RE: A question for the list...

 We're talking about (a pound of) cure, how about (an ounce of) prevention?

  There seems to be consensus that (lack of) competence is part of the problem.. If ISP's would/could take on more responsibility, the need for hack-back would be greatly reduced, making discussion if it's nice or not futile, so maybe the following is even on topic ;-)

  Id be interested in the opinion of the community (particularly ISP's) on a scheme like this:

• ISP would block all ports for incoming traffic by default, at least for residential customers, and preferable for corporate customers as well.
• ISP would open up ports on request, in return for a declaration that the customer is aware of the issues and agrees that the port be closed again in case of compromise. This should defend the ISP against damage claims, an often-cited reason for not taking action on infected systems. Suitable procedures could be defined to protect a compentent customer against arbitrary port closure by clueless ISP personnel. Like: when compromise is suspected, customer gets x hours after notification to take action.
• Such opening up of some standard ports (e.g. 80) would be subject to a simple request procedure, like filling out a form,, but not too simple. E.g. the applicant would have to type in a list of ports rather than just clicking some "do you want a foobar server" checkboxes. This could serve as a minimalistic display of competence. Like: if you don't know what port a foobar server uses, you have no business running one.
• Opening up standard ports would be a no-charge option if requested at account setup, and subject to a symbolic fee after that. This would help responsible ISP's remain competitive with others that impose no such restrictions. In fact, they could actually advertise it as a service: "free protection" (if carefully phrased so it doesn't backfire).
• Opening of less-standard ports (those that a "normal" system would not be expected to run services on, e.g. 137) would require more proof of commitment and/or competence by the customer. Suitable definitions of "normal system" and "proof of competence" to be supplied, "proof of commitment" could include higher fees.

  I am aware that most ISP's are operating within tight budgets, I am less aware of the impact of such a scheme on costs.

  One benefit for the ISP would be a reduced load on abuse@.. A benefit for the customer would be reduced maintenance and clean-up costs. The benefits for the community are obvious.

  What do you think ?

  Luc Pardon
  Skopos Consulting
  Belgium

• Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.

To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek