4

This discussion came after showing a friend this Security.SE post regarding DNS attacks, and after reading about a Cable Modem MITM attack.

Given the current options available to consumers, what medium (ISDN, Cable Modem, DSL) is inherently more secure than the others?

makerofthings7
  • 50,488
  • 54
  • 253
  • 542

2 Answers2

7

On the physical medium part, eavesdropping on a phone landline where dialup modems are used is physically easier than spying on the more modern mediums, because the lower data rate more easily accommodates homemade electronics of questionable quality. Also, some of the protocols used over various mediums include encryption, which may hinder spying attempts on the physical line (at some point, I had an ADSL access with PPTP and some sort of encryption activated -- although I do not know how good it was !).

Although marauding in deserted courtyards during moonless nights, crouching under service boxes to add tapping wires, is a time-honoured spying tradition, I believe that most attacks nowadays will be on a logical layer -- the attacker will try to hack into the ISP systems, or the machines on the customer side, be it a cable/DSL-modem or a not-totally-updated desktop systems, and he will do so by sending IP packets from far away. These are mostly orthogonal to the question of what medium is used. Logical attacks allow the attacker to try his luck on millions of targets from the comfort of his own basement, instead of confronting rainy gloom and ill-tempered cats on the random chance that the dozen or so homes that he will approach that night may contain something valuable, electronically speaking, and that no bored insomniac will spot him and call the police.

Physical spying still exists, but is mostly employed on specific targets: the attacker does not want to spy on anybody, he is after you, personally. At which point you should have more pressing needs. Proofing a home network against a dedicated attacker is hard; think about TEMPEST or even about looking at your display and/or keyboard, over your shoulder, from the outside, through a window. A good telescope, a video camera with high fps (nominally for slow-motion), and you can record a typed password from 200m away.

So for the specifics of DSL/T1/Cable/ISDN, I would advise selecting the provider: choose an ISP with a good repute about security issues, in particular with regards to whatever modem he provides. That's more important, security-wise, than the physical medium. And, to abstract the whole question away, never do sensitive stuff over the Internet unless you employ appropriate logical protection, such as HTTPS.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
5

The short answer is that it doesn't matter. The differences in security between DSL, cable modem, etc. are in the noise, compared to the other security risks you will face. Use whatever medium you find most cost-effective and convenient, and focus your security mitigation energy on other areas where you can make a bigger difference.

For instance, I recommend that everyone install HTTPS Everywhere (Firefox-only, regrettably). HTTPS Everywhere is a browser extension that will automatically redirect you to the encrypted version of any website that supports HTTPS (SSL/TLS encryption).

D.W.
  • 98,860
  • 33
  • 271
  • 588