[Dshield] ISPs - How much monitoring is enough?
superc at visuallink.com
Mon Jan 19 16:47:31 GMT 2004
Agreed. In most states they are licensed and bonded. There's an issue.
Is an ISP bonded for the intrusive actions that a scan involves and any
potential exploits an employee might initiate? Does the insurer even have
a concept awareness that ISPs might scan customer machines and what can be
done with the information resulting? The security guard's insurance
company is certainly aware that guards try doors and get in potentially
compromising situations all the time. Their rates reflect it. Not quite
as bad as a doctor's malpractice insurance, but close. Priced a policy at
Brownyard's ( http://www.brownyard.com/brownguard/brownguard_main.html )
yet? Likewise, again, when we move into the higher security buildings a
rental assistant/manager tells us the rules, often gives us a copy of them
too, and has us sign an acknowledgment of them. That's all the ISP needs
to do. Too bad many don't and instead create multi year accounts with just
a telephone call and a money order in the mail.
Subject: Re: [Dshield] ISPs - How much monitoring is enough?
From: Alan Frayer <afrayer at frayernet.com>
Date: 18 Jan 2004 12:11:42 -0500
To: General DShield Discussion List <list at dshield.org>
Not that I necessarily disagree with you, but remember it is a common
practice for business landlords to hire security personnel, who wander
sidewalks and hallways, rattling doors to make sure they're properly
shut or locked, and calling authorities when they find a door that is
not secure. That analogy fits this example as well.
More information about the list