dslreports logo
site
spacer

spacer
 
   
spc
story category
FCC Announces Voluntary CyberSecurity Program
Urges ISPs to Follow Comcast's Lead on Botnets DNS Security
by Karl Bode 10:56AM Friday Mar 23 2012
Last month FCC boss Julius Genachowski gave a speech in which he urged ISPs to beef up their security practices, citing Comcast and CenturyLink as two companies that did things right in regards to handling botnets and other menaces. Yesterday Genachowski took things one step further by announcing a new voluntary Cybersecurity program that urges ISPs to shore up security measures versus botnets, attacks on the Domain Name System (DNS), and Internet route hijacking.

To be clear, the FCC is recommending ISPs adopt programs most of them have already adopted. Comcast for example has been at the forefront of DNSSec upgrades and walled garden botnet alert systems since 2009. There have, as you might expect, been some stragglers on this front who don't want to spend the necessary funds to expand their network security efforts. AT&T, for example, recently stated they had no interest in seriously beefing up their anti-botnet measures.

According to the FCC's program fact sheet, the program is absolutely voluntary -- meaning that if ISPs aren't doing a good job now shoring up network security, this will change nothing. What it does is deliver a few quick political brownie points to the FCC, who in recent years has perfected these kind of "show pony" efforts (like our national broadband plan) that say a lot but accomplish little. It also tries to pre-empt Cybersecurity laws pending in Congress. That may or may not be a good thing, depending on the proposed law and the level of technical insight of the author (in Congress, usually very low).

The effort may at the very least provide a framework (though most of it was established without the FCC's help) for less competent ISPs to follow if they're seriously willing to invest the funds, though it's unlikely the politicians at the FCC can offer network insight most operators don't already possess. According to the agency, Time Warner Cable, Sprint, CenturyLink, Comcast, AT&T, Verizon, T-Mobile and Cox have all signed off on the program.

view:
topics flat nest 

thomas2011

@comcast.net

give me the option of a completely unfiltered connection

this may be fine for the mainstream to get machines virus free(if it really works)

but please we should also have an option of a completely open unfiltered/untouched IP connection for those people who can keep their own network or machines malware free.

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

Re: give me the option of a completely unfiltered connection

said by thomas2011 :

this may be fine for the mainstream to get machines virus free(if it really works)

but please we should also have an option of a completely open unfiltered/untouched IP connection for those people who can keep their own network or machines malware free.

And who certifies you know what you are doing and are malware free? The ISP should take your word for that?
--
The nine most terrifying words in the English language are, I'm from the government and I'm here to help.
»www.politico.com/2012-election/


S_engineer
Premium
join:2007-05-16
Chicago, IL

Re: give me the option of a completely unfiltered connection

Maybe that certification can come from the same people that verify that the ISPs data usage meter works and has accurate readings!
--
"Thanks for the dance... and cut yourself a slice'a throat! "
- Curly (HOI POLLOI, 1935)
ConstantineM

join:2011-09-02
San Jose, CA
What about a captcha?
fldiver
Premium
join:1999-12-27
Jacksonville, FL
That's a really dangerous question to ask of people on this site. Most people on DSL reports are extremely educated in the areas of security and many are probably in the field..
jcremin

join:2009-12-22
Siren, WI
kudos:2
That's like saying I should be able to pay a bit more for my driver's license in order to not be pulled over for speeding. I think that "business class" connections should get special treatment (personal phone call, plenty of warning time, and anything else possible to fix the problem before interrupting any service), but residential connections typically don't need the same level of service. There should still be some sort of warning, rather than simply cutting off service.
ConstantineM

join:2011-09-02
San Jose, CA

malware: business or residential?

You got it all wrong. Business connections are the ones where most of this shit happens. I'm still receiving spam on my custom-generated email address that was only used to communicate with Vonage customer service. Same incident happened with another email address that was used to contact the sales department of a medium-sized hosting company.

At home, people have Macs and iPads. 'nuff said.
ConstantineM

join:2011-09-02
San Jose, CA
I agree — there should definitely be a way to opt-out easily. The vast majority of the population who knows nothing about computers would not opt out, and they're usually the ones that require such protection anyways.

For example, it does make sense if outgoing smtp port 25 is blocked by default, especially on residential connections; however, it should equally be possible to easily unblock it on request. Which is what currently happens with AT&T, and is a good practice, IMHO. (Although, to be fair, it seemingly does take some persistence to get someone on the line who can make the change, I've had no success trying to unblock it through online chat, but some second-tier tech support did it without a problem, even offering to setup rDNS.)

FFH
Premium
join:2002-03-03
Tavistock NJ
kudos:5

1 edit

FCC just blowing smoke

If the FCC wanted to really make waves, they would take out TV ads telling people to drop AT&T internet and move to Comcast or CenturyLink because AT&T is unsafe to use for internet access. That would get AT&T's attention and create a lot of notice. Of course, AT&T would sue the FCC. But I'd bet they would actually start to do something about botnets on their system.

TheHelpful1
Premium
join:2002-01-11
Upper Marlboro, MD

Blind leading the lemmings...

Follow comcast's lead? You mean the company that pushed out network upgrades that would have made it impossible to comply with an act that they were pushing to make law (SOPA)?


--
"My weakness is that I care too much"
ISurfTooMuch

join:2007-04-23
Tuscaloosa, AL

Re: Blind leading the lemmings...

I wouldn't chalk that up to stupidity but probably more to different parts of the company pulling in different directions. If you were to ask and be able to get honest answers, I'd be willing to bet that things like DNSSEC were being pushed by the folks running the Internet division, and upper management, who is more oriented toward TV, likely simply nodded and went along, even though they probably didn't really understand it. OTOH, SOPA was probably being pushed by corporate because, as you know, Comcast either owns or is in bed with lots of TV programmers, but I'll bet that the Internet folks there hated the idea.