Re: Would you pay more ...

• Previous message: Ansgar -59cobalt- Wiechers: "Re: WToolsA / WToolsS"
• In reply to: Jeff: "Would you pay more ..."
• Next in thread: Steven Trewick: "RE: Would you pay more ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 06 Jul 2004 14:21:00 -0700
To: security-basics@securityfocus.com

As my first post to this list and a paid network administrator I would say
that I would not pay more myself to have a feature limited internet
connection. I definitely balk at the idea that having the full range of
addressable ports would cost more, but sadly this is more often true that
not. "You want full access to the internet?You want to host your own
server? You will have to buy our bussiness package, 4x the cost, same
amount of bandwidth, but we allow you to host a server, or for an
additional fee we will host a server for you.". I am capable of configuring
my own openBSD firewall and filtering traffic passing through ports.
Now having said that if somebody was to come to market with such a service
one of the things I would like to see built in. A simple background service
would be required to monitor SMTP communications to have a user click a
second button to allow SMTP communications out. Messages that don't get
authorized within a set time gets binned and a 1 line message that you
failed to authorize a outgoing email. Tell the people it's for their own
security, like signing for a package.
 From my own experience it is hard to get people to conceptualize how
internet communications take place. People get lost in the technical jargon
and metaphors can be more damaging to understanding if they are poorly
thought through. Blocking ports by default creates a disconnection
(unintentional pun) between your customers who don't understand that the
could reach google but they mysteriously can't message Auntie Margaret with
the new IM app. Even as a network administrator sometimes it can be
difficult to anticipate what ports need to be opened for a particular
client app as not every company is terribly forthcoming about how network
capable apps communicate.
In the end paying me more to configure a proper firewall would be more
beneficial. Or...
How about a firewalling equivalent to Habitat for Humanity, Port Filtering
for People. A charitable organization that could collect tax deductible
donations to install firewalls on underprivileged home networks. Or...
Maybe it just time for me to go home...

-Dave Dearinger
-Network Administrator
-MD-Online Inc.
-daved@mdon-line.com
-1-888-397-3434
=============================
Email Confidentiality Notice: The information contained in this
transmission is confidential, proprietary or privileged and may be subject
to protection under the law, including the Health Insurance Portability and
Accountability Act (HIPAA). The message is intended for the sole use of the
individual or entity to whom it is addressed. If you are not the intended
recipient, you are notified that any use, distribution or copying of the
message is strictly prohibited and may subject you to criminal or civil
penalties. If you received this transmission in error, please contact the
sender immediately by replying to this email and delete the material from
any computer.

At 02:56 PM 7/2/2004 -0400, Jeff wrote:
>Regarding standard consumer broadband connections ...
>
>Would you pay more to only have the following destination ports open
>to the internet originating from your broadband modem:
>
> tcp 21 - ftp
> tcp 22 - ssh
> tcp 25 - smtp
>tcp, udp 53 - dns
> tcp 80 - www
> tcp 110 - pop3
> tcp 119 - nntp
> udp 123 - ntp
> tcp 443 - secure www
>
>(Arguments for/against specific ports solicited. I purposely left
>some out that I don't use. Curious how significant they are to
>others. IMAP4 and icmp protocols come to mind)
>
>ALTERNATIVELY, would you like it if this was the STANDARD package and
>additional ports were considered optional, and required payment.
>
>LASTLY, this could start out as the NEW Secure way to go! It simply
>requires that your existing cable modem be upgraded (replaced) at a
>cost of $50-$75. All new installations would recieve these as part
>of the std pkg.
>
>(I know some small businesses that would LOVE to have this. I know
>because they've called me to resolve some "weird problems" and look
>at me funny when I tell them that they should have had a firewall all
>along.)
>
>I would REALLY like to hear from those of you that work in the ISP
>field. I have always been on the receiving end of an ISP -- never
>worked in that trench. But I suspect that this type of firewall could
>be built into every single cable/dsl modem used at little expense.
>Indeed, could save lots of money on bandwidth.
>
>Consider Grandma now ... she typically isn't a gamer and need other
>ports open. Nor does she work at home and require a vpn. BUT she is
>the MOST likely to get hit by some exploit, and it's her damned box
>(x 1,000,000) uselessly eating up bandwidth because some smart-aleck
>*&#$ing script kiddie bas(*&#$
>
>.... ohm-yelli-mon ... ohm-yelli-mon ... OK, ok, better.
>
>
>Jeff

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Ansgar -59cobalt- Wiechers: "Re: WToolsA / WToolsS"
• In reply to: Jeff: "Would you pay more ..."
• Next in thread: Steven Trewick: "RE: Would you pay more ..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]