Recommendation in Australia for ISPs to force user security?
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm "A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected. security Committee chair Belinda Neal said in her introduction to the 262-page report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime" that due to the exponential growth of malware and other forms of cybercrime in recent years, "the expectation that end users should or can bear the sole responsibility for their own personal online security is no longer a tenable proposition". "We need to apply the same energy and commitment given to national security and the protection of critical infrastructure to the cybercrime threats that impact on society more generally," she said."
not sure how they propose to enforce that, instrumentation approaches that look inside the home gateway have a non-trivial falsh positive rate and you've got a lot more hosts than ip addresses. On 06/22/2010 11:30 AM, Gadi Evron wrote:
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
"A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected. security
Committee chair Belinda Neal said in her introduction to the 262-page report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime" that due to the exponential growth of malware and other forms of cybercrime in recent years, "the expectation that end users should or can bear the sole responsibility for their own personal online security is no longer a tenable proposition".
"We need to apply the same energy and commitment given to national security and the protection of critical infrastructure to the cybercrime threats that impact on society more generally," she said."
Come on, you aren't thinking gov't-enough. "BASIC" broadband access will be a SSH/web-only proxy with firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was solved a long time ago. Maybe you don't even get your own IP anymore -- and you have to access your email through their web portal too. This also qualifies you as net-neutral in that everyone gets the same poor service. Only content providers that sign an agreement to be free of virii and malware (with an appropriate "inspection/sanitization" charge will be let through... e.g. Netflix or whomever) -- this way, you aren't being made to differentiate between bits, you are being made to ensure national security. "BUSINESS" broadband access might give you a real IP, allow you to torrent, but you sign a piece of paper that authorizes them to charge you if you get infected, or better yet, a maintenance plan of a $24.95/month on top of your service to make sure you don't get infected with a remotely managed firewall/router or whatever will meet the definition of the regulation. This can be solved so fast it'll make your head spin. Build a big proxy "cloud", send everyone 60 days notice once the regulation comes in effect, on day 61 throw the switch. Day 62, collect orders for the upgraded service. *PROFIT* My only shock is that Washington isn't leading Canberra on this, with an even faster timeline than the one above. Deepak
-----Original Message----- From: Joel Jaeggli [mailto:joelja@bogus.com] Sent: Tuesday, June 22, 2010 2:58 PM To: Gadi Evron Cc: nanog@nanog.org Subject: Re: Recommendation in Australia for ISPs to force user security?
not sure how they propose to enforce that, instrumentation approaches that look inside the home gateway have a non-trivial falsh positive rate and you've got a lot more hosts than ip addresses.
On 06/22/2010 11:30 AM, Gadi Evron wrote:
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report- 339304001.htm
"A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected. security
Committee chair Belinda Neal said in her introduction to the 262-page report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime" that due to the exponential growth of malware and other forms of cybercrime in recent years, "the expectation that end users should or can bear the sole responsibility for their own personal online security is no longer a tenable proposition".
"We need to apply the same energy and commitment given to national security and the protection of critical infrastructure to the cybercrime threats that impact on society more generally," she said."
You forgot to talk about a tax on all of that too... ;) Note the Great Firewall of Australia is slowly going down in flames... Now, there are two options, fight these type of proposals (resources spent to avoid something and make political enemies) or encourage the proposal by Netherlands and France to put Internet Freedom as a basic right for democracies: http://ambafrance-us.org/spip.php?article1659 </end of politics> ----- Original Message ----- From: "Deepak Jain" <deepak@ai.net> To: "Joel Jaeggli" <joelja@bogus.com>, "Gadi Evron" <ge@linuxbox.org> Cc: nanog@nanog.org Sent: Wednesday, 23 June, 2010 7:17:16 AM Subject: RE: Recommendation in Australia for ISPs to force user security? Come on, you aren't thinking gov't-enough. "BASIC" broadband access will be a SSH/web-only proxy with firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was solved a long time ago. Maybe you don't even get your own IP anymore -- and you have to access your email through their web portal too. This also qualifies you as net-neutral in that everyone gets the same poor service. Only content providers that sign an agreement to be free of virii and malware (with an appropriate "inspection/sanitization" charge will be let through... e.g. Netflix or whomever) -- this way, you aren't being made to differentiate between bits, you are being made to ensure national security. "BUSINESS" broadband access might give you a real IP, allow you to torrent, but you sign a piece of paper that authorizes them to charge you if you get infected, or better yet, a maintenance plan of a $24.95/month on top of your service to make sure you don't get infected with a remotely managed firewall/router or whatever will meet the definition of the regulation. This can be solved so fast it'll make your head spin. Build a big proxy "cloud", send everyone 60 days notice once the regulation comes in effect, on day 61 throw the switch. Day 62, collect orders for the upgraded service. *PROFIT* My only shock is that Washington isn't leading Canberra on this, with an even faster timeline than the one above. Deepak
On Wed, 23 Jun 2010 07:55:37 +1200 (FJT) Franck Martin <franck@genius.com> wrote:
You forgot to talk about a tax on all of that too... ;)
Note the Great Firewall of Australia is slowly going down in flames...
The industry has had plenty of entertainment out of the following two videos in the last two weeks. The first video is of the Minister for Broadband, Communications and the Digital Economy http://www.youtube.com/watch?v=1gl7X6peh-w http://www.youtube.com/watch?v=v-enBtKjgcU
Now, there are two options, fight these type of proposals (resources spent to avoid something and make political enemies) or encourage the proposal by Netherlands and France to put Internet Freedom as a basic right for democracies: http://ambafrance-us.org/spip.php?article1659
</end of politics>
----- Original Message ----- From: "Deepak Jain" <deepak@ai.net> To: "Joel Jaeggli" <joelja@bogus.com>, "Gadi Evron" <ge@linuxbox.org> Cc: nanog@nanog.org Sent: Wednesday, 23 June, 2010 7:17:16 AM Subject: RE: Recommendation in Australia for ISPs to force user security?
Come on, you aren't thinking gov't-enough.
"BASIC" broadband access will be a SSH/web-only proxy with firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was solved a long time ago. Maybe you don't even get your own IP anymore -- and you have to access your email through their web portal too. This also qualifies you as net-neutral in that everyone gets the same poor service. Only content providers that sign an agreement to be free of virii and malware (with an appropriate "inspection/sanitization" charge will be let through... e.g. Netflix or whomever) -- this way, you aren't being made to differentiate between bits, you are being made to ensure national security.
"BUSINESS" broadband access might give you a real IP, allow you to torrent, but you sign a piece of paper that authorizes them to charge you if you get infected, or better yet, a maintenance plan of a $24.95/month on top of your service to make sure you don't get infected with a remotely managed firewall/router or whatever will meet the definition of the regulation.
This can be solved so fast it'll make your head spin. Build a big proxy "cloud", send everyone 60 days notice once the regulation comes in effect, on day 61 throw the switch. Day 62, collect orders for the upgraded service. *PROFIT*
My only shock is that Washington isn't leading Canberra on this, with an even faster timeline than the one above.
Deepak
Joel Jaeggli <joelja@bogus.com> writes:
not sure how they propose to enforce that, instrumentation approaches that look inside the home gateway have a non-trivial falsh positive rate and you've got a lot more hosts than ip addresses.
Well you force your users to install some software to control that you have a current anti virus and a firewall in place. This software will only run for certain versions of Windows and will have quite a lot of CVE entrys. I will never get access to such a network. I don't use anti virus and I don't have a firewall on my Laptop (by default I'm only running sshd and if I need a (t)ftpd I start it manually). Jens -- ------------------------------------------------------------------------- | Foelderichstr. 40 | 13595 Berlin, Germany | +49-151-18721264 | | http://blog.quux.de | jabber: jenslink@guug.de | ------------------- | -------------------------------------------------------------------------
On Tue, Jun 22, 2010 at 2:30 PM, Gadi Evron <ge@linuxbox.org> wrote:
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm "A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected.
Why not go for the low hanging fruit first? Ask ISPs to provide a connection with inbound TCP filtered by default and enable inbound TCP only by customer request. We'll do that with carrier NATs after free pool depletion anyway... might as well get started. -Bill -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On 23/06/2010, at 4:00 AM, Gadi Evron wrote:
http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
"A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected. security
Observation: The more someone uses the prefix "cyber", the less they know what they're talking about. (glares meaningfully at a coterie of cyberterrorism consultants) Belinda Neal's committee is in the process of being pilloried by just about everyone who knows how to spell TCP/IP. The whole thing is a complete embarrassment: Last year we were all confronted with the spectacle of her ridiculous clutch of MPs wasting the time of the security experts invited to testify by quizzing them about movie plot threats. Now we get a proposal to move "cybersecurity" regulation to ACMA, the same Government body which licenses spectrum; and controlfreaky suggestions about mandatory industry codes imposed on ISPs. It's rampant screaming idiocy, the Dunning-Krueger effect in full motion. I'd suggest that almost none of it will go anywhere at all, if not for the fact that Belinda Neal's entire political party seems to share her mastery of of the issue. ObNOG: Botnets are bad, n'kay? - mark -- Mark Newton Email: newton@internode.com.au (W) Network Engineer Email: newton@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
participants (8)
-
Deepak Jain
-
Franck Martin
-
Gadi Evron
-
Jens Link
-
Joel Jaeggli
-
Mark Newton
-
Mark Smith
-
William Herrin