You already know that accurate insight into subscriber usage and network resource requirements offers numerous benefits to your business, but do you know best practices to collect and analyze this data?

This document aims to outline the definitions of Client Class, Device Classifier, and Classified Network Setting in Broadband Command Center and the use cases for each.

The remote provisioning and management of CPEs offers service providers a number of advantages by simplifying and speeding up device operations while reducing support costs. However, for providers new to TR-069 — the protocol that makes this all possible — there can be a lot of learn, particularly when it comes to defining TR-069 parameters.

This document outlines how TR-069 parameters are used within the Incognito TR-069 solution, Incognito Auto Configuration Server.

Inevitably, all broadband providers will need to support IPv6. Most regional Internet registries (RIRs) have already run out of IPv4 addresses and resources are limited worldwide. How can you plan for a painless transition? This document aims to set out the basic steps involved in planning for IPv6 on your network, and what to consider to plan routing for IPv6.

In this final post on fraud protection in DOCSIS networks, let’s examine how security roles in the Incognito solution can be utilized to prevent service theft.

Administrative Security

Administrator Accounts

Administrator accounts enable you to set up users that function in different assigned security roles:

• Super User: Super user accounts always have access to all aspects of the DHCP service configuration. This access cannot be removed or restricted by any other security settings or Access Control Lists.

• Account Administrator: Only super users and account administrators are able to add, modify or delete existing accounts, with one exception: every user can change his or her own password from the File –> Change Password menu item

• Service Manager: Only super users and users with this attribute set can access service configuration and operations

In addition to the security roles, the DHCP service also supports specific database access privileges. User can be set to have either “read-only” or “manage” access to specific service features.

Enabling additional features in the Incognito fraud protection solution will go a long way to securing your DOCSIS network from service theft.

Anti-Roaming

Anti-Roaming devices enable you to restrict roaming on particular devices attached to the network. Anti-Roaming only has an effect for IP phishing/device ID cloning, when the cloned MAC is on a different CMTS. In the majority of cases, the cloned MAC will be on the same CMTS, as it’s likely the person cloning the MAC will be on the same local network by using a network sniffer to obtain the MAC.

We previously looked at the layers of security required to protect MSPs from theft of service. In this Tips & Tutorial, we’ll dive deeper into how the Incognito solution offers fraud protection with data sharing.

DHCP and CFM Data Sharing for Fraud Protection

The DHCP service shares what is known about the client with the configuration file management (CFM) service by creating a unique filename for the settings required for the device. This data is then stored in a table on the CFM service for 60 seconds, waiting for the modem request, after which it is deleted.

When the modem contacts the CFM service, it requests its configuration file by the name created by DHCP, and CFM looks up the file settings in its table. The file is then generated on request.

Adding multiple layers of security is essential for any DOCSIS network. Incognito has implemented various security measures into our fraud prevention solution to protect MSPs from threats like hacking, theft of service or speed boosts, and DoS attacks.

ISPs have been performing device provisioning in the IPv4 world using DHCPv4 for many years. With the advent of IPv6, and DHCPv6 now being deployed on networks, many of the concerns about DHCPv6 provisioning mirror those from DHCPv4. This document aims to map the provisioning details of DHCPv4 into the DHCPv6 world.

Composing DHCP options for device provisioning can pose some challenges for network administrators. In some cases, one set of options can be used for a large number of devices, while in other cases, unique options are required to provision one particular device.

As a result, network administrators need to be able to flexibly deliver DHCP options to enable fast device provisioning for a wide range of devices.