On Thu, 27 Sep 2001 10:59:49 -0700 (PDT), Chip McClure <vhm3at_private> wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Thu, 27 Sep 2001, Luc Pardon wrote: > >I agree whole-heartedly with you on this issue. I believe it is the users >responsibility keeping their machines patched, up to date, and secure. >Whether they are technically minded or not. It is not the ISP's >responsibility to police all their users, however, given the high number >of infections, and network saturation of bandwidth, something has to be >done. Unfortunately, for the ISP's, they would bear the burden of >implementing filters (which I disagree with), or suspending accounts of >infected users' machines. If a customer is detected as having an infected >machine, give em a 24 hour shut-off notice. The ISP also looses money by >an infected customer. They need to pay the increased costs of bandwidth, >for the infected machines. I think the ISP wins in the long run, getting >rid of a few infected users. Interestingly, I believe that we are one of the few ISP's that actually uses a quarantine method, ie at first sign of infection or other security issue we will disconnect the customer, notify them via voice, and dispatch a field service tech to their location if necessary. Of course this has a few issues as well. One being that I was specifically involved in getting a provision put into our contracts that we have the right of temporary disconnection without written notification for up to 15 days, and indefinite once notified. Secondly we have lost a few customers because of this but I have convinced management to see this as a net gain citing specifically the costs involved in processing abuse incidents as well as others (bandwidth savings...). Also this does take up resources on our end, but we feel its worth it. > >A vulnerable machine left on the internet, is like leaving your wallet, >credit cards, and your front door wide open. Nobody else wopuld do that - >and it shouldn't happen here. While I don't agree with this specific analogy, the sentiment is relatively close to mine. So no quibble there. > >This also opens up a new door - what to do about the corporate systems on >the net which are infected / vulerable? > >The Gartner group was right. Of course, this is just all my $0.02 Yes, yes they are. We have made an effort to inform our customers of this and try hard to convince them to out source things that may require any MS product. > >Chip McClure > >- ----- >Chip McClure >Sr. Unix Administrator >GigGuardian, Inc. > >http://www.gigguardian.com/ BTW: I do not speak for my company....etc. -- geoff A UI is about making the computer's power easy to exploit, not about making new users feel comfortable. -- http://slashdot.org/comments.pl?sid=00/08/18/1711210&cid=83 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 27 2001 - 13:28:45 PDT