RE: Would you pay more ...
From: Nick Benigno (NBenigno_at_atchealthcare.com)
Date: 07/06/04
- Previous message: Thomas48: "RE: Port 80 open without WebServer"
- Maybe in reply to: Jeff: "Would you pay more ..."
- Next in thread: Harrison Gladden: "Re: Would you pay more ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Tue, 6 Jul 2004 12:22:51 -0400
Pay more? Nah, instead they should offer each user a router instead of a
modem as a preferred option. If security is in mind, the router could be
pre-configured to limit the ports passed through, and a manual/tech support
of the manufacturer should be supplied.
Linksys routers can be placed after cable modems and dsl modems for a cheap
price, by default restricting direct inbound access to the computer(s)
behind it. If you wish to have more security, a firewall is of course the
best way to go. To come up with just another profit scheme for ISP's to
leach people for more money for safety is not what I like to hear.
plus, as you are talking about common ports like FTP, SMTP, SHH, and WWW
that are commonly used when exploiting a persons machine, so if you are
talking about helping grandma's pc, it just doesn't work out exactly like
you said.
While you may block some trojans that operate on non-configurable ports not
listed, it doesnt stop some of the most common things like the victim being
abused as a fileserver, webserver(for further exploitation), and
mailserver(spam).
Also, IMO ISP's should have some sort of responsibility to inform users of
basic security issues while connecting to the internet and using their paid
services.
-----Original Message-----
From: Jeff [mailto:Jeff@Not_A_Real_Address.com]
Sent: Friday, July 02, 2004 2:57 PM
To: security-basics@securityfocus.com
Subject: Would you pay more ...
Regarding standard consumer broadband connections ...
Would you pay more to only have the following destination ports open
to the internet originating from your broadband modem:
tcp 21 - ftp
tcp 22 - ssh
tcp 25 - smtp
tcp, udp 53 - dns
tcp 80 - www
tcp 110 - pop3
tcp 119 - nntp
udp 123 - ntp
tcp 443 - secure www
(Arguments for/against specific ports solicited. I purposely left
some out that I don't use. Curious how significant they are to
others. IMAP4 and icmp protocols come to mind)
ALTERNATIVELY, would you like it if this was the STANDARD package and
additional ports were considered optional, and required payment.
LASTLY, this could start out as the NEW Secure way to go! It simply
requires that your existing cable modem be upgraded (replaced) at a
cost of $50-$75. All new installations would recieve these as part
of the std pkg.
(I know some small businesses that would LOVE to have this. I know
because they've called me to resolve some "weird problems" and look
at me funny when I tell them that they should have had a firewall all
along.)
I would REALLY like to hear from those of you that work in the ISP
field. I have always been on the receiving end of an ISP -- never
worked in that trench. But I suspect that this type of firewall could
be built into every single cable/dsl modem used at little expense.
Indeed, could save lots of money on bandwidth.
Consider Grandma now ... she typically isn't a gamer and need other
ports open. Nor does she work at home and require a vpn. BUT she is
the MOST likely to get hit by some exploit, and it's her damned box
(x 1,000,000) uselessly eating up bandwidth because some smart-aleck
*&#$ing script kiddie bas(*&#$
.... ohm-yelli-mon ... ohm-yelli-mon ... OK, ok, better.
Jeff
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Thomas48: "RE: Port 80 open without WebServer"
- Maybe in reply to: Jeff: "Would you pay more ..."
- Next in thread: Harrison Gladden: "Re: Would you pay more ..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
