Firewall Wizards mailing list archives
Re: Newspaper Article about Cable Modem security
From: Saso <Saso () vsecureit net>
Date: Thu, 04 Nov 1999 22:02:00 +0100
Hi Russ, In message <84813DB48E28D211978700A0C9B55834429AF5 () mail cooper com>, Russ@coope r.com writes:
<opinion> Your example at the end of the paragraph is the perfect reason why security shouldn't be left to average users. It's very easy for you to say that everyone should be responsible because you understand it. Most people don't think like computers, and to try to force them to understand that they "need to filter BO by closing ports" is like speaking german to them.
I have to say I completely agree with you on this. A customer doesn't care much what BO is and what it isn't and the usual customer wants to keep it this way. Most ISP customers are computer illiterate and frankly, they don't care how things work as long as they work the way they expect them to. As an ISP, you have to keep your customers happy and let them do everything their heart desires. Sooner or later that collides with the level of security that should be set. For instance, some customers on cable want to share their hard drives with their friends, but they can't because ISP closed port 139 (@Home example by R. Graham). Before we took that step, we had to consider two options: one, we could keep our hands off things and leave customers on mercy of those zillions of script kiddies that roam the 'Net. two, we could go out of our way, knowing not many will stumble across it, but will definitely be angry about it, and just filter the port. By taking option numer 1, your tech support will hear from all the angry customers whose important documents found a way to a local news group and soon newspapers will tear you apart because you didn't take enough care about your users. By taking option number 2, your tech support will hear from all the angry customers who can't share their precious MP3 collection with their friends. And many their friends know someone in local newspaper what will scream 'oppression!'. ISP involving themselves in security issues can't gain a thing. And quite frankly, I don't think ISPs should do anything more than they can if a customers asks them to. If a customer wants port 139 to be closed for his xDSL line, why not. But if they don't want it to, it's their own decision and they should be well aware of that.
A "generic" security option from an ISP is probably sufficient for most users who just want to surf the web and get email and ICQ. But for more advanced users I see more of a service approach to the problem.
Question is, how generic a generic security would be. Should we stop just by well-known ports like 135, 138, 139, 12345, 2140, 31337 or should we go a step further? How far? We are taking the false move here. We all take major security flaws in OSs as if it was the only way it could be. We move the responsibility for customer security from computer vendors to ISPs. It is like we would move the resposibility for car safety from car manufacturers to the organisation that maintains the roads. ISPs provide what their name says == Internet services. Yes, S in ISP stands for services, not security. I for one expect from my OS vendor to provide me secure out-of-the-box OS. I still keep hope for that day to come. ;)
Why shouldn't computers work the same way? People can choose to have generic security from their ISP, or they can choose to have none, or they can install a firewall themselves, or they can hire an outside company to monitor, update and maintain the firewall.
Yes, I agree. Customers should be able to choose. In a perfect world, they could chose between an ISP that will give them different 'security plans' and the ISP that will lock them up inside his fort and an ISP that will leave them alone in the great wide open. The first one would probably be perfect for the accountant type, the second one for the paranoid ones and the third one for the adventurers. But it's all Sysiphus work as long as computer vendors don't join the dance. Your ISP can't protect you from yourself or the bug farm you have on your computer. And that is where it all began in the first place. Regards, Saso
Current thread:
- RE: Newspaper Article about Cable Modem security, (continued)
- RE: Newspaper Article about Cable Modem security Keller Dennis (DDSP) (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 01)
- RE: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security REID FOX (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 02)
- Re: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Russ (Nov 02)
- Re: Newspaper Article about Cable Modem security Saso (Nov 05)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 08)
- Re: Newspaper Article about Cable Modem security Holger Heimann (Nov 09)
- Re: Newspaper Article about Cable Modem security Saso (Nov 05)
- RE: Newspaper Article about Cable Modem security David Lang (Nov 05)
- RE: Newspaper Article about Cable Modem security Keller Dennis (DDSP) (Nov 01)
- RE: Newspaper Article about Cable Modem security sean . kelly (Nov 02)
- RE: Newspaper Article about Cable Modem security sean . kelly (Nov 02)
- RE: Newspaper Article about Cable Modem security Kevin Johnston (Nov 05)
- RE: Newspaper Article about Cable Modem security R. DuFresne (Nov 06)
- RE: Newspaper Article about Cable Modem security dreamwvr (Nov 06)
- RE: Newspaper Article about Cable Modem security ark (Nov 05)