Securing home computers (Was: Re: [Dshield] Re: [Full-Disclosure] Port Blocking)

Ed Truitt ed.truitt at etee2k.net
Fri Jun 27 19:30:10 GMT 2003


On Fri, 2003-06-27 at 13:52, Darren Gasser wrote:
> Bjorn Stromberg wrote:
> >Protecting users is no excuse for an ISP
> > to not serve full, unabridged, wide-open internet access. If the users
> > cannot handle this, they should pay someone to hold their hand.
> 
> With all due respect, you can't seriously be suggesting that every single
> dialup, DSL, or cable modem user out there be required to hire a sysadmin to
> secure their connection or become sufficiently trained to do it themselves.
> Not gonna happen.  Not now, not ever.
> 
> In Ye Olden Days, the basic assumption was that the systems on the other end
> of a TCP/IP connection were managed by someone who more or less knew what
> they were doing.  This hasn't been the case for the last decade, though.  As
> much as we may miss the Days Of Happy Memory, trying to run networks that
> way now is dangerous and irresponsible.
> 
> Like it or not, the lusers, spammers, and other former BOFH-fodder now
> control way too many TCP/IP endpoints, and it's up to the ISPs and transit
> providers to protect themselves and the rest of the net from the ignorance
> and/or malice of their customers.
> 
> -Darren

With all due respect, I think we can expect people to exercise due
diligence in running a fairly secure system.  We don't require people to
work on their own automobiles: however, we do require that they pass a
safety inspection (and, in some areas, an emissions inspection), and if
the car needs repairs they get done BEFORE it is certified as fit to
operate on the public streets.  We require that, if you own a firearm,
you store it in such a manner that children can't get hold of the thing
and use it.  And, if you drive a car without a valid inspection sticker,
or if you leave a gun out and little Janie shoots little Johnnie between
the eyeballs with it, then you are held to account.

So, why can't we require people to properly secure their computers?  I,
personally, see this as a differentiator between a "real" ISP and
someone simply providing a toll-booth on the Information Super-Highway. 
And, if the mega-ISPs can't afford to provide this for the $9.95/month
they are charging, then they can either raise their fees, or maybe some
of the unemployed ex-dot-commie sysadmins can freelance and really,
honestly use the Internet to earn a generous living (I would have said
"Make $$$$MONEY$$$$$ Fast!", but that probably would have set off a
bunch of spam filters...oops. :-)

Anyway, this is certainly something to think about...  an at-home
business providing support to clueless home PC users... hmmm, getting
paid for what my relatives already expect me to do...  let's see, when
is my company going to have their next layoff?

-- 
---
Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."




More information about the list mailing list