[53012] in North American Network Operators' Group
Re: How to secure the Internet in three easy steps
daemon@ATHENA.MIT.EDU (Michael Lamoureux)
Fri Oct 25 21:29:06 2002
To: batz <batsy@vapour.net>
Cc: nanog@merit.edu
Reply-To: lamour@UU.NET
From: Michael Lamoureux <lamour@mail.argfrp.us.uu.net>
Date: 25 Oct 2002 21:27:33 -0400
In-Reply-To: batz's message of "Fri, 25 Oct 2002 17:20:29 -0400 (EDT)"
Errors-To: owner-nanog-outgoing@merit.edu
"batz" == batz <batsy@vapour.net> writes:
batz> Assuming you are referring to "securing" as the balance of the
batz> holy triuvirate of Confidentiality, Integrity and Availability,
batz> there are other options than the modest proposals you made.
batz> The ISP doesn't have to manage the firewall, but like I said
batz> earlier, if they provided a configurable filter in the form of a
batz> web interface to altering access-lists applied to the customers
batz> connection, this would solve most problems.
Just to make sure I understand what you are suggesting, you are saying
that the solution to most of the Internet's security problems is for
ISPs to set up webservers with applications running on them that allow
customers to alter the ACLs on the ISP's routers for the interfaces
that have that customer's connections? I must be misreading that
somehow. ;-)
IMHO,
Michael
