- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Preventing the fraudulent use of Internet DSL accesses by dial-up accounts: a network authentication issue.
- Abstract
- Access to the Internet by the masses has migrated from dial-up only connections to a combination of the former and so-called "broadband accesses", typically Cable-Modem or Digital Subscriber Line (DSL). While most Internet Service Providers (ISP) now offer these services, many of them do not own the underlying telecommunications infrastructure and act as resellers to a larger provider, often a phone company. A consequence however of this network arrangement is the split between two distinct parties of the tasks required to allow a subscriber onto the Internet: the DSL provider who is responsible for the physical access and the ISP who is responsible for the authentication or "logical access". This situation creates an opportunity for a fraudulent usage of the service and consequently some revenue losses for the ISPs. This document looks at the details of a typical deployment between DSL providers and ISPs in order to highlight the areas of vulnerability of the model. Finally we will suggest an approach to prevent this type of fraud with some other elements that could lead to tailored solutions for the ISPs: as the next sections will demonstrate, a unique overall solution is most unlikely given the number of ways each ISP could deploy its services.