[fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules
From: Mason (hr824_at_sunwave.net)
Date: 09/01/04
- Previous message: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Next in thread: Paul D. Robertson: "[fw-wiz] Re: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Paul D. Robertson: "[fw-wiz] Re: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Paul D. Robertson" <paul@compuwar.net> Date: Wed, 1 Sep 2004 01:12:50 -0700
On August 30, 2004 05:41 am, Paul D. Robertson wrote:
> Given the number of already compromised home machines on broadband, I
> *definitely* would rather that the generic population were put behind
> firewalls, and kept there.
>
I work for a *small* cable ISP surrounded on all sides by a giant competitor.
In discussions within my department, we find ourselves torn between a desire
to be transparent to our customers, our knowledge of the what is "out
there" (spam, worms, phishing, etc), and the feeling that we need to do more
to protect our customers (absence of funds and man-power always figure
heavily into this as well...).
We are currently fighting on several fronts, but one in particular really
bothers me. I'm forced to play the cat and mouse game of blocking individual
ports in response to "new threats". I would love to implement a default deny
policy on my residential networks (at least ingress if not egress as well).
I think that ISPs are going to have to do something like this eventually
simply due to the massive amount of crap that our networks get hit with at
all times and the fact that user education concerning patching, firewalls and
antivirus just isn't moving along all that well.
Our quandary is that we are the little guy and we fear that implementing any
such restrictive policy would kill us. Our customers are accustomed to
largely unrestricted access to the net and our formidable competition is
highly unlikely to take similar steps in protecting their network which would
of course make them look pretty rosy by comparison.
Anyone have any brilliant ideas...? It's really unfortunate that we feel our
hands are tied; most of this mess could be dealt with if we were able to get
a bit more involved in our customers' access to the net.
> Contrary to popular opinion, full access to the Internet is neither a
> god-given right, nor a necessity.
>
The big issue from a business standpoint is that popular opinion seems to
rule... I wish that we could do what is right rather than what is popular -
it would make this feel more like network adminstration than politics...
-- Mason Schmitt _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Kevin Sheldrake: "Re: [fw-wiz] VPN endpoints"
- Next in thread: Paul D. Robertson: "[fw-wiz] Re: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Paul D. Robertson: "[fw-wiz] Re: ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Reply: Jonathan Rickman: "RE: [fw-wiz] ISP firewalling of residential customers - was - About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
