Re: A question for the list...

From: Keith W. McCammon (keith-listat_private)
Date: Wed May 21 2003 - 10:00:31 PDT

Next message: Rob Shein: "RE: A question for the list..."

Previous message: Kevin Reardon: "Re: A question for the list..."
In reply to: Luc Pardon: "RE: A question for the list..."
Next in thread: Dave Booth: "Re: A question for the list..."
Next in thread: Kevin Reardon: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>   * ISP would block all ports for incoming traffic by default, at least
> for residential customers, and preferable for corporate customers as
> well.

I think that if you've ever tried to perform this type of packet filtering
in a provider-level network, you'd change your opinion in a heartbeat.  It's
just not practical.  And I'll leave be the issues of privacy and
accountability.

First of all, it would be a nightmare to manage the access-lists themselves.
Add to that the fact that it would be impossible to objectively grant or
deny access to services.  Who is my ISP to say what services are adequately
secured and permissible?

Second, and this is the whopper, such a system would bring the routing
devices themselves to their knees.  If you've ever tried to implement even
basic packet filtering on an OC-X circuit, it ain't pretty.  And it doesn't
become any more feasible at lower speeds, because lower speeds just mean
more circuits, which is arguably even worse.

>   I am aware that most ISP's are operating within tight budgets, I am
> less aware of the impact of such a scheme on costs.

The costs would substantial, and would, without a doubt, be passed directly
and entirely to the customer.

>   One benefit for the ISP would be a reduced load on abuse@.. A benefit
> for the customer would be reduced maintenance and clean-up costs. The
> benefits for the community are obvious.

The cost of hiring more abuse monkeys (no offense, folks!) would be a flash
in the pan compared to the proposed alternative.

>   What do you think ?

In a perfect world, it would be a good idea.  But in practice: very, very
unlikely.  If it were to materialize at some point, it would only be because
of a government regulation, and would have huge financial implications from
the highest level of providers to the smallest of clients.

Just my $.02...

Keith


----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------

Next message: Rob Shein: "RE: A question for the list..."
Previous message: Kevin Reardon: "Re: A question for the list..."
In reply to: Luc Pardon: "RE: A question for the list..."
Next in thread: Dave Booth: "Re: A question for the list..."
Next in thread: Kevin Reardon: "Re: A question for the list..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 22 2003 - 11:41:30 PDT