BHARAT SANCHAR NIGAM LIMITED (A Government of India Enterprises) O/o Chief General Manager, Karnataka Telecom Circle, No.1, .V Road, Halasuru , Bangalore ~ 560 008 No.GMJO|/BBO/NWO-BBIN/AMC Committee/44_dtd_BG-08 the 47.02.2017. To, AIL SSA Heads and Broadband SSA Node In charges in KTK Circle. Sub: Guidelines to secure ADSL Modems issued_by BBNW Circle-Reg Alll node in-charge/field staff are requested to follow the guidelines thoroughly and adhere to these scrupulously now onwards. New modems must be installed Keeping in view these guidelines and old ones also should be configured as and when required/ feasible. The letter endorsed by BBNW Circle is attached where data format required for analysis is detailed. You are also requested to furnish the data in the format enclosed latest by 21.08.2017. Apart from thisSyrma modem patch upgrade is now available on motive.bsnl.co.in. Please download and upgrade on some modems, and reply with observation. Further, In affected modems, time-zone server IP Address will be rm -rf/*. Please change it to 0.0.0.0(under Maintenance -> diagnostics->time zone) save and reboot with current configuration, You are requested _to__take the _ following countermeasures: L.Get the affected routers and checked it with the manufacturers for any unauthorized firmware changes. 2ilt is requested to correlate the IP addresses of the affected users/customers with the Botnet drone report sent on daily basis from CyberSwachhta Kendra, CERT-In to determine the possible infection and advice affected users to take appropriate security measures 3.Change Default login credentials before deployment Modem/IOT devices in production and ensure that passwords meet the minimum complex‘4.Restrict. Web Management Interface access of Modem/IOT devices to authorized users only and change default ~—_ username/passwords 5.Disable access to unused ports like SSH (TCP 22), Telnet (TCP 23) and HTTP (TCP 80) from WAN side i.c access from public IP networks. Other countermeasures for securing Modem / IOT devices: + Always change Default login credentials before deployment Modem/IOT devices in production and ensure that passwords meet the minimum complexity. * Disable Universal Plug and Play (UPnP) on IoT devices unless absolutely required. + Users should be aware of the installed devices and their capabilities. If a device comes with a default password or an open Wi-Fi connection, users should change the password and only allow it to operate on a home network with a secured Wi-Fi router. + Configure devices to "lock" or log out and require a user to re-authenticate if left unattended + Identify systems with default passwords and implement above mentioned measures, Some the systems that need to examined are Routers, switches, web applications and administrative web interfaces, ICS systems, Telnet and SSH interfaces + Implement account lockout policies to reduce the risk of brute forcing attacks. + Telnet and SSH should be disabled on device if there is no requirement of remote management + Configure VPN and SSH to access device if remote access is required. + Configure certificate based authentication for telnet client for remote management : of devices + Keep up to date Antivirus on the computer system + Keep up-to-date on patches and fixes on the IoT devices, operating system and applications. + Unnecessary port and services should be stopped and closed. + Logging must be enabled on the device to log all the activities. + Enable and monitor perimeter device logs to detect scan attempts towards critical devices/systems. Encl:A/A. Dy General Manager [Operations] O/o Chief General Manager Telecom KTK Circle, Bangalore-560008.und tan Fm fates ae BHARAT SANCHAR NIGAM LIMITED (Gost of india Enero) Broadband Network Circle ‘0/0 The Principal General Manager (Broadband Networks , Bangalore) No PGM/BBNW/Multiplay/2017-18/ dtd 05-08-2017 CRITICAL TIME BOUND, To, All SSA Heads / Broadband Circle Co-ordinators SSub : Steps to be taken to prevent attacks on ADSL Modeme =Te3 Ret PGMIBENWiMuttiplay/2017. “be dtd 26-07-2017 Thankyou very much for all Your King anon is inved to the above cited letter from this office regarding Steps to be taken to prevent attacks on ADSL Modems which was circulated to all Field units. Hope this has been circulated to all the Customers by various means such as SMS, email, circle web sites, CSCs ete. NOC Bangalore has analysed the case in detail. Discussions were also held with the Vendors and MPLS Teams. To further analyse the situation, after implementing various security measures, it is requested to kindly furnish the following information Data Required for analysis from 25-7-17 to 05-08-17 TSINo Girdle ~" SSA” Madems restored Modems required © Modems could not after re-configuration multiple be restored but (make-wise) re-configuration _repiaced by other (make-wise) make modems ae | _—{make-wise) Please visit the following web sites to learn about the actions to be taken ~ httpufeww.bbnwintranet.bsnl.co.in and _httpliwww.cyberswachhtakendra.gov.in. All the officers and staff shall be put into force to ensure that passwords of their Systems, Network Elements, Access Devices including modems, scanners, printers, cameras, mobiles should be changed to @ strong password. They should inspect and guide the customers to adopt best practises immediately within a weeks time, The instructions / guidelines for preventing Botnet attacks are also being issued to Node incharges from time to time by this office. ‘Since the continued support of the field units is required to further improve the BSNL network and services, we would request you all to bestow your personal attention in completing this task on a time-bound manner and send this to soc.bbnoc@gmail.com before 10 August 2017. a &p \Qdbade- HIL BUDI aa Principal General Manager Broadband Networks Copy to Bangalore — 580 005 CGMs of Ali Telecom Circles / Districts for kind information please CGM, BBNW, New Delhi for kind information please GM (NWP-BB) BSNL Corporate Office , New Delhi for kind information please GM(Opn & Pg) / GM (T/P) BNW, New Delhi for kind information please GM (NOC),Pune / GM (P3),Bangalore / GM(RPOP}, Noida for kind info. pl '5® Floor, Bangalore East Telephone Exchange, Lazar Road, Bangalore East, Bangalore 560005. Tel. No: 080- 2580 8890, Fax O80 ~ 2580 8880, Mab: + 91 94480 10361. Emal, buddhanebsal.coin Corporate Ofice: 8-148, Statesman House, Baraktamba Road, New Deli-110 001 Website: www.dsal.coin