nanog mailing list archives
Re: ISPs' willingness to take action
From: kenw () kmsi net
Date: Mon, 27 Oct 2003 09:03:52 -0700
On Mon, 27 Oct 2003 10:25:36 -0500 (EST), you wrote:
... As a non-ISP consultant, when a client asks you to configure their Exchange server do you always conduct a top-to-bottom security analysis of the client's entire business infrastructure and refuse to do business with them until after they have corrected every deficiency? Or does the client just say screw you, and hires a different consultant that will do what the client wants? ...
I said "low hanging fruit". I didn't say "top-to-bottom security analysis".
...3) There was a thread a little while ago that talked about a way to cut down spam by simply restricting who you would accept SMTP traffic from. Unfortunately, I don't recall the details, but at the time it struck me as eminently sensible, and just required cooperation between ISPs to implement effectively.
Does NOBODY remember that thread?
Again, look the postal mail system. One proposal required everyone mail letters in person at the post office, and show id to the postal clerk.
Straw dogs... come on! It's like saying we can't take drastic, inappropriate measures, so we can't take any at all.
... ISPs are doing a lot to protect end-users. Some examples include Education campaigns Free anti-virus software Free personal firewall software Port filters (port 80 anyone?) Notification of compromised systems Incident Response Intrusion Detection/Intrusion Prevention Managed Security Services
And if all ISPs were doing all these thing (as you try to imply) we'd all be a lot better off, wouldn't we?
Unfortunately some of the argument is a bit like the old cries for public payphone companies were responsible for the drug dealers in poor neighborhoods. So they removed public payphones. The drug dealing problem wasn't solved.
"A strong conviction that something must be done is the parent of many bad measures." -- Daniel Webster So, am I advocating bad measures? /kenw Ken Wallewein CDP,CNE,MCSE,CCA,CCNA K&M Systems Integration Phone (403)274-7848 Fax (403)275-4535 kenw () kmsi net www.kmsi.net
Current thread:
- ISPs' willingness to take action kenw (Oct 26)
- Re: ISPs' willingness to take action Paul G (Oct 26)
- RE: ISPs' willingness to take action Terry Baranski (Oct 26)
- RE: ISPs' willingness to take action Christopher X. Candreva (Oct 27)
- Re: ISPs' willingness to take action Brian Bruns (Oct 26)
- Re: ISPs' willingness to take action Eric Kuhnke (Oct 27)
- Re: ISPs' willingness to take action Alan Spicer (Oct 27)
- Re: ISPs' willingness to take action Sean Donelan (Oct 27)
- Re: ISPs' willingness to take action Joe Abley (Oct 27)
- Re: ISPs' willingness to take action Sean Donelan (Oct 27)
- Re: ISPs' willingness to take action kenw (Oct 27)
- Re: ISPs' willingness to take action Sean Donelan (Oct 27)
- ISPs' willingness to take action [OT USPS] David Lesher (Oct 27)
- Re: ISPs' willingness to take action [OT USPS] Henry Linneweh (Oct 27)
- Re: ISPs' willingness to take action Joe Abley (Oct 27)
- <Possible follow-ups>
- RE: ISPs' willingness to take action Adam Hall (Oct 26)
- RE: ISPs' willingness to take action Charles Sprickman (Oct 26)
- Re: ISPs' willingness to take action matt (Oct 27)
- RE: ISPs' willingness to take action Charles Sprickman (Oct 26)
- Re: ISPs' willingness to take action Stewart, William C (Bill), RTSLS (Oct 26)
- Re: ISPs' willingness to take action Niels Bakker (Oct 27)