nanog mailing list archives
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
From: Owen DeLong <owen () delong com>
Date: Tue, 15 Dec 2009 10:56:08 -0800
On Dec 15, 2009, at 4:49 AM, Joakim Aronius wrote:
* Steven Bellovin (smb () cs columbia edu) wrote:On Dec 14, 2009, at 11:47 PM, Joel Jaeggli wrote:Precisely. And if you want to get picky, remember that "availability" is part of the standard definition of security. A firewall that doesn't let me play Chocolate-Sucking Zombie Monsters is an attack on the availability of thatOwen DeLong wrote:Stable outgoing connections for p2p apps, messaging, gaming platformsand foo website with java script based rpc mechanisms have similar properties. I don't sleep soundly at night becasuse the $49 buffalo router I bought off an endcap at frys uses iptables, I sleep soundly because I don't care.gmae, albeit from the purest of motives.No, I'm not saying that this is good. I am saying that in the real world, it*will* happen.So what you are saying is that ease of use and service availability is priority one. Then what exactly are the responsibilities of the ISP and CPE manufacturer when it comes to security? CPEs with WiFi usually comes with the advice to change password etc. Is it ok to build an infrastructure relying on UPnP, write a disclaimer, and let the end user handle eventual problems? (I assume it is...)/jkm
Personally, I think that CPE should come up relatively braindead except on the interior wired ethernet interfaces and require creating an SSID and suggesting creating a password (regardless of whether TKIM, WEP, WPA, etc, at least something) before enabling any wireless. It should require the user to create their own administrative password before being able to enable any other features on the box.
If CPE manufacturers did this, it would remove a great many vulnerabilities in the world without making
it particularly harder for the average end-user. Owen
Current thread:
- Re: Consumer Grade - IPV6 Enabled Router Firewalls., (continued)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. gordon b slater (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Chris Adams (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mohacsi Janos (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joel Jaeggli (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Steven Bellovin (Dec 14)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mark Newton (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Joakim Aronius (Dec 16)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Owen DeLong (Dec 15)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Matthew Moyle-Croft (Dec 02)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Alexandru Petrescu (Dec 12)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Mohacsi Janos (Dec 13)
- Re: Consumer Grade - IPV6 Enabled Router Firewalls. Matthew Moyle-Croft (Dec 04)