[Dshield] Users don't pay attention

admin admin at bartonphillips.com
Sun Aug 21 18:33:17 GMT 2005


Clinton E. Troutman wrote:

>Certainly, blocking any ports that are intended for local use only makes 
>sense. But you can do that yourself and do not require the ISP to do it for 
>you. A given OS or environment should be able to accept connections only 
>from local sources for local services (read, firewall not necessary; built 
>into OS/environment).
>
I agree that " A given OS or environment should be able to accept 
connections only from local sources" but in fact Windows doesn't provide 
this safety -- at least not all versions. Yes one can purchase a third 
party firewall like ZoneAlarm, for example; but that requires a more 
sophisticated user, and that's the problem -- "Users don't pay 
attention". That is why I think the ISP's should take up the gauntlet 
and do the job. At this point other approaches are just not working, and 
I think the biggest reason is the lack of end user knowledge or 
willingness. As I said before and someone else just noted, maybe the 
situation will get better as the younger generation (high school and 
below) start entering the arena, but until then something needs to be 
done. My system, which services about 10 users, gets and identifies 
about 1000 SPAM emails per day. Even after going through SpamAssassin 
(with DCC, Razor, and Pyzon)  I still see about 20 SPAM emails in my 
accounts each day. The majority of these escaped SPAMs are one liners 
with only a link, that is pretty hard for SpamAssassin to figure out.

As a Linux house with a pretty locked down set of servers I don't worry 
as much about viruses and worms as Windows users do or should. I have a 
pretty tight firewall set up, I monitor my systems with aide and 
tripwire, I review my logs via Logwatch and other tools, I send my log 
info to SANS and myNetWatchman, I have my web server behind my firewall, 
I restrict ssh to public keys only and on non-standard ports with user 
restrictions. But SPAM for me is still a problem and very annoying. I 
would really like to see something done on the SPAM front.

-- 
----------------
Barton L. Phillips
Applied Technology Resources, Inc.
Tel: (818)652-9850
Web: http://www.applitec.com



More information about the list mailing list