Security v. Privacy (was Re: Is there anything that actuallygets users to fix their computers?)

Jamie Reid Jamie.Reid at mbs.gov.on.ca
Sun Oct 5 22:08:25 UTC 2003


While we were fighting blaster/nachi and others, we relied heavily on IDS's to generate
alerts for the worms, then we disabled their network access and called them.  Generic 
viruses are not an ISP's problem, but a worm is something that affects the prviders
infrastructure, and is therefore a network operators business. 

Privacy is not an issue in this case as there is a policy being monitored by a policy
monitoring tool, and enforced on a per-violation basis. It wasn't a fishing expedition 
that could assess the users configuration or usage, it was monitoring our network. 

There is no generalized way, without management access to the customers machine
(via SMS or citrix or something), to check that the machine is in compliance with a 
network policy. An IDS can tell you if it violates policy, and you can act as your
security procedures dictate. 
 


--
Jamie.Reid, CISSP, jamie.reid at mbs.gov.on.ca
Senior Security Specialist, Information Protection Centre 
Corporate Security, MBS  
416 327 2324 

>>> "Sean Donelan" sean at donelan.com> 10/05/03 04:49pm >>

[...]

So from an ISPs point of view, is there a way for the ISP to quickly
tell the customer if the particular computer is fixed without unduly
intruding on the privacy of the customer?  With home networks, there
may be multiple computers behind a NAT/router/firewall.  So a simple
network scan doesn't always work.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: TEXT.htm
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031005/2be12ef8/attachment.ksh>


More information about the NANOG mailing list