIS network from service theft.

Anti-Roaming

Anti-Roaming devices enable you to restrict roaming on particular devices attached to the network. Anti-Roaming only has an effect for IP phishing/device ID cloning, when the cloned MAC is on a different CMTS. In the majority of cases, the cloned MAC will be on the same CMTS, as it’s likely the person cloning the MAC will be on the same local network by using a network sniffer to obtain the MAC.

Continue Reading
  • Share:

Fraud Prevention in DOCSIS Network: Data Sharing

We previously looked at the layers of security required to protect MSPs from theft of service. In this Tips & Tutorial, we’ll dive deeper into how the Incognito solution offers fraud protection with data sharing.

DHCP and CFM Data Sharing for Fraud Protection

The DHCP service shares what is known about the client with the configuration file management (CFM) service by creating a unique filename for the settings required for the device. This data is then stored in a table on the CFM service for 60 seconds, waiting for the modem request, after which it is deleted.

When the modem contacts the CFM service, it requests its configuration file by the name created by DHCP, and CFM looks up the file settings in its table. The file is then generated on request.

Continue Reading
  • Share:

DHCP Option Flexibility in Broadband Command Center

Composing DHCP options for device provisioning can pose some challenges for network administrators. In some cases, one set of options can be used for a large number of devices, while in other cases, unique options are required to provision one particular device.

As a result, network administrators need to be able to flexibly deliver DHCP options to enable fast device provisioning for a wide range of devices.

Continue Reading
  • Share:

How To Use LDAP/SQL External Lookups in Broadband Command Center

The DHCP service component of Broadband Command Center supports external query functionality. This feature enables you to retrieve data from an external source such as an LDAP or SQL database for use in the solution. This may include important information such as DOCSIS TLV details and device provisioning data.

This article aims to explain how you can use LDAP and SQL external lookups to find and retrieve information related to device provisioning in Broadband Command Center.

Continue Reading
  • Share:

How to Transition Embedded Options to Prepare for DHCPv6 Readiness

Embedded options are slowly becoming standard for Broadband Command Center. This means that you no longer have to create a template and associate it to Client Class, Rule, and Device Classifier. Instead, a number of DHCP objects now have an embedded template (called “DHCPv4 Network Settings or DHCPv6 Network Settings”), where you can specify the DHCPv4/DHCPv6 options that you need to use. This feature eases the process of determining which options are required to provision a device and accelerates the diagnostic process when errors are encountered.    

Continue Reading
  • Share:

DHCP Options in Plain English

Every day, different forms of configuration information passes between devices via a number of different mechanisms and protocols, and it’s easy to feel overwhelmed by the multiple protocols that govern this communication exchange. In networking, the main forms of configuration data transfers occur using DHCPv4 options, DHCPv6 options, and Type/Length/Value (TLV) objects, the latter of which is usually passed through a downloaded configuration file. Administrators and technical staff working in networking environments need to understand these terms and it’s useful to have a quick reference guide to translate this technical information into plain English.

Continue Reading
  • Share:

Enhance Network Security with DHCP Access Control

Device and subscriber security can be a serious concern for broadband service providers. In the provisioning space, DHCP relay is a potential entry point for security threats. For instance, if there is no authentication or authorization during an exchange between a DHCP server and DHCP client, the server cannot determine whether the client requesting the address is legitimate. Rogue clients and servers can create a number of problems, including denial of service, installation of unauthorized software, exposure of sensitive information, and hijacking of DNS servers. It’s therefore essential to include DHCP access control in your network security considerations.

Continue Reading
  • Share: