North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Points on your Internet driver's license (was RE: Even you can be

  • From: Doug White
  • Date: Sun Jun 13 13:31:00 2004

:
: My arguments are in respect to broadband connections to homes and offices
: without IT department, firewalls or cluefulness. If you own your own IP
: space you'd be considered an ISP, buying transit rather than broadband
: home DSL. What the physical wire looks like the service is delivered on
: really doesn't matter.
:
: If I see your ip space bombarding my mail server I can trace its origin. I
: can contact you and request to fix the problem. If you ignore me, refuse
: to fix the problem I can contact your upstream. Your upstream should then
: have a repsonsiblility to resolve the issue including suspension of
: service if my claims are valid and breach AUP.
:
: Adi
:
:
: I don't understand why you single out the SOHO and individuals as being in
need of control when I read on many lists, the IT departments of many very
large networks continually post their reasons NOT to keep their systems up to
date with patches, etc.  What ISP would DARE to terminate or suspend their
service?

A forinstance, a recent worm invasion took down several airline reservations
systems.  Took down several Air Traffic Control Servers.  This is not to
mention compromises attributable to many large university systems.

These are problems that the IT departments were made aware of well in advance
but did not act to secure their own systems.  Who do you blame here?  What ISP
would DARE to suspend their service, demand a fine, and require a
system/network audit before restoring service?

What this means that all this diatribe, finger pointing, blame someone else
conversation is just that, conversation.  Until the TCP/IP stack is reinvented
to prevent spoofing, and senders are positively, quickly and reliably tracked
down, the responsibility to secure your own network is your responsibility and
none other.

I notice no one is blaming the person/persons who propagate these compromises
whether by intent or by error.  And there are those who defend protecting the
"home turf" but I consider that negligence and ludicrous.

One must choose whether to have their computers and networks sitting out in the
front yard with access to all, or keeping them not only inside, but even in a
secure location inside.  There are those that feel that an unsecured system is
anybody's target without risk, and there are those who feel their children
should be allowed to play unsupervised anywhere without risk.    My suggestion
is to do a reality check and assume responsibility where you can.