Firewall Wizards mailing list archives
Re: The home user problem returns
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 08 Sep 2005 13:33:22 -0400
Mason Schmitt wrote:
I know that somewhere Marcus is getting ready to unfurl his IPS rant (/me braces himself).
Wow... Am I that bad? Am I that predictable? ;)
A public ISP just cannot be run like a corporate network, it's a totally different beast.
I completely agree!!! You've got a series of contradictory requirements. There's no way to satisfy them (or even a reasonable percentage of them) without creating more problems than you solve. Also, I knew an ISP back in the day (1995) that offered 2 kinds of Internet hookups - one that was firewalled, virus filtered, etc, and the other of which was wide open. Guess which one they sold NONE of? Well, that was an easy guess...
In fact, I know a lot of techies that would argue that ISPs should be totally transparent. In this day and age, I consider that view to be selfish and irresponsible.
With the current state of Internet software, it's pointless. It'd be meaningful to encourage ISPs to filter traffic if there were end-to-end authenticated links going on, and nothing else. If you want to push things back far enough, intellectually, the problem is that anonymous Internet access is being offered. That's the underlying problem. Unless that particular problem is dealt with (and who'd want to be on the Internet that would result..?) we will not make progress from where we are.
Marcus and most of the rest of you, please keep preaching solid security principles to businesses and governments, but when it comes to the home user, you're wasting your breath.
We're wasting our breath in general. Businesses are marginally better than home users - some of them - but governments are sometimes worse than home users, in my experience. The situation out there is terrible and shows no sign of improvement, in my opinion.
As with any security endeavour, a multi faceted or "defence in depth" solution is the best solution.
It's really more like a "defeat in depth" because you're accepting that things will go wrong at every layer in the system. What you're trying to do is reduce the surge of noise to manageable levels. That is a worthwhile goal but it puts you right in the middle of the eternal arms race.
User education ---------------- User education still needs to happen
Pointless. If educating users was going to work, it would have worked by now. If Anna Kournikova worm and phishing hadn't gotten people to take this seriously years ago, they aren't going to next year, either. If 600 Internet Explorer bugs and 1203 windows bugs* in 5 years didn't get people to take it seriously, they aren't going to next year, either. Or the year after that. OBplug: I just completed an article for "certified security professional" on "The Six Dumbest Ideas in Computer Security" in which I list educating users as #5. http://www.certifiedsecuritypro.com/index.php/content/view/154/56/ or it's linked off http://www.ranum.com I'll spare posting the entire breathless tirade here. [...other good stuff, deleted...] You're still an optimist, aren't you? It's always nice to find an optimist in Internet security. I feel like a birdwatcher who has seen the last of some vanishing breed whenever I run across one of you guys. ;) mjr. (* source: P-nut) _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: stopping bots from phoning home Paul D. Robertson (Sep 01)
- Re: stopping bots from phoning home mason (Sep 07)
- Re: stopping bots from phoning home Paul D. Robertson (Sep 08)
- <Possible follow-ups>
- Re: stopping bots from phoning home mason (Sep 08)
- Re: stopping bots from phoning home Kevin (Sep 08)
- Re: The home user problem returns Mason Schmitt (Sep 08)
- Re: The home user problem returns Marcus J. Ranum (Sep 12)
- Re: The home user problem returns Mason Schmitt (Sep 12)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- Re: The home user problem returns George Capehart (Sep 14)
- Re: The home user problem returns Dale W. Carder (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: stopping bots from phoning home Kevin (Sep 08)
- Re: stopping bots from phoning home mason (Sep 07)