North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Microsoft to ship new versions with firewall enabled
- From: Adi Linden
- Date: Thu Aug 14 14:08:59 2003
> However the new microsoft policy will help protect the network from Joe
> and Jane average who buy a PC from the closest "big box" store and hook it
> up to their cable modem so they can exchange pictures of the kids with the
> grandparents in Fla. This is the class of users who botnet builders dream
> about because these people do not see a computer as a complex system which
> _requires_ constant maintenance but as a semi-magical device for moving
> images and text around.
But that's exactly what a consumer PC is! An appliance (just like a
toaster) for exchanging pictures, sending email, balancing the checkbook,
paying bill, play games, etc. The average Joe doesn't care why the thing
works. But he does notice if it doesn't work as expected. Then he'll
call tech support or get the neighbours kid to help. He may never notice
that the box is has been compromised and DoSs his favorite website or
relays SPAM to millions of fellow Joes. That's reallity! The more
broadband there is, the worse the problem becomes.
I absolutely agree with the statement that the network should be
transparent. No blocked ports, no filtered content. What goes in one end
comes out the other or is delivered to the intended recipient in between.
Exceptions are temporary measures to reduce or eliminate harmful traffic
that impeded network performance or otherwise compromise the network
Having said that, customers of ISPs have great variety of needs. On one
hand is the transport of transit data. This is truly a gigo (garbage in,
garbageout) situation where traffic should flow unhindered and in its
entirety. On the other hand there is the residential ISP market. I don't
think it's safe to let a residential PC sit on an internet connection and
have pass traffic to and from it without inspection.
ISPs need to wake up and offer a managed internet service. Where the ISP
takes the initiative to provide filtered internet to residential
customers. Turn on firewall features in your cable box or make those small
NAT routers part of the service offering.
Bashing any OS vendor isn't the solution. All OS have exploits. The *NIX
crowd is just a lot more technically inclined and a lot more aware of
network security than your average Windows user.
So instead of beating up on OS vendors or crippling the network, how about
crippling the devices that are the root of the problem???