In the tech thread, I'm wearing my "comcast customer" hat. In this thread, I'm wearing my "security professional" hat. Here's an example of the off-list mail I've been getting on this; ----------- I'm sorry I'm replying off-list, but I'm not a security professional and don't feel comfortable doing anything other than lurking. But I wanted to say how surprised I was by the response you got to your post. I felt like no one else "gets it". ----------- Frankly, I'm outraged at the response of my fellow admins. The predominant argument seems to be "We already own all of your traffic, what's the big deal?" The big deal is, I've always used discretion when observing traffic, and that seems like a new concept to many of you. As a general rule, I consider the header to be like the outside of a postal envelope, and the packet data to be the letter inside. I routinely use IDS and realtime tools to monitor traffic, but as a rule go no higher than OSI layer 4. In other words, I look at source and destination IPs and ports, and aggregate traffic data. Looking at or logging session layer and higher is reserved for troubleshooting problems and specific incidents. (with some exceptions for virus/worm filtering) This is consistent with how I understand the applicable federal law as posted at; http://www4.law.cornell.edu/uscode/18/2511.html To observe, or worse yet log, all of the user session data is ethically and legally questionable. To do so in order to sell that data to a third party is morally reprehensible. Particularly when you are talking about someone's personal, private, home connection. This isn't some workplace where the employer owns your computer and your time, this is people's homes. This is people's free speech. This is people's personal privacy. In as much as an internet connection is analagous to a telephone call, defending comcast's use of a proxy in this manner is analagous to defending the phone company listening, recording and participating in your conversations. I'm surprised and dismayed that somewhere along the line, many of you have become oblivious to ethical obligations associated with administration. The windows networks behind my equipment survived both CodeRed and Nimda without a single infection and without violating user privacy. Snooping is not required to provide security. z
This archive was generated by hypermail 2b30 : Sat Feb 09 2002 - 16:12:09 PST