Firewall Wizards mailing list archives
RE: The Future of Security
From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 06 Dec 1999 11:17:36 -0600
At 06:49 AM 12/03/1999 -0600, Scott, Richard wrote:
Second handful of 2cents is my concern over Home Computer Security. I can not believe that Joe Blogs who wants to surf the net is going to spend money on security his computer, be it Dial-up modem or *DSL. If I had a *DSL service and I believe I had been hacked, I think the American public to rely on a legal battle to receive compensation from the DSL provider. May be a text book example in court would then ensure ISP companies to provide adequate security as part as their service. Just how this is done, is yet to be seen.
I'm skeptical that they'll hold ISPs responsible for security. It's too big of a can of worms and it's already proven legally difficult. Most ISPs seem to want to be treated as communications carriers, so they're not responsible for the content or its effects on the recipients. There were a couple of legal battles involving timesharing services turned ISPs (Prodigy was one) where they had a policy of monitoring e-mail for bad things, their monitoring failed, and they were held legally liable for the failure. The phone company, for example, isn't legally liable if you are victimized by fraud over the phone. Also, there's the question of whether security measures might look like "censorship" or even "restraint of trade" in today's Internet. One reason it's so hard to build a good firewall is that a new multimedia protocol appears every two weeks, and each new one puts new demands on the firewall's ability to sort good from bad. The "secure" answer is to block the new things until there's a way to handle them safely. If a dominant ISP tries to do such a thing, I'd anticipate legal questions.
Furthermore the use of new payment systems could make the ISP's enforce better security, by providing the hardwares to perform filtering, processing of information from these payment systems. I believe that this market will totally change once a court case has been found in favour of the service user.
The international flavor of the Internet, as well as the widespread adoption of its underlying technology, makes some changes harder than others, regardless of what courts say. I find it useful to think of the Internet as a variant of today's network of roads that lead from individual driveways to streets to superhighways. What sort of things succeeded for making roads practical? What strategies just don't work? The road system is about the only thing I know of that is so distributed, so easy to extend, and so hard to control. Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- RE: The Future of Security, (continued)
- RE: The Future of Security Crumrine, Gary L (Dec 01)
- RE: The Future of Security Randy Witlicki (Dec 02)
- RE: The Future of Security Eric Budke (Dec 03)
- RE: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security Randy Witlicki (Dec 02)
- Re: The Future of Security Rick Smith (Dec 03)
- Re: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security Scott, Richard (Dec 03)
- RE: The Future of Security Scott, Richard (Dec 05)
- RE: The Future of Security R. DuFresne (Dec 06)
- Re: The Future of Security ark (Dec 06)
- RE: The Future of Security Rick Smith (Dec 06)
- Re: The Future of Security Randy Witlicki (Dec 06)
- Re: The Future of Security David LeBlanc (Dec 06)
- Re: The Future of Security Damir Rajnovic (Dec 07)
- Re: The Future of Security David LeBlanc (Dec 06)
- RE: The Future of Security LeGrow, Matt (Dec 08)
- RE: The Future of Security Crumrine, Gary L (Dec 01)