Forwarded from: Mark Bernard <mbernardat_private> Dear Associates, I do not agree with this recommendation for two reasons, see below: First off, what about all the legitimate uses for these ports? This strategy would in fact reduce and/or eliminate the functionality of thousands of computers around the world. Functionality that has already been sold and paid for. Secondly, this strategy in fact removes accountability from where it belongs, the computer user. It is reminiscent of the early dark-days of the Internet when the law makers didn't know how to assess damages caused by through Internet connections so they made ISPs accountable. That was a desperate maneuver that failed! I think the people at SANS who came up with this recommendation had better check 'the-old-wet-ware' because I think that's its been infected by a Federal strength virus.... I believe that a more acceptable approach would be to establish national information security standards the manufacturers must adhere to when selling hardware. This approach would keep the accountability with the client unless of course the manufacturer didn't follow the standards then they would be help accountable to some extent. Regards, Mark. ---------- --ISPs Could Block Ports to Reduce Spread of Malware (8 September 2003) A report written by Johannes Ullrich, SANS Internet Storm Center CTO, proposes that Internet service providers (ISPs) block access to "commonly exploited" communications ports on customers' computers. While it would not prevent all Internet threats, it could address a bulk of the problems. The four ports, 135, 137, 139 and 445, are not necessary for most Internet use. The proposal is aimed at ISPs that serve individual customers and universities, not those that serve corporate customers. http://www.nwfusion.com/edge/news/2003/0908studyisps.html http://www.sans.org/rr/special/isp_blocking.pdf [Editor's Note (Ranum): It's good that we are finally reinventing "default deny"! Historically, though, this has been countered by unsupported claims of reduced performance due to router filtering rules] --------- Regards, Mark. Mark E. S. Bernard, CISM, Apollo Computer Consultants Inc. email: Mark.Bernard.CISM@apollo-cc.com Web site: www.apollo-cc.com Phone: (506) 375-6368 Information Security Notice: This e-mail is classified as private and is intended for use by the sender and recipient "only". Unauthorized access to this e-mail will be dealt with in accordance with the Canadian charter of rights and freedoms section 7 and 8. Link; http://laws.justice.gc.ca/en/charter/ - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 01:18:14 PDT