ISPs' willingness to take action

Mon Oct 27 15:48:16 UTC 2003

On 27 Oct 2003, at 10:25, Sean Donelan wrote:

> Most ISPs are relatively secure.  Yes, occasionally a backbone
> router shows up on some list with a password of "cisco."  The major
> problems are in the systems managed and installed on non-ISP networks
> (i.e. end-users).

Maybe all the ISPs I've been involved with in the past ten years have 
been exceptions, but there are only a small handful of them that I 
would elevate to the status of "relatively secure".

> Really?  Most users are angry when their network connection is 
> interrupted
> for any reason, including their own mistakes.

Every now and then some acquaintance or relative hauls me in my 
capacity as unpaid "computer expert", so that I can stare bemusedly at 
their windows problem and mutter things like "buy a mac" under my 
breath.

My experience every time is that end users are amazingly tolerant of 
breakage. The fact that there are popups all over the screen, or that 
it takes five minutes to open their mail client, or that machines 
freeze up every ten minutes and require a hard boot appear to be simply 
accommodated as "that's what computers do".

> As a non-ISP consultant, when a client asks you to configure their
> Exchange server do you always conduct a top-to-bottom security 
> analysis of
> the client's entire business infrastructure and refuse to do business 
> with
> them until after they have corrected every deficiency?  Or does the 
> client
> just say screw you, and hires a different consultant that will do what
> the client wants?

When I was a consultant, I was never sufficiently mercenary to ask for 
money in return for what I *knew* to be bad advice. I'd far rather they 
buy their bad advice elsewhere.

Joe