Green and Secure
Although the author is not a particular supporter of the green movement, he is certainly not opposed to increasing network security or saving money by reducing energy costs. One of the promoted advantages of cable modems is the always on feature. This feature is both an advantage and a threat.
Leaving a cable modem on all the time means that the cable modem (not actually a modem but oh well) maintains a connection to the Internet. This creates risk by increasing exposure. A common security principle states that exposure should be reduced to reduce risk. How does exposure create risk?
To answer that question, let's take a look at the concept of account exposure. The most widely used method to access a network involves using a user-name/password pair for authentication. User-names may be easily discovered using techniques that I will not venture into in this hub but passwords are meant to be kept secret.
Account exposure entails the amount of time that the user-name/password pair remains remains available for access. This is the reason that most organizations enact password policies requiring employees to frequently change their passwords. Although the user-name may be left in-tact for the duration of an employees stay with the organization, that individual frequently changes the password connected to the account.
This means that a hacker has a limited amount of time to crack the password before the password changes. This policy reduces the threat by increasing the difficulty of cracking the account. However, if the organization does not employ a policy that requires complex passwords then the amount of time required is very small and the password change has little effect.
So how does account exposure relate to cable modems?
Do you use a cable modem?
The great majority of personal users who connect to the Internet do not place account restrictions on their computers. This means that if a hacker gains the ability to initiate a connection to the computer then the hacker may have a very easy task in cracking the security of the computer. The default account is typically Administrator for a Windows based system and root for a Linux based system.
Although most Linux distributions require the creation of a root password during installation, many home versions of Windows do not. Therefore, with no account created the default account becomes Administrator with no password. Not too hard for a hacker to guess.
If a hacker breaks into a computer, that hacker typically gains whatever access rights the logged-in user was granted. If the account is the Administrator account then the hacker gains administrative privileges and basically a free reign over the system. Leaving the cable modem on all the time increases the amount of time available for a hacker to crack the account.
So why not just turn off the computer and leave the cable modem on?
If you use a cable modem, do you leave it on all the time?
Turning the computer off when not in use will certainly gain points with the green movement and save you a little money but your network connection to the Internet remains in place. How does this expose a risk? Most Internet Service Providers (ISP)s use a protocol called Dynamic Host Configuration Protocol (DHCP) to assign IP addresses. These are the addresses that control the flow of information through the Internet.
These IP addresses are also the addresses used to gain access to a host device (any device connecting to a network is a host device of that network). ISPs typically assign these addresses for a short period of time, this time period is known as the lease time. When a host uses half of the provided lease time, the host tries to renew the lease and normally succeeds.
Why is this a bad thing?
Remember the analysis concerning account exposure above? Even if you don't, the same concept applies. The ISP assigns an IP address to the cable modem and these addresses, as stated earlier, are used to access devices. If the network address of the cable modem never changes then the network exposure of the cable modem increases and a hacker has all the more time to try to break into the cable modem and any other devices connected to that cable modem.
Do you shut down your computer when not in use?
Now this final concern is a definite concentration of the green movement and that concern is power consumption or energy waste. The media has expressed concerns in recent times about all the energy wasted by devices left on all the time. Some of the greatest offenders that constantly consume power and waste energy are in fact cable modems, computers, and satellite boxes.
I checked my cable modem and found to my dismay that there is no label to disclose the power consumption of the device so let us take a low estimate of 10W. At that rate, the box would use 100W in 10 hours and 1KW in 100 hours. Not a huge amount of energy waste but substantial when you consider the amount of time the box is just sitting there, doing nothing but waiting for a connection.
In some cases it is not practical to turn off a cable modem, such as when the modem also controls your telephone. Otherwise, though, a user would probably be wise to turn off a cable modem when not in use to both save energy and increase security. This would help please the members of the green movement and add to the user's peace of mind.
What do you think?
The author appreciates all comments.