[120273] in North American Network Operators' Group
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
daemon@ATHENA.MIT.EDU (Joakim Aronius)
Tue Dec 15 07:50:36 2009
Date: Tue, 15 Dec 2009 13:49:54 +0100
From: Joakim Aronius <joakim@aronius.com>
To: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <2BDE5380-B69F-4068-AF7B-40E0724C9C91@cs.columbia.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Steven Bellovin (smb@cs.columbia.edu) wrote:
>
> On Dec 14, 2009, at 11:47 PM, Joel Jaeggli wrote:
> > Owen DeLong wrote:
> > Stable outgoing connections for p2p apps, messaging, gaming platforms
> > and foo website with java script based rpc mechanisms have similar
> > properties. I don't sleep soundly at night becasuse the $49 buffalo
> > router I bought off an endcap at frys uses iptables, I sleep soundly
> > because I don't care.
> >
> Precisely. And if you want to get picky, remember that "availability" is part
> of the standard definition of security. A firewall that doesn't let me play
> Chocolate-Sucking Zombie Monsters is an attack on the availability of that
> gmae, albeit from the purest of motives.
>
> No, I'm not saying that this is good. I am saying that in the real world, it
> *will* happen.
So what you are saying is that ease of use and service availability is priority one. Then what exactly are the responsibilities of the ISP and CPE manufacturer when it comes to security? CPEs with WiFi usually comes with the advice to change password etc. Is it ok to build an infrastructure relying on UPnP, write a disclaimer, and let the end user handle eventual problems? (I assume it is...)
/jkm
