~ Continued ~
< Continued from page 2
Microsoft does offer the option of having the Service Pack sent to you on CD, but the user ends up paying for the CD and for shipping and waiting for the disc to arrive in the mail- neither of which seems acceptable. Maybe Microsoft and other operating system and application vendors should work out arrangements with retail distributors like Best Buy or CompUSA or even Walmart to mass produce the patches and service packs and make them freely available.
The user could then get the patch or service pack for free and get it much quicker by just running up to the store to get the CD.
Knowing that their customer base is generally not security savvy and that even if they were their connection to the Internet would be insufficient to allow them to patch their systems, maybe the ISP?s should take a more active role in protecting the Internet? Even if only for the self-serving reason of providing service to their paying customers who have taken the necessary precautions to protect themselves, it seems like there are basic steps they could take.
At a corporation you would generally have a firewall protecting the perimeter of your network and block ALL unnecessary traffic from entering. This means locking down all ports and only opening traffic on ports that you must in order to conduct business. Even then it is generally possible to limit the computers that are allowed to talk on that port rather than letting all incoming traffic through.
All of these precautions slow things down though.
It takes time for a hardware device or software application to analyze each packet of information to determine the source and destination machines as well as the port being used and compare it against the rules established by you to determine if the packet should be blocked or allowed through. An ISP is trying to provide the maximum bandwidth possible to as many customers as possible. While it may make the network more secure to monitor and filter packets, it would be counter-productive to the ultimate goal of giving people the speed they desire.
Yet, there should be a middle ground. If the argument is that blocking ports or filtering traffic will slow things down and that seems unacceptable, then is it not more unacceptable to allow a handful of your customers to propagate malicious code that bogs the network down to the point that it is unusable at all? Perhaps the customers would be willing to exchange a decrease in overall speed if it means not losing the network altogether.
My home ISP- Wide Open West- recently ran into such issues as a result of the MSBlast worm and the MSBlast ?anti-worm? (aka ?Nachi?). I had taken the time to download and apply all necessary patches and to run updated antivirus software to protect my computers, but that didn?t do me much good when the entire Wide Open West network was essentially ground to a halt from the MSBlast traffic.
In fairness to Wide Open West, I wrote to the regional Vice President of Technical Operations on August 18, 2003 and expressed my concerns. I asked them what, if any steps they had proactively taken to protect the network. I let him know that I would be writing this article and gave them a chance to respond. As of yet I have not received any reply.
Microsoft does offer the option of having the Service Pack sent to you on CD, but the user ends up paying for the CD and for shipping and waiting for the disc to arrive in the mail- neither of which seems acceptable. Maybe Microsoft and other operating system and application vendors should work out arrangements with retail distributors like Best Buy or CompUSA or even Walmart to mass produce the patches and service packs and make them freely available.
The user could then get the patch or service pack for free and get it much quicker by just running up to the store to get the CD.
Knowing that their customer base is generally not security savvy and that even if they were their connection to the Internet would be insufficient to allow them to patch their systems, maybe the ISP?s should take a more active role in protecting the Internet? Even if only for the self-serving reason of providing service to their paying customers who have taken the necessary precautions to protect themselves, it seems like there are basic steps they could take.
At a corporation you would generally have a firewall protecting the perimeter of your network and block ALL unnecessary traffic from entering. This means locking down all ports and only opening traffic on ports that you must in order to conduct business. Even then it is generally possible to limit the computers that are allowed to talk on that port rather than letting all incoming traffic through.
All of these precautions slow things down though.
It takes time for a hardware device or software application to analyze each packet of information to determine the source and destination machines as well as the port being used and compare it against the rules established by you to determine if the packet should be blocked or allowed through. An ISP is trying to provide the maximum bandwidth possible to as many customers as possible. While it may make the network more secure to monitor and filter packets, it would be counter-productive to the ultimate goal of giving people the speed they desire.
Yet, there should be a middle ground. If the argument is that blocking ports or filtering traffic will slow things down and that seems unacceptable, then is it not more unacceptable to allow a handful of your customers to propagate malicious code that bogs the network down to the point that it is unusable at all? Perhaps the customers would be willing to exchange a decrease in overall speed if it means not losing the network altogether.
My home ISP- Wide Open West- recently ran into such issues as a result of the MSBlast worm and the MSBlast ?anti-worm? (aka ?Nachi?). I had taken the time to download and apply all necessary patches and to run updated antivirus software to protect my computers, but that didn?t do me much good when the entire Wide Open West network was essentially ground to a halt from the MSBlast traffic.
In fairness to Wide Open West, I wrote to the regional Vice President of Technical Operations on August 18, 2003 and expressed my concerns. I asked them what, if any steps they had proactively taken to protect the network. I let him know that I would be writing this article and gave them a chance to respond. As of yet I have not received any reply.
