DOCSIS SECURITY

Today our DOCSIS networks are inherently insecure and many are unaware of this.  What do I mean by insecure?  No, not crying and sniffling in a corner.  They are open to theft of service, illegal intercept of the data transmitted, illegal wiretapping of phone calls, etc.  Even with Baseline Privacy Interface Specification (BPI+) DOCSIS is quite hackable as evidenced on a number of well-known hacking sites.

With recent news headlines reading “A U.S. House Intelligence Committee is launching an investigation against Chinese telecommunication equipment suppliers Huawei and ZTE to find whether the companies pose a security threat to the country“, it is becoming more imperative that we as an industry take a pro-active approach to securing our DOCSIS networks. How does this tie into Capacity Planning? If you build it – They will come to fill it.  Theft of service directly impacts capacity planning.

IPV4 Security Audit

Recent security requirements and or recommendation from the US government mean cable operators need to think about how secure their network is more than ever and if their network is up to the task. We offer an audit and recommendations for cable operators to have their internal group implement.

IPv4 is a connectionless protocol operating on a best-effort delivery model, which means it does not guarantee delivery nor can it avoid duplicates. TCP sits atop IP and addresses these shortcomings through means such as data integrity checking. The same IPSec in IPv6 is nowadays available for IPv4; it’s up to network providers and end users alike to use it — so a properly configured IPv4 network can be as secure as an IPv6 network.

IPv4 IPsec is rarely used to secure end-to-end traffic. This is because of the widespread use of Network Address Translation in IPv4 (NAT44). NAT44 mangles the IPv4 headers and breaks IPsec. In IPv6 this restriction does not exist.

An IPv4 is a 32-bit decimal address. It contains 4 octets or fields separated by ‘dot’, and each field is 8-bit in size. The number that each field contains should be in the range of 0-255. Where a IPv6 is a 128-bit hexadecimal address. It contains 8 fields separated by a colon, and each field is 16-bit in size.

CAPACITY PLANNING

The goal of capacity planning is to identify the amount of resources required to meet service demands now and in the future. It is a proactive discipline with far-reaching impact, supporting:

  • Business alignment, helping to show the cost and business need for infrastructure upgrades;
  • Consolidation strategies, ensuring that consolidated system configurations will meet service levels,
  • Green initiatives, facilitating the optimization of power requirements;
  • Purchasing decisions, minimizing costs needed to maximize productivity;
  • Application development, predicting the impact on production systems of new or modified applications;
  • Disaster recovery plans, determining the optimal way to handle workloads after a catastrophe;
  • And more…The benefits are wide spread, and the effects are game-changing.  This is critical in keeping paying customers online and therefore satisfied.

Capacity Planning…Who Benefits?

Business

  • Increase revenue through maximum availability, decreased downtime, improved response times, greater productivity, greater responsiveness to market dynamics, greater return on investment
  • Decrease costs through higher capacity utilization, more efficient processes, just-in-time upgrades, greater cost control

CIOs

  • Control infrastructure costs and stay within budget
  • Objectively verify the recommendations of your vendors
  • Make smart decisions by realizing cost vs. benefit tradeoffs for various configuration options
  • Negotiate service levels with business units knowing the resources required to meet them
  • Provide input to business plans regarding costs of supporting various services
  • Make informed purchasing choices based on business impact
  • Support business unit objectives with minimum risk

Customers (Subscribers)

  • Ensure subscribers are provided with the service level they are paying for (Don’t lose market share to a competitor)
  • Subscribers receive a guaranteed Quality of Service (QoS) and Quality of Experience (QoE)
  • Improve service for all subscribers by identifying theft-of-service hackers

What We Do

The Volpe Firm are experts in understanding and improving DOCSIS security

  • We can work with your existing staff to make recommendations
  • Assess your current security strengths, weaknesses, opportunities and threats (SWOT)
  • Develop a full top down security approach and infrastructure and implement
  • Or a combination of all of the above
  • We can help your existing staff optimize their capacity planning models using Matlab algorithms
  • Further the Volpe Firm can develop customized capacity planning tools for your systems
  • Our capacity planning tools range from simple Excel sheets to web-based modeling platforms

The Volpe Firm also has a long history in DOCSIS Protocol and Capacity Assessment dating back to the first release of CableLab’s “Network Dimensioning Software” tool.