RE: Newspaper Article about Cable Modem security

[Russ () cooper com]

<opinion>
Your example at the end of the paragraph is the perfect reason why security
shouldn't be left to average users.  It's very easy for you to say that
everyone should be responsible because you understand it.  Most people don't
think like computers, and to try to force them to understand that they "need
to filter BO by closing ports" is like speaking german to them.  
A "generic" security option from an ISP is probably sufficient for most
users who just want to surf the web and get email and ICQ.  But for more
advanced users I see more of a service approach to the problem.
Looking at established industries today, most of them don't leave "security"
to the consumer.  The auto market, for example, provides airbags and cheesy
alarms for your security.  That is good enough for most people, but for
those "power drivers," now you can turn a key and disable the airbags as
well as go to your favorite local merchant and have them install a top of
the line viper alarm.   Similarly with home security, nobody wires their own
house and monitors it.  People hire companies to install wires in the
windows and doors and motion sensors and then monitor everything.  The only
thing the user needs to know is how to turn it on and off.  
Why shouldn't computers work the same way?  People can choose to have
generic security from their ISP, or they can choose to have none, or they
can install a firewall themselves, or they can hire an outside company to
monitor, update and maintain the firewall.  
Just put yourself in a non-computer literate person's shoes and then answer
the question.

Russ
</opinion>
-----Original Message-----
From: REID FOX [mailto:reidfox () direct ca]
Sent: Monday, November 01, 1999 1:07 PM
To: firewall-wizards () nfr net
Subject: Re: Newspaper Article about Cable Modem security


Is utimately the sytem administrator (even on a home system) who should be
responsable for network security, that is the way it should be. How can an
ISP provide tight security to his clients without taking away some of their
options?
Also if one ISP  provides no security while another limits service to
clients because of security, then it is ultimately the consumer who decides
which is better. After all this is true democracy which the web has
perpetuated so far. LETS KEEP IT THAT WAY !
As the Internet becomes more and more consumer oriented lets not forget who
is in charge (the client)  and not sacrafice the potential in this universal
protocol for "idiot-proofability". Also we assume that these "poor customers
on cable" are completely illiterate when it comes to "how networks work". I
think this a good way to force the consumer to become "more literate" about
networks. Anyone who has not been connected to the net for any length of
time has some catching up to do. Just think of the potential if everyone on
the net actually had a clue.
My co-workers love to try to print to the network printer without being
logged on ( on the phone with tech-assistance f**ing with drivers etc)
Just imagine how smoothly things would go if they knew what a network really
was.

-----Original Message-----
From: Joseph S D Yao <jsdy () cospo osis gov>
To: dkeller () ddc dla mil <dkeller () ddc dla mil>
Cc: reidfox () direct ca <reidfox () direct ca>; michaelkelley () home com
<michaelkelley () home com>; etoll () syracusesupply com
<etoll () syracusesupply com>; firewall-wizards () nfr net
<firewall-wizards () nfr net>; Neil.Ratzlaff () ucop edu <Neil.Ratzlaff () ucop edu>
Date: Monday, November 01, 1999 10:07 AM
Subject: Re: Newspaper Article about Cable Modem security


> > But your average home user does not think about security.  Should your
local
> > ISP provide a level of security?  No (and this will be hotly debated) but
> > they *should* provide information on the risks and solutions.  It is
> > ultimately up to the consumer to take some responsibility.
> >
> > Regards,
> > Dennis Keller
> > Network Security Administrator
> > DDSP-Z
> > dkeller () ddc dla mil
>
> Unless there are people who still believe in a "one-size-fits-all" form
> of security, then I don't think that anyone should debate that what is
> good security for one will be disabling and hampering to another.  For
> instance, I doubt that whatever FBI group prosecutes child porn would
> appreciate it if they were "protected" from the sites that they need to
> document.  ;-}
>
> --
> Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao
> COSPO/OSIS Computer Support EMT-B
> -----------------------------------------------------------------------
> This message is not an official statement of COSPO policies.