DoT ask ISPs to implement security measures for ADSL modem within 3 months

By May 22nd, 2015 AT 10:20 AM

Earlier DoT  has issued directives on securing customer broadband modems to all ISPs across the country. DoT has now updated its guidelines and asked ISPs to implement it within 3 months.

dot-modem

As per DoT, these vulnerabilities can be exploited by attackers to gain unauthorized access and change configurations, inject malware or even change DNS entries in the modem. These measures are aimed at making Indian internet users secure from cyber attacks and also creating awareness about such vulnerabilities in the Internet.

The Department of Telecom (DoT)’s guidelines for ADSL Modem :

  • ISP should ask customers to change default modem password set by the vendor during installation to avoid unauthorized access.
  • All ports expect CWMP port on WAN side should be set to disabled. Eg: FTP, TELNET, SSH, HTTP, SNMP
  • ISP should advise customers to do firmware upgrade from manufacture website.
  • In future only ITU-T, G.9980 standard complaint modem should be inducted by ISP’s in India.
  • From 01 Jan 2016, ISP should purchase only modems which comes with all ports factory blocked other than CWMP.
  • ISP should ensure broadband is not activated if any ports other than CWMP is opened.
  • ISP engineer should advise customer to block all ports expect HTTP(80)/HTTPS(443) on LAN side of the modem.
  • Customer should be advised to switch off modem when not in use.
  • Customer should be advise to check daily usage and if any discrepancy found should be bring into notice of ISP

DoT has also set forth new requirement of ITU-T, G.9980 standard modem to be used in India by ISPs starting Jan 1st 2016. The above directives are in response to increasing number of cyber attacks against internet users in the country.

An IT professional who has got great passion for telecom. Has been closely watching Indian telecom space since 2009.

9
Leave a Reply

avatar
Photo and Image Files
 
 
 
6 Comment threads
3 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
8 Comment authors
QuickSilverRajendra UndrajavarapukSudhakarsoumya Recent comment authors
newest oldest most voted
Rajendra Undrajavarapu
Rajendra Undrajavarapu

By disabling FTP,HTTP,TELNET,SSH only disables the various form of modem login’s , from wan side.however most of the users ip keep changing on every reconnection/reboot of modem.so it is least possible to hack an individual modem from wan side.however disabling modem logins from LAN side except via http or https is not much necessery. some modem upgrade their firmware/software from telnet/ssh when http fails/no browser interface present such as GUI. its unnecessary security tension created to broadband users by DoT

k
k

Jjust hope they atleast give option to unblock these ports later. These people obviously buy own routers but now buy own modems too. This is for small people who do business from home

Recent Posts

Trai Will Make Recommendations to DoT on Allocation of 4G Spectrum to BSNL and MTNL

The Department of Telecommunications (DoT) which is responsible for allocating spectrum to telecom companies is finally seeking recommendations from the...

Vivo to Launch 5G Smartphone in India When the Market is Ready

Saying that it is presently working on building the elements that would be the key to the future growth of...

Xiaomi Poco F1 Gets System-Wide Dark Mode With MIUI 9.3.25 Beta Update

Ever since the launch last year, Xiaomi is pushing out frequent software updates to Poco F1. The Poco F1 is...