Security Basics mailing list archives
Re: Would you pay more ...
From: Florian Streck <streck () papafloh de>
Date: Tue, 6 Jul 2004 10:47:21 +0200
On Fri, Jul 02, 2004 at 02:56:41PM -0400, Jeff wrote:
Regarding standard consumer broadband connections ... Would you pay more to only have the following destination ports open to the internet originating from your broadband modem: tcp 21 - ftp tcp 22 - ssh tcp 25 - smtp tcp, udp 53 - dns tcp 80 - www tcp 110 - pop3 tcp 119 - nntp udp 123 - ntp tcp 443 - secure www (Arguments for/against specific ports solicited. I purposely left some out that I don't use. Curious how significant they are to others. IMAP4 and icmp protocols come to mind)
Personally I would not like such a setup. Ok, I'm surely no "standard" user. But I also don't see a point in restricting to those ports. The main drawback is that you're quite sure to run into some customers who "need" some other ports and are unwilling to pay more because the don't need some of the given ports and think more in the number of open ports that are given to them. For those small companies that you mentioned a firewall configured for their needs would be better imho. As for security I don't see a point here. Most infections use those ports that you want to open to spread. So nothing gained.
ALTERNATIVELY, would you like it if this was the STANDARD package and additional ports were considered optional, and required payment.
No, I don't like the idea of paying more for something that I already have. And think of the additional amount of work on your side to keep track of who is allowed to use which ports.
LASTLY, this could start out as the NEW Secure way to go! It simply requires that your existing cable modem be upgraded (replaced) at a cost of $50-$75. All new installations would recieve these as part of the std pkg. (I know some small businesses that would LOVE to have this. I know because they've called me to resolve some "weird problems" and look at me funny when I tell them that they should have had a firewall all along.)
As mentioned above, I think the better way is a firewall. Many businessess don't need ntp or ssh for example. And if they get some malware using that ports they might be a little bit unhappy about your solution. As for the money, companies however small will very likely be willing to pay a little more than 50-75$ for a firewall with an individual setup. and those Grandmas are better of with some kind of personal firewall that might even cost less to install. Florian -- "...Deep Hack Mode--that mysterious and frightening state of consciousness where Mortal Users fear to tread." (By Matt Welsh)
Attachment:
_bin
Description:
Current thread:
- Would you pay more ... Jeff (Jul 05)
- Re: Would you pay more ... Charley Hamilton (Jul 06)
- Re: Would you pay more ... Steve (Jul 07)
- Re: Would you pay more ... John Fastabend (Jul 12)
- Re: Would you pay more ... Joe Barrett (Jul 06)
- Re: Would you pay more ... Florian Streck (Jul 06)
- Re: Would you pay more ... Harrison Gladden (Jul 07)
- Re: Would you pay more ... Dave Dearinger (Jul 07)
- Re: Would you pay more ... Calin Don (Jul 08)
- Re: Would you pay more ... Don Voss (Jul 09)
- Re: Would you pay more ... John Fastabend (Jul 12)
- Re: Would you pay more ... Don Voss (Jul 09)
- <Possible follow-ups>
- RE: Would you pay more ... Mosley, Larry (Jul 06)
- RE: Would you pay more ... Nick Benigno (Jul 07)
- RE: Would you pay more ... Steven Trewick (Jul 07)
- Re: Would you pay more ... Charley Hamilton (Jul 06)