dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1690
share rss forum feed


Teddy Boom
k kudos Received
Premium
join:2007-01-29
Toronto, ON
kudos:19

Employer req. "security" from ISP: Rogers, Start, Teksavvy?

I have a customer who will be working from home for an employer who expects security from the ISP. I'm wondering if anybody can comment on what that might mean (firewall?, anti-virus?, potentially black listed IPs?), and what assurances (aka sales pitch) home ISPs offer in this area.

For the record, my response to the customer:

Security is an interesting notion.. In general, or maybe more correctly to say traditionally, Internet providers aren't really supposed to offer security. Internet providers provide the data, and what you do with it is up to you. However, I can see how some employers might look at other aspects of the business.. Do you have any more information about your employer's requirements? Security is too general a term for me to have much idea where to begin.
--
electronicsguru.ca

bt

join:2009-02-26
canada
kudos:1

It sounds like they mean a security software suite to me. Which I really hope is not what they're actually wanting...


camelot

join:2008-04-12
Whitby, ON
Reviews:
·Start Communicat..
·TekSavvy Cable

1 recommendation

reply to Teddy Boom

Re: Employer req. "security" from ISP: Rogers, Start,

Really broad request. Can they narrow it down?

In terms of "Security", no. I don't believe it should be the responsibility of the ISP. It should be on the employer to protect their OWN infrastructure. We have those client checks as well. Your A/V is out of date? Sorry. Update it first, then connect again.

A good VPN will have client detection, checking for up-to-date A/V, firewall etc etc.

Unless you are actually paying the ISP for "Security" (very rare in residential), it doesn't exist. Nor is the ISP responsible for your systems.



donoreo
Premium
join:2002-05-30
North York, ON
reply to Teddy Boom

What sort of idiot IT department is asking for security from an ISP??



Teddy Boom
k kudos Received
Premium
join:2007-01-29
Toronto, ON
kudos:19

said by donoreo:

What sort of idiot IT department is asking for security from an ISP??



But, that is NOT a good sales pitch

Thanks for that perspective yokocar, interesting.
--
electronicsguru.ca


donoreo
Premium
join:2002-05-30
North York, ON

said by Teddy Boom:

said by donoreo:

What sort of idiot IT department is asking for security from an ISP??



But, that is NOT a good sales pitch

Thanks for that perspective yokocar, interesting.

I agree with Yokocar. It is up to the employer to provide all of that.
--
The irony of common sense, it is not that common.
I cannot deny anything I did not say.
A kitten dies every time someone uses "then" and "than" incorrectly.
I mock people who give their children odd spelling of names.

Phorkster
Premium
join:2004-06-27
Windsor, ON
kudos:1

1 recommendation

reply to Teddy Boom

The kind of IT dept that has no VPN setup. The ISP provides the link. Its up the employer to supply the security.



Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
kudos:22
reply to Teddy Boom

ISPs should be a dumb pipe that gets packets to you. What you do with the packets is up to you.
--
Developer: Tomato/MLPPP, Linux/MLPPP, etc »fixppp.org



indamiddle

@telus.net
reply to Teddy Boom

For an employee working from home, if they are going to access the companies database, they need to set up a full encrypted connection(VPN). Otherwise people could snoop on the open data.

Second is making sure any wireless network in the employees home is truly secure and a router that is not open or wep. Preferred is WPA2 with a 20+string of letters, numbers and characters.

Third is anti-virus... anti-malware... software firewall. router has a hardware firewall but rouge programs may not be stopped getting out by the router.
Avoid using the 'security software' dolled out by an ISP, as some have issues, like daily updaters that fail without you knowing or "hey, lets rewrite various settings on the computer for profit(toolbars, home page hijacks, computer specific DNS setting hijacks, ISP DNS hijacks(misspelled domain helper) and such)".

Fourth??? No filesharing software on the 'work' computer. So much data has been accidentally sent into the internet.

Nothing is 100% secure but might as well make those that want the data to work a little bit harder for it.



Teddy Boom
k kudos Received
Premium
join:2007-01-29
Toronto, ON
kudos:19

Thanks! Not that this is entirely new stuff, but it is nice to have it made explicit by people who deal with it regularly.

The customer offered a bit of clarification, I guess some people at their workplace have had issues in the past!?!!

Just ask if anyone that works for SAP is able to log-on to the SAP server using any other provider than Rogers or bell. Maybe that would clarify. I don't mind if you say SAP.
--
electronicsguru.ca


donoreo
Premium
join:2002-05-30
North York, ON

said by Teddy Boom:

Thanks! Not that this is entirely new stuff, but it is nice to have it made explicit by people who deal with it regularly.

The customer offered a bit of clarification, I guess some people at their workplace have had issues in the past!?!!

Just ask if anyone that works for SAP is able to log-on to the SAP server using any other provider than Rogers or bell. Maybe that would clarify. I don't mind if you say SAP.

They probably need a VPN connection. It is not going to be wide open on the internet.
--
The irony of common sense, it is not that common.
I cannot deny anything I did not say.
A kitten dies every time someone uses "then" and "than" incorrectly.
I mock people who give their children odd spelling of names.

Walter Dnes

join:2008-01-27
Thornhill, ON
reply to Teddy Boom

VNC/RDP/whatever over an ssh tunnel, anyone?


HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to Teddy Boom

Is this "customer" in the IT side of the house or the management side, because that question totally sounds
like it's from the latter.

Pretty good response to get this person to clarify what EXACTLY they want / need -- all too often it's about
"wants," but not very concise what exactly the "want" is. I'd also toss in "security is a PROCESS, not a
PRODUCT. Please clarify what exactly you expect said ISP to secure you from."

My 00000010bits

Regards



DS256
Premium
join:2003-10-25
Markham, ON
Reviews:
·Rogers Portable ..
reply to Teddy Boom

said by Teddy Boom:

Just ask if anyone that works for SAP is able to log-on to the SAP server using any other provider than Rogers or bell. Maybe that would clarify. I don't mind if you say SAP.

IMHO, no one from SAP should be or is likely allowed to comment on their remote security measures. I know my company doesn't allow it. I work for a competitor to SAP.

As already mentioned, it is up to SAP's IT to implement the remote security measures and protocols. The local ISP is not normally involved unless they are blocking specific ports that prevent some protocols from working. There is sometimes a higher subscription fee for home business users rather than simple personal use.

I know that my company provides all VPN (with local network blocking), Firewall, Anti-Virus etc.


A Lurker
that's Ms Lurker btw
Premium
join:2007-10-27
Wellington N
reply to Teddy Boom

When I log in from home to work it's through a company provided VPN (Cisco Small Business QuickVPN Client). That's the only way I can access our company's computer system when I'm not in the building.



DKS
Damn Kidney Stones
Premium,ExMod 2002
join:2001-03-22
Owen Sound, ON
kudos:2
reply to Teddy Boom

My wife works on confidential medical records at home. No additional security beyond standard anti-virus is needed. Her employer visits annually and does a security audit. The computer has to be locked down, but no VPN is required.
--
Need-based health care not greed-based health care.



AkFubar
Admittedly, A Teksavvy Fan

join:2005-02-28
Toronto CAN.
Reviews:
·TekSavvy DSL

1 edit
reply to Teddy Boom

Security is a broad term but usually it can mean the person expects the ISP's network to be secure (free of threats) for email and the connection in general. Likely also means does the ISP have documented measures taken to ensure security, does the ISP have a process for dealing with active threats, does the ISP have a back up plan if things go down, etc.

Edit;

It's best to get some some clarity on exactly what the employer's expectations are.

--
If my online experience is enhanced, why are my speeds throttled?? BHell... A Public Futility.



Teddy Boom
k kudos Received
Premium
join:2007-01-29
Toronto, ON
kudos:19
reply to Teddy Boom

One of my customers from a year or two ago does telephone support from home. She was required to have internet service with more than 6mbit/s download speed to run her VoIP equipment (no upload requirement).... That's why I opened up the question

This customer is relatively non-technical, and may be concerned because of hearsay around the office more than actual issues. However, it seems possible that a bureaucratically minded admin might decide to blacklist large blocks of IPs, or do some kind of reverse lookup to check what ISP an IP is coming from before allowing access, or who knows what else I may not have thought of.

So anyway.. I think the theoretical/technical question of whether it is reasonable to make requirements about the ISP is well answered: the ISP shouldn't have any role in the security, they just provide the bits. The practical question is, do some employers require certain ISPs in written agreements, or use technical means to blacklist some ISPs. It may not be warranted, but it might still happen.
--
electronicsguru.ca



AkFubar
Admittedly, A Teksavvy Fan

join:2005-02-28
Toronto CAN.
Reviews:
·TekSavvy DSL
reply to Teddy Boom

Yeah you could be right. I used to write responses to gov't and charter banks RFP/RFQ and not only did they expect those things I mentioned, but they would actually do a site audit to ensure that you had what you said you have in place and functional. If not you were out of the bidding and probably off the preferred supplier list as well.
--
If my online experience is enhanced, why are my speeds throttled?? BHell... A Public Futility.


MaynardKrebs
Premium
join:2009-06-17
kudos:4
reply to AkFubar

said by AkFubar:

Security is a broad term but usually it can mean the person expects the ISP's network to be secure (free of threats) for email and the connection in general. Likely also means does the ISP have documented measures taken to ensure security, does the ISP have a process for dealing with active threats, does the ISP have a back up plan if things go down, etc.

Edit;

It's best to get some some clarity on exactly what the employer's expectations are.

+100

But try to be as dumb a pipe as Rogers/Bell residential services.
You DON'T want to be in the business of "managed networks" unless you are getting paid BIG bux.

Tell them that they need to supply their own security appliances at each end, own VPN software, own security suites, own OS & application patch management, own security training, if what they want is a $40/month connection from you.

HELLFIRE
Premium
join:2009-11-25
kudos:12
reply to Teddy Boom

said by Teddy Boom:

The practical question is, do some employers require certain ISPs in written agreements, or use technical means to blacklist some ISPs. It may not be warranted, but it might still happen.

For the first part, "not that I've heard before," but you never know. For the 2nd part "I've seen wierder."
Just had a recent issue with a client they "just found out" they were blocking a /15 netblock from a certain
major Americas ISP for the last 9+ years... and d**ned if anyone knew why it was in there.

It takes all kinds.

Regards


AkFubar
Admittedly, A Teksavvy Fan

join:2005-02-28
Toronto CAN.
reply to Teddy Boom

Sounds like a case of expecting business services from a residential internet access.