Whelp, can't recall who said it at one of the NANOG presentations
last week but to recap, get involved to help point people in the
right direction in USG or at least provide enough "ops perspective"
to folks so they get a clue or more clue on some of the challenges of
these proposals. (not always an easy task but that one is also a two
way street sometimes it seems) Alternatives or other approaches need
to be highlighted while insuring they're grounded in operational
technical reality.
In other words, Hi I'm from Telecom or ISP X and we're here to help ;)
This will go a long way to prevent the dreaded "R" word from coming
up (regulate). Just to add further perspective, several of us in USG
get called down to the hill to discuss many topics of concern by
lawmakers/staffers. In a recent trip when they called us from US
CERT they were concerned about peer 2 peer file sharing and some of
the security challenges associated with it. We spent some time
educating them on third-party tools and techniques to tackle the
issue and that corporations and agencies need to leverage the
technology. We also highlighted some of the things industry is doing
to tackle these issues. Of course depending on size and fiscal
resources determines the level of mitigations being deployed. Why we
suggested they talk to those in the private sector that actually own
these infrastructures and some of those companies that are providing
mitigation solutions to provide further perspective.
However, as you know security awareness is always a good thing and
user education goes a long way. (always comes back to that end-
user) I know in recent emails from a couple of my providers they
sent out emails and flyers in the monthly statement to point users to
FAQ's on how to protect themselves and where to dload anti-virus,
personal firewall software, and anti-spy/adware tools.
I think it was Vijay(AOL) that also stated that one support call
eats all of the profits from that user based on the expected life of
that user utilizing the service. Hence a financial motivator to
focus on prevention or mitigating the risk factors to lower the
number of those incoming support call volumes so that profit margins
don't get eaten. (I know this is preaching to the choir in some
instances but still a valid point)
Lastly, we'll also relay some of the operational realities back to
those folks but again, awareness and mitigation is the objective.
Suggestions or perspectives welcome :)
Cheers,
Jerry
(quickly putting on the flame retardant suit)
On May 24, 2005, at 6:27 PM, Joe Hamelin wrote:
"The FTC said it would ask 3,000 Internet providers around
the globe to make sure that their customers' computers haven't
been hijacked by spammers who want to cover their tracks and
pass bandwidth costs on to others."
"Hi! I'm from the government. I'm here to help."