Re: Would you pay more ...

[Florian Streck <streck () papafloh de>]

On Fri, Jul 02, 2004 at 02:56:41PM -0400, Jeff wrote:
> Regarding standard consumer broadband connections ...
> Would you pay more to only have the following destination ports open
> to the internet originating from your broadband modem:
>      tcp  21 - ftp
>      tcp  22 - ssh
>      tcp  25 - smtp
> tcp, udp  53 - dns
>      tcp  80 - www
>      tcp 110 - pop3
>      tcp 119 - nntp
>      udp 123 - ntp
>      tcp 443 - secure www
>
> (Arguments for/against specific ports solicited. I purposely left
> some out that I don't use. Curious how significant they are to
> others. IMAP4 and icmp protocols come to mind)

Personally I would not like such a setup. Ok, I'm surely no "standard"
user. But I also don't see a point in restricting to those ports.
The main drawback is that you're quite sure to run into some customers
who "need" some other ports and are unwilling to pay more because the
don't need some of the given ports and think more in the number of open
ports that are given to them. For those small companies that you
mentioned a firewall configured for their needs would be better imho.
As for security I don't see a point here. Most infections use those
ports that you want to open to spread. So nothing gained.

> ALTERNATIVELY, would you like it if this was the STANDARD package and
> additional ports were considered optional, and required payment.

No, I don't like the idea of paying more for something that I already
have. And think of the additional amount of work on your side to keep
track of who is allowed to use which ports.

> LASTLY, this could start out as the NEW Secure way to go! It simply
> requires that your existing cable modem be upgraded (replaced) at a
> cost of $50-$75. All new installations would recieve these as part
> of the std pkg.
>
> (I know some small businesses that would LOVE to have this. I know
> because they've called me to resolve some "weird problems" and look
> at me funny when I tell them that they should have had a firewall all
> along.)

As mentioned above, I think the better way is a firewall. Many
businessess don't need ntp or ssh for example. And if they get some
malware using that ports they might be a little bit unhappy about your
solution. 
As for the money, companies however small will very likely be willing to
pay a little more than 50-75$ for a firewall with an individual setup.
and those Grandmas are better of with some kind of
personal firewall that might even cost less to install.

Florian

-- 
"...Deep Hack Mode--that mysterious and frightening state of
consciousness where Mortal Users fear to tread."
(By Matt Welsh)

Attachment: _bin
Description: