North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Security v. Privacy (was Re: Is there anything thatactuallygets users to fix their computers?)
While we were fighting blaster/nachi and others, we relied heavily on IDS's to generate alerts for the worms, then we disabled their network access and called them. Generic viruses are not an ISP's problem, but a worm is something that affects the prviders infrastructure, and is therefore a network operators business. Privacy is not an issue in this case as there is a policy being monitored by a policy monitoring tool, and enforced on a per-violation basis. It wasn't a fishing expedition that could assess the users configuration or usage, it was monitoring our network. There is no generalized way, without management access to the customers machine (via SMS or citrix or something), to check that the machine is in compliance with a network policy. An IDS can tell you if it violates policy, and you can act as your security procedures dictate. -- Jamie.Reid, CISSP, [email protected] Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324 >>> "Sean Donelan" [email protected]> 10/05/03 04:49pm >> [...] So from an ISPs point of view, is there a way for the ISP to quickly tell the customer if the particular computer is fixed without unduly intruding on the privacy of the customer? With home networks, there may be multiple computers behind a NAT/router/firewall. So a simple network scan doesn't always work. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2800.1226" name=GENERATOR></HEAD> <BODY style="MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px"><FONT size=1></FONT> <DIV> </DIV> <DIV>While we were fighting blaster/nachi and others, we relied heavily on IDS's to generate</DIV> <DIV>alerts for the worms, then we disabled their network access and called them. Generic </DIV> <DIV>viruses are not an ISP's problem, but a worm is something that affects the prviders</DIV> <DIV>infrastructure, and is therefore a network operators business. </DIV> <DIV> </DIV> <DIV>Privacy is not an issue in this case as there is a policy being monitored by a policy</DIV> <DIV>monitoring tool, and enforced on a per-violation basis. It wasn't a fishing expedition </DIV> <DIV>that could assess the users configuration or usage, it was monitoring our network. </DIV> <DIV> </DIV> <DIV>There is no generalized way, without management access to the customers machine</DIV> <DIV>(via SMS or citrix or something), to check that the machine is in compliance with a </DIV> <DIV>network policy. An IDS can tell you if it violates policy, and you can act as your</DIV> <DIV>security procedures dictate. </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV>--<BR>Jamie.Reid, CISSP, <A href="mailto:[email protected]">[email protected]</A><BR>Senior Security Specialist, Information Protection Centre <BR>Corporate Security, MBS <BR>416 327 2324 <BR><BR>>>> "Sean Donelan" <A href="mailto:[email protected]> 10/05/03 04:49pm >>">[email protected]> 10/05/03 04:49pm >></A><BR><BR>[...]</DIV> <DIV><BR>So from an ISPs point of view, is there a way for the ISP to quickly<BR>tell the customer if the particular computer is fixed without unduly<BR>intruding on the privacy of the customer? With home networks, there<BR>may be multiple computers behind a NAT/router/firewall. So a simple<BR>network scan doesn't always work.<BR></DIV> <DIV><BR> </DIV></BODY></HTML> |