Re: Nimda et.al. versus ISP responsibility

From: geoff (geoff@cardboardtransmitter.net)
Date: 09/27/01


From: geoff <geoff@cardboardtransmitter.net>
To: incidents@securityfocus.com
Subject: Re: Nimda et.al. versus ISP responsibility
Date: Thu, 27 Sep 2001 16:08:40 -0400
Message-ID: <nq07rt838dp7sv863jbdeoekjddt7ojk71@4ax.com>

On Thu, 27 Sep 2001 10:59:49 -0700 (PDT), Chip McClure <vhm3@hades.dnsalias.net>
wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Thu, 27 Sep 2001, Luc Pardon wrote:
>
>I agree whole-heartedly with you on this issue. I believe it is the users
>responsibility keeping their machines patched, up to date, and secure.
>Whether they are technically minded or not. It is not the ISP's
>responsibility to police all their users, however, given the high number
>of infections, and network saturation of bandwidth, something has to be
>done. Unfortunately, for the ISP's, they would bear the burden of
>implementing filters (which I disagree with), or suspending accounts of
>infected users' machines. If a customer is detected as having an infected
>machine, give em a 24 hour shut-off notice. The ISP also looses money by
>an infected customer. They need to pay the increased costs of bandwidth,
>for the infected machines. I think the ISP wins in the long run, getting
>rid of a few infected users.

Interestingly, I believe that we are one of the few ISP's that actually uses a
quarantine method, ie at first sign of infection or other security issue we will
disconnect the customer, notify them via voice, and dispatch a field service
tech to their location if necessary. Of course this has a few issues as well.
One being that I was specifically involved in getting a provision put into our
contracts that we have the right of temporary disconnection without written
notification for up to 15 days, and indefinite once notified. Secondly we have
lost a few customers because of this but I have convinced management to see this
as a net gain citing specifically the costs involved in processing abuse
incidents as well as others (bandwidth savings...). Also this does take up
resources on our end, but we feel its worth it.

>
>A vulnerable machine left on the internet, is like leaving your wallet,
>credit cards, and your front door wide open. Nobody else wopuld do that -
>and it shouldn't happen here.

While I don't agree with this specific analogy, the sentiment is relatively
close to mine. So no quibble there.

>
>This also opens up a new door - what to do about the corporate systems on
>the net which are infected / vulerable?
>
>The Gartner group was right. Of course, this is just all my $0.02

Yes, yes they are. We have made an effort to inform our customers of this and
try hard to convince them to out source things that may require any MS product.

>
>Chip McClure
>
>- -----
>Chip McClure
>Sr. Unix Administrator
>GigGuardian, Inc.
>
>http://www.gigguardian.com/

BTW: I do not speak for my company....etc.

-- 
geoff

A UI is about making the computer's power easy to exploit, not about making new users feel comfortable. -- http://slashdot.org/comments.pl?sid=00/08/18/1711210&cid=83

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com