Re: The home user problem returns

[Mason Schmitt <mason () schmitt ca>]

R. DuFresne wrote:
> Mason, I do not think Marcus was beating up on you personally, and I
> don;t think anyone else here would or has either.

Uh oh.  I didn't know I was coming across that way.  I don't feel the
least bit like anyone has been beating on me.  I'm enjoying the
opportunity to discuss my thoughts with such a group of informed people.
    If someone does get genuinely upset with me, I'm quite willing to
hear what they have to say and see whether I think it's valid.

It's true that I'm not in complete agreement with all the replies I have
received (much but not all), but if I were, there would be no point to
all this... We'd just be a group of elitists all agreeing with each
other over how smart we are and how stupid everyone else is ;)

/me ducks

I honestly don't mean that :)


>  You have a tough
> world to work from, that of a tech within an ISP.  But the best that an
> ISP can do is perhaps limited, and since the corp industry is still
> unable to beat the problems that abound, and since gov sites both
> federal and state and local are still up to their collective necks in
> internet-do-do, any efforts from the ISP realms is welcomed though
> perhaps not to have too drmatic of an effect.  But, if each and every
> ISP forced into their routers ingress as well as egress filtering, we;d
> have eleiminted a large number of attack vectors and issues with the
> anonymity that many rely upon for their nasty deeds.

That's one of the things that I really want to see happen.  I want to
see ISPs, right across the board, at least do some basics like
ingress/egress filtering for the really common ports and anti-spoofing.
 I don't have any idea how many of the large ones do this, but I know
that a ton of the small ones don't.

> Afterall, what are folks
> seeking;  a connection plain and simple and since education has not made
> them really aware of the pitfalls they face, why are they going to pay
> more for a service they don;t really seek let alone feel they need?

It seems that there are two primary ways in which people change.  Either
they make a conscious choice to change prior to a problem getting out of
hand (requires knowledge that there is an impending problem and
knowledge of how to avoid the problem) or they endure more and more pain
until they are forced to look at the problem and finally make a choice.

It seems to me that majority of home users fall into the second
category.  So, education needs to target the few that are looking for
info, but don't know what to look for because there is too much out
there.  The media is helping to freak people out, but it's not doing
much to offer solutions.  In fact the media will eventually desensitize
people to the problems which will make the job of helping people
understand, even harder.

The other problem is that you can never expect or force a person to
change.  So if your solution to a problem involves changing someone that
you have no control over, your solution is doomed to failure.  The path
that is more likely to succeed involves moving forward with what you
have control over and those that are cooperating, all the while making
efforts to recruit more from the ranks of the uncooperative or ignorant,
but not requiring it.

Working from that philosophy; that means that the workable solutions
should be easier to spot.  Here are a couple really basic examples:

What you have control over
-----------------------------
Governments put laws (sox is a good example) into place that force those
they have control over (businesses) to comply or face penalties.

Cooperation
-------------
Organizations and their members agree to address a problem as a group
and everyone voluntarily enacts what the group decided on.  The
standards process is a decent example of this.  I'd like to see one of
the large ISP associations hammer out some suggested best practises and
get their members on board.


> Now, if frewalls and spam filters were part of the base
> offering, folks might or  might not notice or be concerned and still
> signon, though that's not a given either.

I'd love to see that, but according to those with the business reins,
competition doesn't allow for that...

> I had hesitated in replying to the user training side of the
> thread as folks tend to view me as a pessimist, rather then a realist.

It really is hard to be an optimist sometimes...  Thanks for your thoughts.

> ingress and egress is the strong begining move to make.

I completely agree.

--
Mason
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards