The IoT & Device

Management Company

Friendly Blog

The expert opinion on IoT, Smart Home and TR-069 Device Management.

Browse by Category

Back to posts
TR-069 News | Sep 01, 2016

Ensuring the security of Friendly's TR-069 ACS Cloud Solution

Ensuring the solution's security is critical for every cloud service provider. It is even more crucial when the solution is managing subscribers' devices.

A few weeks ago we published a post about rising popularity of Friendly's Cloud TR-069 ACS. In this post, we will cover a security aspect of our cloud solution.


The Broadband Forum designed the TR-069 security model to provide a high degree of security in the interactions that use it. The CPE WAN Management Protocol is designed to prevent tampering with the transactions that take place between a CPE and ACS, provide confidentiality for these transactions, and allow various levels of authentication.

The protocol includes additional security mechanisms associated with the optional Signed Voucher mechanism and the Signed Package Format, described in Annex C and Annex E, respectively.

Security Highlights of ACS Transactions


ACS to Southbound and Northbound Security

Friendly’s Extensive Security Measures

Friendly has introduced the following additional security enhancements to cover the main vulnerabilities stated bellow. These are explained in more detail in “Friendly’s TR69 security aspects” document and is provided to Service Providers opting for Friendly's TR-069 Cloud ACS Solution.

  • SECURITY ZONES
  • ACS WS authentication
  • NBI WS obscured
  • DB connection details encrypted
  • Users Management
  • Path Traversal Vulnerability
  • Cross Site Scripting Vulnerability
  • Unprotected Management Interface Vulnerability
  • Insecure HTTP Methods Vulnerability
  • Insufficient Anti-Automation Vulnerability
  • Information Leak Vulnerability

Got more questions about Friendly's TR-069 Cloud ACS solution's security? Don't hesitate to drop us an email.

Would like to see a live demo? Click here.


Best,

Liel

Liel Anisenko

Related articles

Subscribe for the updates