Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Secure by Default
Jason Miller, 2004-05-13

Why "Secure By Default" is a step in the right direction.

Comments Mode:
ISPs should all provide secure by default internet access. 2004-05-14
Anonymous (5 replies)
A cheap and simple way to make the internet safer, improve business
efficiency and reduce crime would be to extend this concept to Internet
Service Providers.

An ordinary internet connection through an ISP provides features that
are not needed for browsing the web or for sending and receiving emails.
For people who only use the web and email the extra features are an
unnecessary danger. An ISP could run a firewall to allow its customers
to easily switch these extra features on or off whenever they wanted.
The features should be set to secure by default. There are two switches
required: 'Speak when spoken to' and 'Disallow fake internet addresses'.

'Speak when spoken to'
With a normal internet connection any computer on the internet can
start a conversation with your computer. This is unnecessary for access
to the web and email because all these conversations are initiated by
your computer not by a computer on the internet. A firewall can be set
to permit conversations started by your computer and block any internet
computers from starting conversations with yours. This eliminates the
possibility of attacks from all computers except those your computer
has recently spoken to, which is virtually every computer on the
internet.

'Disallow fake internet addresses'
Some attacks are made easy by the ability of computers on the internet
to give a fake return address on their packets of information. This
hides the origin of the packet making it more difficult to defend
against and track down the compromised/malicious computer. Switching
this feature off would make attacks more difficult.

I propose that legislation is required to force ISPs to provide these
switches because the people who most need this security are the ones
who do not understand computer security and will therefore not ask
or pay for it. So ISPs that implement it will be at a competitive
disadvantage when selling to these people. People on the internet will
suffer preventable spam, hacking, worms, identity theft, DOS attacks
etc until the ISPs implement this. The ISP is the best place for this
firewall because it will be installed centrally by skilled staff rather
than many times by unskilled users on their computers.



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/241/26182#26182
ISPs should all provide secure by default internet access. 2004-05-17
Todd Knarr (3 replies)
ISPs should all provide secure by default internet access. 2004-05-19
Anonymous
Maybe ICQ could be secure by default too? 2004-05-19
Anonymous
Re: ISPs should all provide secure by default internet access. 2005-09-30
Anonymous
ISPs should all provide secure by default internet access. 2004-05-18
Anonymous
ISPs should all provide secure by default internet access. 2004-05-18
Anonymous
ISPs should all provide secure by default internet access. 2004-05-19
Anonymous (2 replies)
ISPs should all provide secure by default internet access. 2004-05-20
Anonymous
It would reduce the number of compromised computers. 2004-05-20
Anonymous
ISPs should all provide secure by default internet access. 2004-05-20
Anonymous (1 replies)
Explanation of 'switches'. 2004-05-26
Anonymous
Secure by Default 2004-05-14
brian thomas
Secure by Default 2004-05-14
Griggs
Mac OS X 2004-05-16
Enoch (1 replies)
Mac OS X 2004-05-24
Anonymous (1 replies)
Mac OS X 2004-05-25
Anonymous
Secure by Default 2004-05-18
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus