DoT ask ISPs to implement security measures for ADSL modem within 3 months

Earlier DoT  has issued directives on securing customer broadband modems to all ISPs across the country. DoT has now updated its guidelines and asked ISPs to implement it within 3 months.

dot-modem

As per DoT, these vulnerabilities can be exploited by attackers to gain unauthorized access and change configurations, inject malware or even change DNS entries in the modem. These measures are aimed at making Indian internet users secure from cyber attacks and also creating awareness about such vulnerabilities in the Internet.

The Department of Telecom (DoT)’s guidelines for ADSL Modem :

  • ISP should ask customers to change default modem password set by the vendor during installation to avoid unauthorized access.
  • All ports expect CWMP port on WAN side should be set to disabled. Eg: FTP, TELNET, SSH, HTTP, SNMP
  • ISP should advise customers to do firmware upgrade from manufacture website.
  • In future only ITU-T, G.9980 standard complaint modem should be inducted by ISP’s in India.
  • From 01 Jan 2016, ISP should purchase only modems which comes with all ports factory blocked other than CWMP.
  • ISP should ensure broadband is not activated if any ports other than CWMP is opened.
  • ISP engineer should advise customer to block all ports expect HTTP(80)/HTTPS(443) on LAN side of the modem.
  • Customer should be advised to switch off modem when not in use.
  • Customer should be advise to check daily usage and if any discrepancy found should be bring into notice of ISP

DoT has also set forth new requirement of ITU-T, G.9980 standard modem to be used in India by ISPs starting Jan 1st 2016. The above directives are in response to increasing number of cyber attacks against internet users in the country.

Reported By

Leave a Reply

9 Comments on "DoT ask ISPs to implement security measures for ADSL modem within 3 months"

 

Sort by:   newest | oldest
Rajendra Undrajavarapu
May 24, 2015 1:02 am 1:02 AM

By disabling FTP,HTTP,TELNET,SSH only disables the various form of modem login’s , from wan side.however most of the users ip keep changing on every reconnection/reboot of modem.so it is least possible to hack an individual modem from wan side.however disabling modem logins from LAN side except via http or https is not much necessery. some modem upgrade their firmware/software from telnet/ssh when http fails/no browser interface present such as GUI. its unnecessary security tension created to broadband users by DoT

k
May 23, 2015 11:25 am 11:25 AM

Jjust hope they atleast give option to unblock these ports later. These people obviously buy own routers but now buy own modems too. This is for small people who do business from home

Sudhakar
May 22, 2015 1:56 pm 1:56 PM

Another way to kill the wired broadband also.

99.99% customers use their own modem and 100% have secured their WiFi connections. I think this is because of under the table pressure from the AcAVoId group to kill the wired broadband and force the customers to use the 3G whose speed is in coma. Think well beforebarking against this post.

QuickSilver
May 25, 2015 9:36 am 9:36 AM

Securing wifi connection has nothing to deal with this.

wpDiscuz