[Dshield] ISPs - How much monitoring is enough?

Kenneth Coney superc at visuallink.com
Mon Jan 19 16:47:31 GMT 2004


Agreed.  In most states they are licensed and bonded.  There's an issue. 
Is an ISP bonded for the intrusive actions that a scan involves and any 
potential exploits an employee might initiate?  Does the insurer even have 
a concept awareness that ISPs might scan customer machines and what can be 
done with the information resulting?  The security guard's insurance 
company is certainly aware that guards try doors and get in potentially 
compromising situations all the time.  Their rates reflect it.  Not quite 
as bad as a doctor's malpractice insurance, but close.  Priced a policy at 
Brownyard's ( http://www.brownyard.com/brownguard/brownguard_main.html ) 
yet?  Likewise, again, when we move into the higher security buildings a 
rental assistant/manager tells us the rules, often gives us a copy of them 
too, and has us sign an acknowledgment of them.  That's all the ISP needs 
to do.  Too bad many don't and instead create multi year accounts with just 
a telephone call and a money order in the mail.


Subject: Re: [Dshield] ISPs - How much monitoring is enough?
From: Alan Frayer <afrayer at frayernet.com>
Date: 18 Jan 2004 12:11:42 -0500
To: General DShield Discussion List <list at dshield.org>

Not that I necessarily disagree with you, but remember it is a common
practice for business landlords to hire security personnel, who wander
sidewalks and hallways, rattling doors to make sure they're properly
shut or locked, and calling authorities when they find a door that is
not secure. That analogy fits this example as well.









More information about the list mailing list