Ensuring the solution's security is critical for every cloud service provider. It is even more crucial when the solution is managing subscribers' devices.
A few weeks ago we published a post about rising popularity of Friendly's Cloud TR-069 ACS. In this post, we will cover a security aspect of our cloud solution.
The Broadband Forum designed the TR-069 security model to provide a high degree of security in the interactions that use it. The CPE WAN Management Protocol is designed to prevent tampering with the transactions that take place between a CPE and ACS, provide confidentiality for these transactions, and allow various levels of authentication.
The protocol includes additional security mechanisms associated with the optional Signed Voucher mechanism and the Signed Package Format, described in Annex C and Annex E, respectively.
Security Highlights of ACS Transactions
ACS to Southbound and Northbound Security
Friendly’s Extensive Security Measures
Friendly has introduced the following additional security enhancements to cover the main vulnerabilities stated bellow. These are explained in more detail in “Friendly’s TR69 security aspects” document and is provided to Service Providers opting for Friendly's TR-069 Cloud ACS Solution.
- SECURITY ZONES
- ACS WS authentication
- NBI WS obscured
- DB connection details encrypted
- Users Management
- Path Traversal Vulnerability
- Cross Site Scripting Vulnerability
- Unprotected Management Interface Vulnerability
- Insecure HTTP Methods Vulnerability
- Insufficient Anti-Automation Vulnerability
- Information Leak Vulnerability
Would like to see a live demo? Click here.