Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: A question for the list...

From: Luc Pardon <lucp () skopos be>
Date: Wed, 21 May 2003 11:42:06 +0200
 We're talking about (a pound of) cure, how about (an ounce of)
prevention?

  There seems to be consensus that (lack of) competence is part of the
problem.. If ISP's would/could take on more responsibility, the need for
hack-back would be greatly reduced, making discussion if it's nice or
not futile, so maybe the following is even on topic ;-)

  Id be interested in the opinion of the community (particularly ISP's)
on a scheme like this: 

  * ISP would block all ports for incoming traffic by default, at least
for residential customers, and preferable for corporate customers as
well.

  * ISP would open up ports on request, in return for a declaration that
the customer is aware of the issues and agrees that the port be closed
again in case of compromise. This should defend the ISP against damage
claims, an often-cited reason for not taking action on infected systems.
Suitable procedures could be defined to protect a compentent customer
against arbitrary port closure by clueless ISP personnel. Like: when
compromise is suspected, customer gets x hours after notification to
take action.

  * Such opening up of some standard ports (e.g. 80) would be subject to
a simple request procedure, like filling out a form,, but not too
simple. E.g. the applicant would have to type in a list of ports rather
than just clicking some "do you want a foobar server" checkboxes. This
could serve as a minimalistic display of competence. Like: if you don't
know what port a foobar server uses, you have no business running one.

  * Opening up standard ports would be a no-charge option if requested
at account setup, and subject to a symbolic fee after that. This would
help responsible ISP's remain competitive with others that impose no
such restrictions. In fact, they could actually advertise it as a
service: "free protection" (if carefully phrased so it doesn't
backfire).

  * Opening of less-standard ports (those that a "normal" system would
not be expected to run services on, e.g. 137) would require more proof
of commitment and/or competence by the customer. Suitable definitions of
"normal system" and "proof of competence" to be supplied, "proof of
commitment" could include higher fees.

  I am aware that most ISP's are operating within tight budgets, I am
less aware of the impact of such a scheme on costs.  

  One benefit for the ISP would be a reduced load on abuse@.. A benefit
for the customer would be reduced maintenance and clean-up costs. The
benefits for the community are obvious.

  What do you think ?

  Luc Pardon
  Skopos Consulting
  Belgium

----------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-incidents
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: