Earlier DoT has issued directives on securing customer broadband modems to all ISPs across the country. DoT has now updated its guidelines and asked ISPs to implement it within 3 months.
As per DoT, these vulnerabilities can be exploited by attackers to gain unauthorized access and change configurations, inject malware or even change DNS entries in the modem. These measures are aimed at making Indian internet users secure from cyber attacks and also creating awareness about such vulnerabilities in the Internet.
The Department of Telecom (DoT)’s guidelines for ADSL Modem :
- ISP should ask customers to change default modem password set by the vendor during installation to avoid unauthorized access.
- All ports expect CWMP port on WAN side should be set to disabled. Eg: FTP, TELNET, SSH, HTTP, SNMP
- ISP should advise customers to do firmware upgrade from manufacture website.
- In future only ITU-T, G.9980 standard complaint modem should be inducted by ISP’s in India.
- From 01 Jan 2016, ISP should purchase only modems which comes with all ports factory blocked other than CWMP.
- ISP should ensure broadband is not activated if any ports other than CWMP is opened.
- ISP engineer should advise customer to block all ports expect HTTP(80)/HTTPS(443) on LAN side of the modem.
- Customer should be advised to switch off modem when not in use.
- Customer should be advise to check daily usage and if any discrepancy found should be bring into notice of ISP
DoT has also set forth new requirement of ITU-T, G.9980 standard modem to be used in India by ISPs starting Jan 1st 2016. The above directives are in response to increasing number of cyber attacks against internet users in the country.