Significant Network Management Problems

Verizon DSL Traffic Blocking Issues

In the early days of Web services, the ability to communicate machine tomachine over port 80 to avoid firewall configuration issues was a muchtouted advantage. The reality, of course, is that sending XML traffic overport 80 introduces a potentially significant security risk. With the blocking of port 80 issues by Verizon, someone at a small business with a Verizon DSLInternet connection can’t connect to a home computer with NetMeeting.Despite there being no firewall on the receiving computer NetMeeting stillcouldn't make a connection. Even a simple ping of the target computerfailed.Verizon's press relations office made it clear in an update on August 07, 2008that they do not block traffic. And, it seems they don't - at least not onpurpose. The issue in most of the cases is was with the firewall in the router.In a standard consumer grade router, the firewall has a simple task: block allunsolicited incoming traffic. It doesn't try to govern outgoing traffic at all. Thus, any connection to the Internet that starts from a computer on the LANis allowed. This is similar to the way the Windows XP firewall works, exceptthat the XP firewall is likely to have some pre-defined holes in it.

Security Management

One of the major problems that Verizon FiOS network faces is securitymanagement. A recent study was conducted for this purpose and the resultsindicated that around 70 percent of data breaches in the company resultedfrom external sources. These include breaches caused by business partners,inevitably a source of vulnerability. Only 18 percent of breaches were causedby insiders.

According to “Data Breach Report” issued by Verizon Business in 2008, mostbreaches resulted from a combination of events rather than a single action.Some form of error often directly or indirectly contributed to a compromise.In terms of deliberate action against information systems, hacking proved tobe the attack method of choice among cybercriminals. Although thesebreaches were perpetrated from outside but were facilitated by errors insidethe company’s management. This clearly indicates that most securitybreaches were crimes of opportunity, in which a door was left open andattackers simply walked in and did the damage.

"It’s not about clever or complex security protection measures,"

says Peter Tippett, Vice President of research and intelligence for Verizon BusinessSecurity Solutions.

"It really boils down to doing the basics, from planning toimplementation to monitoring of the data."

The most common errors identified in the study were errors of omission,which account for 79 percent of the mistakes identified. This often involvedstandard security procedures or configurations which were believed to havebeen implemented, but in actuality were not, posing a threat to thecompany’s stability. The breaches can be attributed to a number of causes.Verizon had a system running that was operating without the organization'sknowledge; a system that had unknown access or network connections; or asystem that had unknown accounts or user privileges. To alleviate these internal problems which often lead to external attacks,Verizon should work on some common-sense strategies, including frequentchecks to ensure that policies are carried out, securing business partnerconnections, and creating a data maintenance plan. They should ensure thatbasic and essential security controls are met across the entire organizationconsistently, and that these controls are actually implemented as well. If basic security controls had been in place at the time of attack, nearly allbreaches would likely have been prevented.

Billing Issues

FiOS is seeing good reviews from their users because of the speed andreliability of the connections. Verizon is deservedly seeing praise for beingthe only telecommunication company with the foresight to see that fiber isthe future. However, if FiOS has a weak spot, their users say it's Verizon'sFiOS billing department.Its price is a major barrier to make it more popular. As of March 2009, itcharges from $50 per month for a connection reaching up to 10 megabits persecond to $145 per month for a connection reaching up to 50 megabits persecond. Its price is more expensive than AT&T’s fastest DSL ($30 per monthfor 3 megabits per second, as of March 2009) and Time Warner’s cableinternet service ($45 per month for 10 megabits per second, as of March2009). As of March 2009, Time Warner offers high definition TV (HDTV), cableinternet, and digital telephone bundle services for $130 per month (with a 2-year contract), while Verizon FiOS service (HDTV, telephone, and internet)costs $140 per month regularly, but at certain times can be $95 (with a 2-year contract).It has been reported by many customers of Verizon FiOS network that fromday one, their bill has never been correct. The triple bundle package whichincludes the phone, Internet and TV service is supposed to cost around$156/month including taxes but most of the statements get around morethan $220/month. There were so many charges that were never clarified tothe customers when they signed up the contract. Customers tell they'rebeing incorrectly billed for service they didn't order, aspects of installationnot performed, and channels they never asked for. While these users like theservice itself, they say resolving errors is difficult and navigating phonesupport is a nightmare. The billing anomalies vary greatly from customer to customer. One user