N O Y B
St. John 3.16
join:2005-12-15
Forest Grove, OR
| reply to Khaine
Re: Security Absurdity: A long-overdue wake up call
said by Khaine  :And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it. Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability. I don’t think you understand how to detect a bot. You don’t target each specific type. You target by activity. Ex: set up a firewall and start logging unsolicited traffic. Then shutdown the ones that are obviously bots.
They are liable if they know of illegal activity and do not take action stop it. You can not provide service to someone knowing they intend to using for conducting illegal activity and claim innocents. It would be like a gun shop selling a gun to a person all the will knowing they intend to us it to commit a crime (armed robbery, murder, etc).
There are certain illegal activities taking place on ISP networks by their very on customers and the ISP know it. And I know they know it because I know it too. In the case of bots it does not require scanning all traffic. Bot detection and shutdown is much simpler than that.
What I don’t understand is why there are so many in support of the apathetic status quo. Are that many of you actually bot operators and spammers? |
|
Khaine
join:2003-03-03
Australia
| reply to N O Y B
said by N O Y B :Apathy is right. Especially on the part of ISPs that could very easily automate such things as bot detection and automatically shutdown the connection. They could also automate detection and blocking of certain automated types of email address harvesting. Even if you pull the logs from your firewall and send your ISP major offenders nothing is likely to be done. Shutting down the easy to detect high offending bots would go a long ways toward protecting the ignorant computer operator. At least maybe for more the 4 minutes. With all the bots hitting my firewall it’s easy to see how an unprotected computer could be taken control of in a matter of minutes. There are some other things ISPs and corporations need to do as well. Like untying account number and/or login ID from publicly used things such as email address and web space URL, etc. And make all authentication via secure methods, even for SMTP/POP and NNTP, etc. And what happens when a new bot comes out that the ISP doesn't scan for and a customer gets infected and sues the ISP for failure to do its job? You know someone would do it.
Currently ISP's are common carriers and don't have any liability for traffic that passes through their network. Buy forcing them to scan users or whatever you could change their legal status and their liability. |
|
N O Y B
St. John 3.16
join:2005-12-15
Forest Grove, OR
| reply to HMS1
Apathy is right. Especially on the part of ISPs that could very easily automate such things as bot detection and automatically shutdown the connection. They could also automate detection and blocking of certain automated types of email address harvesting.
Even if you pull the logs from your firewall and send your ISP major offenders nothing is likely to be done. Shutting down the easy to detect high offending bots would go a long ways toward protecting the ignorant computer operator. At least maybe for more the 4 minutes. With all the bots hitting my firewall it’s easy to see how an unprotected computer could be taken control of in a matter of minutes.
There are some other things ISPs and corporations need to do as well. Like untying account number and/or login ID from publicly used things such as email address and web space URL, etc. And make all authentication via secure methods, even for SMTP/POP and NNTP, etc. |
|
HMS1
join:2006-01-14
Austin, TX
| reply to SpannerITWks
Well it's rather hyperbolic. As you can tell from the title.
Failure compared with what? With some magic solution that would fix all the problems better than all the current efforts? Or maybe compared with a situation where the bad guys stop attacking because of their sudden good will?
One might as well say that we're doing very well. In fact if best practices are applied then it is really very hard to break into a system (please, no snarks about unplugging it). In the best case - good configuration, good policies, all patches, etc. - the attacker has to discover some previously unknown vulnerability, and the defender has to detect the intrusion and foil it. And at this level of practice, the forces are about evenly matched.
The real-life situation departs from this in (a) human error and (b) distortion of the OS market by a monopoly. The proximate causes of the plague of malware and compromises, apart from the exploiters themselves, are sysadmin errors in organizations, and home-user ignorance and apathy. The main underlying cause is the OS market being dominated by a buggy product as a result of urestrained anti-competitive business practices.
Calling this situation a "failure of information security" implies some sort of technical or intrinsic failure, when in reality the ultimate problems are mainly non-technical. |
|
