Cisco DNCS System Release 2.8.1 3.8.1 4.3.1 Design Guide
4000358 Rev B
Security Recommendations for the DBDS Network in a DOCSIS Environment
3-5
Types of Security Attacks
Introduction
Security attacks can be classified into three main categories: intrusion, denial of
service, and theft of data. If you follow the recommendations covered in this chapter
and implement them correctly, you can reduce security risks on the DBDS network.
However, this does not guarantee complete shielding of your DBDS network from
security threats and attacks. Review these guidelines on a regular basis; incorporate
the recommendations into your network security policies to make sure they are
successfully supporting the security needs. This section describes the different
categories of security attacks.
Intrusion
An intrusion on the DBDS may include any of the following events:
•
•
An unauthorized party takes control of the DNCS, App Server, or DHCT
functions.
•
“Rogue” applications are run on the DNCS, App Server, or DHCT.
•
An unauthorized party connects to the DNCS, App Server, or DHCT through
telnet, FTP, TFTP, NFS, HTTP, or other non-secure services.
Denial of Service
Denial of service may include any of the following events:
•
•
Flooding the DNCS, App Server, QAMs, QPSKs, or DHCT CPUs with data.
•
Data corruption on the DNCS, App Server, QAMs, QPSKs or DHCTs.
•
Spoofing (the process where one device makes itself look like another device to get
past security measures) the DNCS or other servers.
Theft of Data From the DBDS
The following types of data on the DBDS are the most likely targets for theft:
•
•
SNMP data on the DNCS, App Server, or DHCT
•
CA data
•
Configuration (database) data on the DNCS