Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Microsoft to ship new versions with firewall enabled

  • From: Adi Linden
  • Date: Thu Aug 14 14:08:59 2003

> However the new microsoft policy will help protect the network from Joe
> and Jane average who buy a PC from the closest "big box" store and hook it
> up to their cable modem so they can exchange pictures of the kids with the
> grandparents in Fla.  This is the class of users who botnet builders dream
> about because these people do not see a computer as a complex system which
> _requires_ constant maintenance but as a semi-magical device for moving
> images and text around.

But that's exactly what a consumer PC is!  An appliance (just like a 
toaster) for exchanging pictures, sending email, balancing the checkbook, 
paying bill, play games, etc.  The average Joe doesn't care why the thing 
works.  But he does notice if it doesn't work as expected.  Then he'll 
call tech support or get the neighbours kid to help.  He may never notice 
that the box is has been compromised and DoSs his favorite website or 
relays SPAM to millions of fellow Joes.  That's reallity!  The more 
broadband there is, the worse the problem becomes.

I absolutely agree with the statement that the network should be 
transparent. No blocked ports, no filtered content. What goes in one end 
comes out the other or is delivered to the intended recipient in between. 
Exceptions are temporary measures to reduce or eliminate harmful traffic 
that impeded network performance or otherwise compromise the network 
design goals.

Having said that, customers of ISPs have great variety of needs. On one 
hand is the transport of transit data. This is truly a gigo (garbage in, 
garbageout) situation where traffic should flow unhindered and in its 
entirety. On the other hand there is the residential ISP market.  I don't 
think it's safe to let a residential PC sit on an internet connection and 
have pass traffic to and from it without inspection.
 
ISPs need to wake up and offer a managed internet service. Where the ISP 
takes the initiative to provide filtered internet to residential 
customers. Turn on firewall features in your cable box or make those small 
NAT routers part of the service offering.

Bashing any OS vendor isn't the solution. All OS have exploits. The *NIX 
crowd is just a lot more technically inclined and a lot more aware of 
network security than your average Windows user.

So instead of beating up on OS vendors or crippling the network, how about 
crippling the devices that are the root of the problem???

Adi





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.