Re: Recommendation in Australia for ISPs to force user security?

[Jens Link]

Joel Jaeggli  writes:

> not sure how they propose to enforce that, instrumentation approaches
> that look inside the home gateway have a non-trivial falsh positive rate
> and you've got a lot more hosts than ip addresses.

Well you force your users to install some software to control that you
have a current anti virus and a firewall in place. This software will
only run for certain versions of Windows and will have quite a lot of
CVE entrys. 

I will never get access to such a network. I don't use anti virus and I
don't have a firewall on my Laptop (by default I'm only running sshd and
if I need a (t)ftpd I start it manually).

Jens
-- 
-
| Foelderichstr. 40   | 13595 Berlin, Germany| +49-151-18721264 |
| http://blog.quux.de | jabber: jensl...@guug.de | ---  | 
-

Re: Recommendation in Australia for ISPs to force user security?

[Mark Newton]

On 23/06/2010, at 4:00 AM, Gadi Evron wrote:

> http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
> 
> "A government report into cybercrime has recommended that internet 
> service providers (ISPs) force customers to use antivirus and firewall 
> software or risk being disconnected.
> security

Observation: The more someone uses the prefix "cyber", the less they
know what they're talking about.

(glares meaningfully at a coterie of cyberterrorism consultants)

Belinda Neal's committee is in the process of being pilloried by just 
about everyone who knows how to spell TCP/IP.  The whole thing is a 
complete embarrassment:  Last year we were all confronted with the spectacle
of her ridiculous clutch of MPs wasting the time of the security experts
invited to testify by quizzing them about movie plot threats.  Now we
get a proposal to move "cybersecurity" regulation to ACMA, the same
Government body which licenses spectrum; and controlfreaky suggestions 
about mandatory industry codes imposed on ISPs.

It's rampant screaming idiocy, the Dunning-Krueger effect in full motion.
I'd suggest that almost none of it will go anywhere at all, if not for 
the fact that Belinda Neal's entire political party seems to share her
mastery of of the issue.

ObNOG: Botnets are bad, n'kay?

  - mark

--
Mark Newton   Email:  new...@internode.com.au (W)
Network Engineer  Email:  new...@atdot.dotat.org  (H)
Internode Pty Ltd Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223

Re: Recommendation in Australia for ISPs to force user security?

[Mark Smith]

On Wed, 23 Jun 2010 07:55:37 +1200 (FJT)
Franck Martin  wrote:

> You forgot to talk about a tax on all of that too... ;)
> 
> Note the Great Firewall of Australia is slowly going down in flames...
> 

The industry has had plenty of entertainment out of the following
two videos in the last two weeks. The first video is of the Minister for
Broadband, Communications and the Digital Economy

http://www.youtube.com/watch?v=1gl7X6peh-w

http://www.youtube.com/watch?v=v-enBtKjgcU

> Now, there are two options, fight these type of proposals (resources spent to 
> avoid something and make political enemies) or encourage the proposal by 
> Netherlands and France to put Internet Freedom as a basic right for 
> democracies: http://ambafrance-us.org/spip.php?article1659
> 
> 
> 
> - Original Message -
> From: "Deepak Jain" 
> To: "Joel Jaeggli" , "Gadi Evron" 
> Cc: nanog@nanog.org
> Sent: Wednesday, 23 June, 2010 7:17:16 AM
> Subject: RE: Recommendation in Australia for ISPs to force user security?
> 
> Come on, you aren't thinking gov't-enough.
> 
> "BASIC" broadband access will be a SSH/web-only proxy with 
> firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was 
> solved a long time ago. Maybe you don't even get your own IP anymore -- and 
> you have to access your email through their web portal too. This also 
> qualifies you as net-neutral in that everyone gets the same poor service. 
> Only content providers that sign an agreement to be free of virii and malware 
> (with an appropriate "inspection/sanitization" charge will be let through... 
> e.g. Netflix or whomever) -- this way, you aren't being made to differentiate 
> between bits, you are being made to ensure national security.
> 
> "BUSINESS" broadband access might give you a real IP, allow you to torrent, 
> but you sign a piece of paper that authorizes them to charge you if you get 
> infected, or better yet, a maintenance plan of a $24.95/month on top of your 
> service to make sure you don't get infected with a remotely managed 
> firewall/router or whatever will meet the definition of the regulation.
> 
> This can be solved so fast it'll make your head spin. Build a big proxy 
> "cloud", send everyone 60 days notice once the regulation comes in effect, on 
> day 61 throw the switch. Day 62, collect orders for the upgraded service. 
> *PROFIT*
> 
> My only shock is that Washington isn't leading Canberra on this, with an even 
> faster timeline than the one above.
> 
> Deepak
> 

Re: Recommendation in Australia for ISPs to force user security?

[William Herrin]

On Tue, Jun 22, 2010 at 2:30 PM, Gadi Evron  wrote:
> http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
> "A government report into cybercrime has recommended that internet service
> providers (ISPs) force customers to use antivirus and firewall software or
> risk being disconnected.

Why not go for the low hanging fruit first? Ask ISPs to provide a
connection with inbound TCP filtered by default and enable inbound TCP
only by customer request.

We'll do that with carrier NATs after free pool depletion anyway...
might as well get started.

-Bill

-- 
William D. Herrin  her...@dirtside.com  b...@herrin.us
3005 Crane Dr. .. Web: 
Falls Church, VA 22042-3004

Re: Recommendation in Australia for ISPs to force user security?

[Franck Martin]

You forgot to talk about a tax on all of that too... ;)

Note the Great Firewall of Australia is slowly going down in flames...

Now, there are two options, fight these type of proposals (resources spent to 
avoid something and make political enemies) or encourage the proposal by 
Netherlands and France to put Internet Freedom as a basic right for 
democracies: http://ambafrance-us.org/spip.php?article1659



- Original Message -
From: "Deepak Jain" 
To: "Joel Jaeggli" , "Gadi Evron" 
Cc: nanog@nanog.org
Sent: Wednesday, 23 June, 2010 7:17:16 AM
Subject: RE: Recommendation in Australia for ISPs to force user security?

Come on, you aren't thinking gov't-enough.

"BASIC" broadband access will be a SSH/web-only proxy with 
firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was 
solved a long time ago. Maybe you don't even get your own IP anymore -- and you 
have to access your email through their web portal too. This also qualifies you 
as net-neutral in that everyone gets the same poor service. Only content 
providers that sign an agreement to be free of virii and malware (with an 
appropriate "inspection/sanitization" charge will be let through... e.g. 
Netflix or whomever) -- this way, you aren't being made to differentiate 
between bits, you are being made to ensure national security.

"BUSINESS" broadband access might give you a real IP, allow you to torrent, but 
you sign a piece of paper that authorizes them to charge you if you get 
infected, or better yet, a maintenance plan of a $24.95/month on top of your 
service to make sure you don't get infected with a remotely managed 
firewall/router or whatever will meet the definition of the regulation.

This can be solved so fast it'll make your head spin. Build a big proxy 
"cloud", send everyone 60 days notice once the regulation comes in effect, on 
day 61 throw the switch. Day 62, collect orders for the upgraded service. 
*PROFIT*

My only shock is that Washington isn't leading Canberra on this, with an even 
faster timeline than the one above.

Deepak

RE: Recommendation in Australia for ISPs to force user security?

[Deepak Jain]

Come on, you aren't thinking gov't-enough.

"BASIC" broadband access will be a SSH/web-only proxy with 
firewalling/antivirus/etc capability. That whole pesky HTTP/1.0 problem was 
solved a long time ago. Maybe you don't even get your own IP anymore -- and you 
have to access your email through their web portal too. This also qualifies you 
as net-neutral in that everyone gets the same poor service. Only content 
providers that sign an agreement to be free of virii and malware (with an 
appropriate "inspection/sanitization" charge will be let through... e.g. 
Netflix or whomever) -- this way, you aren't being made to differentiate 
between bits, you are being made to ensure national security.

"BUSINESS" broadband access might give you a real IP, allow you to torrent, but 
you sign a piece of paper that authorizes them to charge you if you get 
infected, or better yet, a maintenance plan of a $24.95/month on top of your 
service to make sure you don't get infected with a remotely managed 
firewall/router or whatever will meet the definition of the regulation.

This can be solved so fast it'll make your head spin. Build a big proxy 
"cloud", send everyone 60 days notice once the regulation comes in effect, on 
day 61 throw the switch. Day 62, collect orders for the upgraded service. 
*PROFIT*

My only shock is that Washington isn't leading Canberra on this, with an even 
faster timeline than the one above.

Deepak

> -Original Message-
> From: Joel Jaeggli [mailto:joe...@bogus.com]
> Sent: Tuesday, June 22, 2010 2:58 PM
> To: Gadi Evron
> Cc: nanog@nanog.org
> Subject: Re: Recommendation in Australia for ISPs to force user
> security?
> 
> not sure how they propose to enforce that, instrumentation approaches
> that look inside the home gateway have a non-trivial falsh positive
> rate
> and you've got a lot more hosts than ip addresses.
> 
> On 06/22/2010 11:30 AM, Gadi Evron wrote:
> > http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-
> 339304001.htm
> >
> >
> > "A government report into cybercrime has recommended that internet
> > service providers (ISPs) force customers to use antivirus and
> firewall
> > software or risk being disconnected.
> > security
> >
> > Committee chair Belinda Neal said in her introduction to the 262-page
> > report titled "Hackers, Fraudsters and Botnets: Tackling the Problem
> of
> > Cyber Crime" that due to the exponential growth of malware and other
> > forms of cybercrime in recent years, "the expectation that end users
> > should or can bear the sole responsibility for their own personal
> online
> > security is no longer a tenable proposition".
> >
> > "We need to apply the same energy and commitment given to national
> > security and the protection of critical infrastructure to the
> cybercrime
> > threats that impact on society more generally," she said."
> >

Re: Recommendation in Australia for ISPs to force user security?

[Scott Weeks]

--- g...@linuxbox.org wrote:
From: Gadi Evron 

http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm

"A government report into cybercrime has recommended that internet 
service providers (ISPs) force customers to use antivirus and firewall 
software or risk being disconnected.
security




This is being discussed extensively on AUSNOG and is but one link in a long 
chain of gov't trying to control the internet there with little realization of 
how ineffective the proposals are.  Seems to be politicians playing to a 
certain part of the populace so votes can be obtained.

scott

Re: Recommendation in Australia for ISPs to force user security?

[Joel Jaeggli]

not sure how they propose to enforce that, instrumentation approaches
that look inside the home gateway have a non-trivial falsh positive rate
and you've got a lot more hosts than ip addresses.

On 06/22/2010 11:30 AM, Gadi Evron wrote:
> http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm
> 
> 
> "A government report into cybercrime has recommended that internet
> service providers (ISPs) force customers to use antivirus and firewall
> software or risk being disconnected.
> security
> 
> Committee chair Belinda Neal said in her introduction to the 262-page
> report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of
> Cyber Crime" that due to the exponential growth of malware and other
> forms of cybercrime in recent years, "the expectation that end users
> should or can bear the sole responsibility for their own personal online
> security is no longer a tenable proposition".
> 
> "We need to apply the same energy and commitment given to national
> security and the protection of critical infrastructure to the cybercrime
> threats that impact on society more generally," she said."
> 

Recommendation in Australia for ISPs to force user security?

[Gadi Evron]

http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm

"A government report into cybercrime has recommended that internet 
service providers (ISPs) force customers to use antivirus and firewall 
software or risk being disconnected.

security

Committee chair Belinda Neal said in her introduction to the 262-page 
report titled "Hackers, Fraudsters and Botnets: Tackling the Problem of 
Cyber Crime" that due to the exponential growth of malware and other 
forms of cybercrime in recent years, "the expectation that end users 
should or can bear the sole responsibility for their own personal online 
security is no longer a tenable proposition".


"We need to apply the same energy and commitment given to national 
security and the protection of critical infrastructure to the cybercrime 
threats that impact on society more generally," she said."