[Dshield] My Dream ISP (was: public goals)

Christensen, Eric CHRISTENSENE at MAIL.ECU.EDU
Sun Jan 15 02:09:51 GMT 2006


I like your ideas.  It would allow users that have enough sense to run a
network to have the flexibility they want/need while allowing those that
just want to push the button and make it work (my mom) to be secure without
having to worry about all that "extra stuff".

VoIP, however, should be only for those technical people, right now.  You
get the lay person out there that doesn't understand how or why the phone
system works and they are the ones that get hurt.  It is a very simple
system that is needed to all VoIP users to be able to dial 911 (which is not
only a paramount need but is also the law for good reason) but until the
VoIP providers get their heads on straight the lay user doesn't know the
difference.

Thanks,
Eric Christensen
Network Analyst
ECU Police Department

EMERGENCY DIAL 911
(252)328-1155 - Office
(252)328-6787 - 911 Communications 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Johannes B. Ullrich
Sent: Saturday, 14 January, 2006 13:29
To: list at lists.dshield.org
Subject: [Dshield] My Dream ISP (was: public goals)


Let me dream a bit. I don't suggest that ISPs have to do this. But I
think it should be doable:

First of all, the modem (DSL or Cable or whatever) should provide a
firewall. By default, all inbound traffic should be blocked, and it
should provide NAT.

In order to enable ports, or turn it into a bridge, you have to pass a
little exam. This would be web based and all automated. Sample question
"do you have a personal firewall", "do you have anti virus" ...

Depending on how well you do, you should be able to turn off the
Firewall or the NAT.

If there is an abuse report, the customer is called automatically. The
system will require a response ("Press 1 if you have the issue fixed,
press 2 if you want your modem turned into safe mode...)

If a system turns out to be infected/hacked, and the customer does not
respond (24hrs?), the modem is turned into a 'safe mode' which only
allows access to a limited number of sites (update sites, anti virus,
internal help sites...). Again: This happens after phone calls and emails.

Once the customer fixed the system, they call the ISP (or visit the
internal, still accessible web site), and requests to re-enable the
modem. The ISP may do a quick scan of the system to check if the issue
is fixed and turn the control of the modem over to the user.

Of course, if this happens too much, more severe penalties may be put in
place.

Advantage of this system: Very little 'human interaction'. So it should
be cheap to implement. And flexible, so everyone is happy.

Some ISPs, (and in particular universities) are already very close to
this with their "walled garden" setups that allow access to limited
sites if a system is considered 'off'

One big issue that came up only recently is VoIP, and the ability to
call 911... But expecting reliable service for a 'live line' like 911
access from a consumer "best effort" service level contract is a stretch
to begin with (not a big fan of 911 requirement for VoIP myself... )




-- 
---------
Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
http://isc.sans.org
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.



More information about the list mailing list