Re: dumb. Comcast pop-ups

["Larry Seltzer" <larry () larryseltzer com>]

I agree that shutting off infected users is a tough thing for an ISP to
do unilaterally in a competitive environment. This is at least a step
forward in network hygiene and I'm not impressed with the notion that
this sets up spoof messages; you could say the same thing about any
communications from an ISP. How else should Comcast notify users? This
seems like a good one to me.

I presume that they pick users to notify retrospectively based on
behavior monitoring on their own network. Take the "shut them down"
argument one step further: Implement NAC on the network. Move violators
into 802.11 walled gardens until they remediate. If you're going to do
this you need to know if they have remediated, so you may as well
implement the core part of NAC, test clients before they have connected
to the network.

What do you test them for? This is a policy question, but the things
enterprises do when they implement NAC are test for current patch level
and installation of AV with current signatures. You could also check
application levels (Flash, Office), you could do some actual pen
testing.

I haven't looked at them closely in a while, but my memory was that all
the good NAC systems use a client agent. This is just the last nail in
the coffin of practicality for this approach for ISPs. Maybe many years
from now the White House Office of Internet Security Dictatorship will
be able to implement such a thing.

How about a voluntary system? If an ISP offered a "clean" network with
rules like this would there be any value to opting in to it?

Larry Seltzer
Contributing Editor, PC Magazine
larry_seltzer () ziffdavis com 
http://blogs.pcmag.com/securitywatch/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.