Firewall Wizards mailing list archives
ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules
From: Mason <hr824 () sunwave net>
Date: Wed, 1 Sep 2004 01:12:50 -0700
On August 30, 2004 05:41 am, Paul D. Robertson wrote:
Given the number of already compromised home machines on broadband, I *definitely* would rather that the generic population were put behind firewalls, and kept there.
I work for a *small* cable ISP surrounded on all sides by a giant competitor. In discussions within my department, we find ourselves torn between a desire to be transparent to our customers, our knowledge of the what is "out there" (spam, worms, phishing, etc), and the feeling that we need to do more to protect our customers (absence of funds and man-power always figure heavily into this as well...). We are currently fighting on several fronts, but one in particular really bothers me. I'm forced to play the cat and mouse game of blocking individual ports in response to "new threats". I would love to implement a default deny policy on my residential networks (at least ingress if not egress as well). I think that ISPs are going to have to do something like this eventually simply due to the massive amount of crap that our networks get hit with at all times and the fact that user education concerning patching, firewalls and antivirus just isn't moving along all that well. Our quandary is that we are the little guy and we fear that implementing any such restrictive policy would kill us. Our customers are accustomed to largely unrestricted access to the net and our formidable competition is highly unlikely to take similar steps in protecting their network which would of course make them look pretty rosy by comparison. Anyone have any brilliant ideas...? It's really unfortunate that we feel our hands are tied; most of this mess could be dealt with if we were able to get a bit more involved in our customers' access to the net.
Contrary to popular opinion, full access to the Internet is neither a god-given right, nor a necessity.
The big issue from a business standpoint is that popular opinion seems to rule... I wish that we could do what is right rather than what is popular - it would make this feel more like network adminstration than politics... -- Mason Schmitt _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules Mason (Sep 01)
- Re: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules Paul D. Robertson (Sep 01)
- RE: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules Jonathan Rickman (Sep 02)
- RE: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules Paul D. Robertson (Sep 02)