Jason Miller, 2004-05-13
Why "Secure By Default" is a step in the right direction.
Colapse all |
Post comment
ISPs should all provide secure by default internet access.
2004-05-14
Anonymous (5 replies)
Anonymous (5 replies)
ISPs should all provide secure by default internet access.
2004-05-17
Todd Knarr (3 replies)
Todd Knarr (3 replies)
Only one problem: blocking incoming server connections breaks clients and protocols. FTP uses incoming connections for client transfers of files. ICQ, AIM and MSN all use incoming connections to client computers for direct chat. Firewalling like that should only occur at the edges, not in the backbo...
[ more ] [ reply ]
[ more ] [ reply ]
ISPs should all provide secure by default internet access.
2004-05-19
Anonymous
Anonymous
FTP is the classic example of a poorly designed protocol. No network protocol should be relying on the client to be able to open ports to listen on. This behaviour gets broken by NAT and/or any sane firewall ruleset. MSN at least has the option to relay file transfers through the server thus removin...
[ more ] [ reply ]
[ more ] [ reply ]
Maybe ICQ could be secure by default too?
2004-05-19
Anonymous
Anonymous
Thank you for your feedback. I hadn't thought about ICQ and similar
client applications but maybe they could be accommodated by both
clients trying to talk to each other at the same time so creating
openings in both their firewalls.
These client applications must either have particular IP a...
[ more ] [ reply ]
client applications but maybe they could be accommodated by both
clients trying to talk to each other at the same time so creating
openings in both their firewalls.
These client applications must either have particular IP a...
[ more ] [ reply ]
Re: ISPs should all provide secure by default internet access.
2005-09-30
Anonymous
Anonymous
Of course it breaks protocols... that's the point! It is secure by default -- meaning it is secure until you make a change (the ISP could provide a simple web-page or similar to open up the firewall). For most applications, there is a way to have them operate behind firewalls (for corporate users) s...
[ more ] [ reply ]
[ more ] [ reply ]
ISPs should all provide secure by default internet access.
2004-05-18
Anonymous
Anonymous
I agree.. but..
ISP's fliping a few switches for features that probably should be active by default anyway, are only part of the solution.
Users, educators, retailers, manufacturers, support teams, software companies and even programmers, all need to take some responsibility for the current me...
[ more ] [ reply ]
ISP's fliping a few switches for features that probably should be active by default anyway, are only part of the solution.
Users, educators, retailers, manufacturers, support teams, software companies and even programmers, all need to take some responsibility for the current me...
[ more ] [ reply ]
ISPs should all provide secure by default internet access.
2004-05-19
Anonymous (2 replies)
Anonymous (2 replies)
I would rather buy a $40 home firewall then pay the extra charges for the ISP to filter out traffic on my behalf.. everything you talk about can be accomplished with a stateful firewall..
...
[ more ] [ reply ]
...
[ more ] [ reply ]
ISPs should all provide secure by default internet access.
2004-05-20
Anonymous
Anonymous
In a way I agree with you (since I already have a firewall), but I also belive you are missing the point somewhat. Most people that really would need a firewall are not at all aware of that fact. The beauty of the ISP blocking traffic is that all the less-then-security-aware users (that is, rougly 9...
[ more ] [ reply ]
[ more ] [ reply ]
It would reduce the number of compromised computers.
2004-05-20
Anonymous
Anonymous
I think the economics depend on the ratio of ISPs to users. For
big ISPs it would be much cheaper to have a central firewall at
the ISP rather than one at every user's site. (For egress filtering
I would of course additionally run a software firewall on my
computers with internet access.)
...
[ more ] [ reply ]
big ISPs it would be much cheaper to have a central firewall at
the ISP rather than one at every user's site. (For egress filtering
I would of course additionally run a software firewall on my
computers with internet access.)
...
[ more ] [ reply ]
ISPs should all provide secure by default internet access.
2004-05-20
Anonymous (1 replies)
Anonymous (1 replies)
That is just silly. We pay ISPs for access not for filtering. Recently a worm got out that used the same ports as bittorrent trackers so several ISPs began blocking ports. This caused havok on the BT networks and people had to move their trackers. BT, FTP... all these protocols would be hurt by ...
[ more ] [ reply ]
[ more ] [ reply ]
Explanation of 'switches'.
2004-05-26
Anonymous
Anonymous
I totally agree that ISPs should provide free, unfettered access
to all ports/protocols/directions if that's what the user wants
but it fosters problems having these switched on by default.
The intention of my 'switches' is to put the user in control not
give the ISP free reign to meddle wi...
[ more ] [ reply ]
to all ports/protocols/directions if that's what the user wants
but it fosters problems having these switched on by default.
The intention of my 'switches' is to put the user in control not
give the ISP free reign to meddle wi...
[ more ] [ reply ]
Secure by Default
2004-05-14
Griggs
Griggs
You hit the head-O-the-nail on this one. IMHO, the "Secure By Default" strategy can be and should be applied to ALL operating systems. Sure, you can't keep people from doing stupid things but stupid things certainly don't need to be done by default! Patches and rewards will never be the complete ...
[ more ] [ reply ]
[ more ] [ reply ]
Mac OS X
2004-05-16
Enoch (1 replies)
Enoch (1 replies)
I am not a Mac OS X fan, but I still want to point out that Mac OS X even has the root account disable by default!...
[ more ] [ reply ]
[ more ] [ reply ]
Secure by Default
2004-05-18
Anonymous
Anonymous
Now that is one fine article. OpenBSD´s idea behind this is simple but efficient. Just imagine that the accomplish this with just the money they make frome selling t-shirts and CD sets. OpenBSD is not for everyone, but their ideas (can) apply to every OS.
Hope redmont will read this article........
[ more ] [ reply ]
Hope redmont will read this article........
[ more ] [ reply ]
efficiency and reduce crime would be to extend this concept to Internet
Service Providers.
An ordinary internet connection through an ISP provides features that
are not needed for browsing the web or for sending and receivin...
[ more ] [ reply ]