Wayne Frazee.com
Login
Admittedly out of the Ordinary
  • Home
  • Scribblings
  • Soapbox
  • Putting the onus of security protection on the ISP is a BAD idea.

In response to Wanted: Simple home security.

I use Quest DSL (Basic package) and frankly, I think that they are taking a better step than perhaps you recognize. While it is certainly true that no real "security" software is being provided to the end user, a LOT of broadband ISPs are now making it easier than ever for the customer to be loogging on via a router rather than a DSL or Cable modem.

This introduces the basic protection of Network Address Translation which provides low-level fireweall capabilities which are semi-transparent to the end user. Unfortunately, there is a tradeoff to gain NAT: most end users dont even know how to setup thier router for the first time.

Is this really a problem? You only have to drive through the city of Denver to find a real answer for that question. Drive by an apartment complex and the number of unprotected wireless networks is staggering. Without getting into too many details, I have seen two or three maps of segments of the Denver metro area where the wireless networks are actually mapped... not just where they are but whether or not they ahve basic security measures enabled. Run a wireless router without configuring it and you are asking for trouble, even WITH WEP I can break the key based on weak IVs on MOST routers in less than half an hour. This is completely ignoring any firewall configuration issues. Walk up to the average DSL user and ask if they use any custom state-based packet forwarding rules on thier router and you are likely to get a blank stare in reply. This is a huge security concern (or should be, by now) from the ISPs point of view and would not be addressed by a service such as you propose.

Current offerings aside, I really dont think that you have thought this revenue-services based offering all the way through. Lets pretend for a minute that the service is offered for $10. You are now offering a service which broadband users can choose to pay for, for which you now have to deply firewalling equipment at at LEAST the regiounal level. Today's routing/firewall solutions arent cheap for something that could offer a service as comprehensive as you suggest.

And what of the impact on the end user that uses this service? What if the kid wants to play games or host games? These forms of services often "protect" against such things as the connection pattern for a game server or something of that nature is quite different from web browser connection patterns.

Is $10 per month from a SEGMENT of broadband subscribers really going to pay for the extra skilled technicians/administrators, extra firewall equipment, and the "headache cost" of some users who get disgruntled with the service and leave completely because of problems they are encountering? You are adding a layre of complexity on top of a broadband offering for which most ISPs already have trouble delivering consistent quality service.

This is all ignoring end users who dont use this service. They are not protected and have the exact same problems you outline in your piece. $10 a month does not solve enough problems to make such a complex service feasible for the ISPs and I will be damned if I will pay another MANDATORY $10 a month for the DSL company to do for me what I already do, and probably begin to hamper my home connection in the process..

All content and materials Copyright ©2004 by Wayne S. Frazee. All Rights Reserved.

Please note that the postings on this site, including news, scribblings, past writings, posted files, and other material, are my own and don't necessarily represent neither Avanade's nor Avanade's Customers' positions, strategies or opinions nor that of any organization I have previously worked with or represented.