Heh. How appropos. I feel it to be worth it to take pause and recognize a particular testament to the industry proven by the abundance of network professionals (namely in this group) speaking ardently against expropriation of network controls by providers in the name of security. That providers act on subscribers' behalf should be, I would think, by virtue of business similar to utility provision. However, I imagine that a healthy base of patrons are content to surrender control over and visibility into the guts of the upstreams to avoid bringing certain responsibilities in-house and into local pockets. I recognize the heterogeniety of proposed deployments and solutions, and it's cool to hear the varietal spins on tactical approach, as well as to see how many of those avenues do not result in "leave it up to the provider to secure the end user." That said, with the prevailing opinion (mine included) seeming to be that providers should generally avoid monkeying with the safe passage of legitimate traffic, I would be interested to hear more of the vox populi on how subscribers feel their providers should react to the points raised in this article. I'm also wondering if people feel differently about appropriate prescriptions when thinking of the end stations as home networks vs. as business networks? Another question: if providers throw up hands and decline to be more restrictive/invasive with traffic, would it be more appropriate to reach that conclusion because it is resource-intensive/fiscally draining, or because it is unethical/bad business practice/privacy-invasive to enact such restriction? This is just a lunchtime poll, so please feel free to reply on or off-list if you are so inclined. --ra <Cox_blurb> "ISPs need to encourage users to enable automatic patch updates for their Windows systems, evangelize weekly visits to www.windowsupdate.com and www.officeupdate.com, and offer crosslinking or bundles with the latest antivirus and firewall software vendors," </Cox_blurb> <Verizon_snip> "We can't sit there and say: 'You're spamming--we're going to knock you off the wire,'" said Scott Lebredo, a senior technical manager at Verizon Online. "It's your access. You're responsible for it, but you must be educated about how to combat it." </Verizon_snip> <EarthLink_snip> "It would be very unfriendly to scan customers' machines," said Mary Youngblood, the manager of the abuse team at ISP EarthLink. "It would be deemed by some people as a privacy violation." </EarthLink_snip> <AV_Vendor_snip> "I wouldn't expect to boil my own water; I expect it to treated upstream," said Mark Sunner, the chief technology officer at MessageLabs, which sells a virus detection service for corporate networks. "The correct groundswell needs to be focused on the Internet level, where you can be proactive rather than reactive." </AV_Vendor_snip> -- k. rachael treu, CISSP rara@navigo.com ..quis costodiet ipsos custodes?.. On Thu, Mar 18, 2004 at 08:24:49AM -0500, Sean Donelan said something to the effect of:
By Jim Hu Staff Writer, CNET News.com
High-speed Internet service providers are increasingly putting their customers in the security hot seat, as they try to fight recent virus attacks that turn computers into spam factories. [...] Still, the question remains whether the techniques broadband ISPs are implementing are enough. Some say the onus is on ISPs, which should play a role in protecting their networks for the greater good of their subscribers and the Internet at large. Critics say ISPs should manage their networks to ensure that all users are safe.