Manualshelf

User guide

ManualsBrandsEricsson ManualsComputer equipmentECN330
81828384858687888990
Security
1/1551-HSC 901 35/3 Uen C 2005-12-02
81
9 Security
The ability to protect communication systems and information from various
types of attacks has become increasingly important over the last years.
Since the advent of the Internet, hackers have become more and more
skilled and are today equipped with numerous tools to perform a multitude
of different attacks on data networks. The number of attacks per day has
increased dramatically and is ever increasing.
In general, all IP networks are susceptible to attacks from both external and
internal parties. The attacks can have many forms, including information
theft, denial-of-service attacks, and corruption of programs or information.
Thus, a number of threats are facing an EDA system.
9.1 EDA Security Issues
The EDA concept is based on Ethernet technology as a common data-link
layer (layer 2) and IP as the typical common network layer. Thus, in
addition to the general IP network threats, security issues are imposed by
the use of Ethernet as the common layer 2 technology within an Access
Domain. Sharing a broadcast media to convey management traffic as well
as traffic for all subscribers requires the system to provide
countermeasures to ensure privacy and integrity of the transported data.
Consequently, the EDA concept includes mechanisms to handle any type
of attack on the system, including attacks on EDA system entities (i.e.
equipment within the Access Domain), on subscriber equipment, and on
the data conveyed via the EDA network.
The mechanisms, which can be used to improve security, are:
Layer 2 separation to force the upstream traffic to go through a router
using PPP, VLAN or Forced Forwarding technique.
Using DHCP Relay Agent Information Option (Option 82) to
authenticate the end-user.
Filtering of IP frames in the IP DSLAM in order to filter out broadcast
traffic, verify source MAC and IP addresses of upstream traffic, limit
destination addresses and frame types in both directions.
Using Virtual MAC addresses to prevent MAC spoofing
Security risks to subscribers (for example viruses) are not considered the
responsibility of the EDA system.