We provide comprehensive Internet services and technical support to fulfill the needs of our corporate customers. Our services include 56 Kbps., Broadband and Leased Line.
Products and Services > Business Services > Solutions > Solution Summary > Security Solutions > CABS
CABS is a service designed to support leased line customers' router device management. The configuration settings backup provided makes it possible to restore previous settings when there is a router problem or configuration error. Moreover, the CABS Server monitors and collects information of all activities on router as well as automatically changes "enable" password to maintain security for user.
| Benefits of CABS | |
 |
CABS records login transactions and events on routers which make it easy to investigate problems. |
 |
CABS automatically backs up configuration settings every time changes are made, which makes it possible to compare the new settings against the previous ones as well as restore the previous settings when there is a problem with router or error in new settings. |
 |
CABS controls router authentication, making it convenient for user and customer support officer to manage the router. |
 |
CABS automatically changes "enable" password every month to ensure router security. User can always ask for the password from our customer support officer to avoid difficulties in case of forgetting password. |
 |
When CABS is in use, Access Control Lists (ACL) will be automatically created to protect against major viruses or other external threats. |
 |
When CABS is in use, server time and standard time will be synchronized, making it easy to accurately identify the period in which different events on the router occur. |
 |
To reduce risk of router's damage. The settings assigned are recommended by the manufacturer. |
| How CABS works? | ||||||||||||
When a customer requests for CABS service, KSC shall run scripts and change configurations on router to enable CABS system to record settings, keep log on router and store all the backup data on the CABS system. The DNS Server and NTP Server shall be configured to ensure time synchronization with KSC system. The Access List will then be created to allow the CABS Server to communicate with the router through Port 122 and 111 and at the same time close other unnecessary ports which are susceptible to virus attacks. When a user logs on to router with CABS service, the router will send authentication request to the CABS Server to verify and compare the authentication data with the system database. If the login is valid, the system will allow user to access the router while the login transaction shall be recorded into CABS Server. Everyday at 8.00 p.m., CABS Server will backup and store configuration settings of customer's router then automatically send the report to related parties. CABS Server will automatically change enable password on the 1st of every month. User who wants to have the password in order to change router configurations can contact KSC customer support officer by phone. The password will be changed |
||||||||||||
| Possible Impacts of CABS | ||||||||||||
At activation of CABS service, the Access control list shall be created to close certain ports to prevent unsolicited traffic from accessing customer's network.
|
| Service Name | UDP | TCP |
| Browsing datagram responses of NetBIOS over TCP/IP | 138 | |
| Browsing requests of NetBIOS over TCP/IP | 137 | |
| Client/Server Communication | 135 | |
| Common Internet File System (CIFS) | 445 | 139, 445 |
| DCOM (SCM uses udp/tcp to dynamically assign ports for DCOM) | 135 | 135 |
| DHCP Manager | 135 | |
| DNS Administration | 139 | |
| Exchange Server 5.0/2000/2003 | ||
| Client Server Communication | 135 | |
| Exchange Administrator | 135 | |
| RPC | 135 | |
| File shares name lookup | 137 | |
| File shares session | 139 | |
| Login Sequence | 137, 138 | 139 |
| Microsoft Message Queue Server | 3527 | 135, 2101 |
| NetBT datagrams | 138 | |
| NetBT name lookups | 137 | |
| NetBT service sessions | 139 | |
| NetLogon | 138 | |
| Pass Through Verification | 137, 138 | 139 |
| Printer sharing name lookup | 137 | |
| Printer sharing session | 139 | |
| RPC user manager, service manager, port mapper | 135 | |
| SCM used by DCOM | 135 | 135 |
| SQL Named Pipes encryption over other protocols name lookup | 137 | |
| SQL RPC encryption over other protocols name lookup | 137 | |
| SQL session | 139 | |
| SQL session mapper | 135 | |
| WINS Manager | 135 | |
| WINS NetBios over TCP/IP name service | 137 | |
| WINS Proxy | 137 | |
| WINS Registration | 137 | |
| Refer: |
||
| Commands that are not allowed as it would affect CABS | |
| * aaa * * username * * enable * * logging * * ntp * * snmp-server * |
Modification of Access Control List is allowed. However, once the change is made, it would affect the previous created by CABS. Therefore, it is recommended that the user inform KSC's technical staff prior to making change. |
Network Diagram
