[Dshield] Possible solution for ISP (was DShield's public goals)

Jon R. Kibler Jon.Kibler at aset.com
Tue Jan 10 16:45:10 GMT 2006


Cefiar wrote:
> 

> I personally think that ISP's should allow the account owner to choose their
> level of protection:
>  1. Equivalent to NAT: No inbound unless related to outbound. No outbound on
> certain ports with some exceptions to specified servers in ISP-space (eg:
> SMTP/port 25 only to ISP's SMTP server, no SMB/137->139+445, etc). This
> should be the default.
>  2. Restricted outbound (eg: SMTP/port 25 only to ISP's SMTP server, no
> SMB/137->139+445, etc.), with some inbound blocks (mostly the same as
> outbound except where it would cause issues).
>  3. Unrestricted. Nothing blocked. Onus on user. Comes with disclaimer that
> the account holder is responsible for any problems they get, any excess costs
> through excessive data usage, etc.

> Sure, you'll get people just opening their service up straight away, but most
> of the population will just live with the default restricted setup and not
> change. And that's a good thing.
> 

Stuart,

I couldn't agree more. The biggest issue we face is the security ignorant user. They will be completely happy with an 'Equivalent to NAT" account. Right there, that would probably remove 80% or more of the vulnerable systems from the target space. Having 80% less compromised computers would be a VERY good thing!

Jon
-- 
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC  USA
(843) 849-8214




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the list mailing list