[64531] in North American Network Operators' Group
Re: ISPs' willingness to take action
daemon@ATHENA.MIT.EDU (kenw@kmsi.net)
Mon Oct 27 11:05:29 2003
Date: Mon, 27 Oct 2003 09:03:52 -0700
From: kenw@kmsi.net
In-reply-to: <Pine.GSO.4.44.0310270931340.22227-100000@clifden.donelan.com>
To: nanog@nanog.org
Cc: nanog@nanog.org
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 27 Oct 2003 10:25:36 -0500 (EST), you wrote:
>...
>As a non-ISP consultant, when a client asks you to configure their
>Exchange server do you always conduct a top-to-bottom security analysis =
of
>the client's entire business infrastructure and refuse to do business =
with
>them until after they have corrected every deficiency? Or does the =
client
>just say screw you, and hires a different consultant that will do what
>the client wants?
>...
I said "low hanging fruit". I didn't say "top-to-bottom security
analysis".
>...
>> 3) There was a thread a little while ago that talked about a way to =
cut
>> down spam by simply restricting who you would accept SMTP traffic =
from.
>> Unfortunately, I don't recall the details, but at the time it struck =
me as
>> eminently sensible, and just required cooperation between ISPs to =
implement
>> effectively.
Does NOBODY remember that thread? =20
>Again, look the postal mail system. One proposal required everyone mail
>letters in person at the post office, and show id to the postal clerk.
Straw dogs... come on! It's like saying we can't take drastic,
inappropriate measures, so we can't take any at all.
>...
>ISPs are doing a lot to protect end-users. Some examples include
>
>Education campaigns
>Free anti-virus software
>Free personal firewall software
>Port filters (port 80 anyone?)
>Notification of compromised systems
>Incident Response
>Intrusion Detection/Intrusion Prevention
>Managed Security Services
And if all ISPs were doing all these thing (as you try to imply) we'd all
be a lot better off, wouldn't we?
>Unfortunately some of the argument is a bit like the old cries for =
public
>payphone companies were responsible for the drug dealers in poor
>neighborhoods. So they removed public payphones. The drug dealing
>problem wasn't solved.
"A strong conviction that something must be done is the parent
of many bad measures." -- Daniel Webster=20
So, am I advocating bad measures?
/kenw
Ken Wallewein CDP,CNE,MCSE,CCA,CCNA
K&M Systems Integration
Phone (403)274-7848
=46ax (403)275-4535
kenw@kmsi.net
www.kmsi.net
