bearded man working on laptop

Friendly’s TR-069 ACS Cloud Solution and Security

Ensuring the solution’s security is critical for every cloud service provider. It is even more crucial when the solution is managing subscribers’ devices.

A few weeks ago we published a post about rising popularity of Friendly’s Cloud TR-069 ACS. In this post, we will cover a security aspect of our cloud solution.

The Broadband Forum designed the TR-069 security model to provide a high degree of security in the interactions that use it. The CPE WAN Management Protocol is designed to prevent tampering with the transactions that take place between a CPE and ACS, provide confidentiality for these transactions, and allow various levels of authentication.

The protocol includes additional security mechanisms associated with the optional Signed Voucher mechanism and the Signed Package Format, described in Annex C and Annex E, respectively.

Friendly Technologies’ Extensive Security Measures

Friendly has introduced the following additional security enhancements to cover the main vulnerabilities stated below. These are explained in more detail in “Friendly’s TR69 security aspects” document and is provided to Service Providers opting for Friendly’s TR-069 Cloud ACS Solution.

Security Zones

  • ACS WS authentication
  • NBI WS obscured
  • DB connection details encrypted
  • Users Management
  • Path Traversal Vulnerability
  • Cross-Site Scripting Vulnerability
  • Unprotected Management Interface Vulnerability
  • Insecure HTTP Methods Vulnerability
  • Insufficient Anti-Automation Vulnerability
  • Information Leak Vulnerability

Got more questions about Friendly’s TR-069 Cloud ACS solution’s security? Get in touch!