(Tough) Security Queston about ISP companies

Question

I want to ask a question. One ISP was criticized for it's low security conditions, and when i heard this i started to think:

1. If one gets an unauthorized access to the mainframe computer / internal network of the ISP, then wouldn't he be able to sniff all the traffic ? Because the ISP is providing the internet connection for the user so all traffic that sends and transmits a user travels via the ISP, right ?

2. What security solutions (talking about computer security) are being implemented by other ISP in order to protect themselves and their users ? If all the connections are being sent via a special computer, how secure it is and how can be we sure that it's really safe ? And what kind of computers are those who serve as backbones for the ISP ?

Thank you in advance for your help.

Answer 1

I think you have to assume that anything you send over the Internet unencrypted is not secure. Even then there's no guarantees as there are many man-in-the-middle type attacks and who knows what the security is of the system that's storing your data on the other end.

If you need to get data securely from point a to point b then it's up to the end points to figure out how to best do that. In most cases on the web that's done with SSL. But businesses often use VPN technology to encrypt all data between two locations as well.

Edit: To expand on my answer a little. I think your use of the word mainframe is a bit off in this case. Most traffic going through an ISP is just going through the IPS's network not their servers. So it's traversing, routers, switches, firewalls, and most likely caching proxies. With a bit of deep packet inspection and traffic shaping perhaps. But in general only the traffic going to services that the ISP offers such as email would be passing through their servers.

Answer 2

As 3dinfluence said, you really need end-to-end security. Chances of sniffing are probably more likely in your own network, end-to-end is the only way to solve this. Examples are SSL (commonly https://) which encrypts the traffic on your computer, and decrypts it on the Webserver (this is what end-to-end means). VPN does all traffic, PGP is used for end-to-end email encryption etc. With some of these, certificates are also used, which not only make sure the traffic is encrypted, but the other end is who they claim to be.

The types of computers ISPs have are called routers, and the job of those routers is to get the traffic from one point to another. They need to protect these routers to ensure that data makes it to its (proper) destination and they work hard to make sure people can't hack into the routers and reroute traffic. The security of the traffic itself is up to the users at each end. Rerouting traffic and preventing hackers damaging their portion of the internet is their concern.

Answer 3

1) I'd say it depends. It's definitely feasible, but it depends on what is in place to see unusual conditions...I mean, are you saying unauthorized access as in physical, or they broke into a server? Physical access could mean adding another machine to a switch port and mirroring data or stealing backup tapes, and if it's remote then most ISP's should notice a spike in outgoing traffic choking their connections as data is being sniffed and mirrored out (or spikes as data is transferred later). Plus you have to redirect traffic through a system that is not a router ordinarily in order to see the traffic, since without setting up a switch to mirror traffic you have to spoof ARP requests to redirect gateway traffic. But yes, it's possible they could sniff data.

2) VLANs, updates on systems, auditing for unusual behaviors, etc.

Are you asking as a user afraid of what the ISP is doing to watch your traffic? You're never fully sure your traffic isn't being watched. I mean, think about it...you are doing banking traffic. Your traffic is going from your computer to your provider to your providers upstream provider (and you don't know how many hops that is) to the ISP of your bank to your bank's servers. Your connection stands to be hijacked at your network, your ISP, your bank's ISP, and your bank's employees, and any hop on the backbone in between. And how do you guard it? Encryption, at most. That's assuming someone isn't injecting a fake cert to hijack your SSL connection, and that no one has installed a keylogger or screen capture program on your system or a bank employee's system.

Can someone do it? Sure. Odds are you'll have a thief just as soon mug you at the ATM than go through the trouble, but yes, it's possible. It's just not a threat so common that it's worth losing sleep over.