Security Incidents mailing list archives
Re: Nimda et.al. versus ISP responsibility
From: geoff <geoff () cardboardtransmitter net>
Date: Thu, 27 Sep 2001 16:08:40 -0400
On Thu, 27 Sep 2001 10:59:49 -0700 (PDT), Chip McClure <vhm3 () hades dnsalias net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 27 Sep 2001, Luc Pardon wrote: I agree whole-heartedly with you on this issue. I believe it is the users responsibility keeping their machines patched, up to date, and secure. Whether they are technically minded or not. It is not the ISP's responsibility to police all their users, however, given the high number of infections, and network saturation of bandwidth, something has to be done. Unfortunately, for the ISP's, they would bear the burden of implementing filters (which I disagree with), or suspending accounts of infected users' machines. If a customer is detected as having an infected machine, give em a 24 hour shut-off notice. The ISP also looses money by an infected customer. They need to pay the increased costs of bandwidth, for the infected machines. I think the ISP wins in the long run, getting rid of a few infected users.
Interestingly, I believe that we are one of the few ISP's that actually uses a quarantine method, ie at first sign of infection or other security issue we will disconnect the customer, notify them via voice, and dispatch a field service tech to their location if necessary. Of course this has a few issues as well. One being that I was specifically involved in getting a provision put into our contracts that we have the right of temporary disconnection without written notification for up to 15 days, and indefinite once notified. Secondly we have lost a few customers because of this but I have convinced management to see this as a net gain citing specifically the costs involved in processing abuse incidents as well as others (bandwidth savings...). Also this does take up resources on our end, but we feel its worth it.
A vulnerable machine left on the internet, is like leaving your wallet, credit cards, and your front door wide open. Nobody else wopuld do that - and it shouldn't happen here.
While I don't agree with this specific analogy, the sentiment is relatively close to mine. So no quibble there.
This also opens up a new door - what to do about the corporate systems on the net which are infected / vulerable? The Gartner group was right. Of course, this is just all my $0.02
Yes, yes they are. We have made an effort to inform our customers of this and try hard to convince them to out source things that may require any MS product.
Chip McClure - ----- Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/
BTW: I do not speak for my company....etc. -- geoff A UI is about making the computer's power easy to exploit, not about making new users feel comfortable. -- http://slashdot.org/comments.pl?sid=00/08/18/1711210&cid=83 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Nimda et.al. versus ISP responsibility Luc Pardon (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)
- Re: Nimda et.al. versus ISP responsibility geoff (Sep 27)
- Re: Nimda et.al. versus ISP responsibility John Oliver (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Rich Puhek (Sep 27)
- Re: Nimda et.al. versus ISP responsibility terry white (Sep 27)
- <Possible follow-ups>
- RE: Nimda et.al. versus ISP responsibility John Campbell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Adcock, Matt (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Homer Wilson Smith (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Tracy Martin (Sep 27)
- Re: Nimda et.al. versus ISP responsibility Neil Dickey (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Michael B. Morell (Sep 27)
- RE: Nimda et.al. versus ISP responsibility Dave Salovesh (Sep 27)
(Thread continues...)
- Re: Nimda et.al. versus ISP responsibility Chip McClure (Sep 27)