Krebs on Security booted off Akamai network after DDoS attack proves pricey
Peter Beckman
beckman at angryox.com
Tue Sep 27 16:13:39 UTC 2016
On Tue, 27 Sep 2016, Brielle Bruns wrote:
> I don't see how this is a problem exactly? If people want to buy devices
> that connect to their home network, they need to be aware of what these
> devices can do, and it is their responsibility.
I understand that is what you want. What you might like. What we all would
like. People taking responsibility for their impact on others.
Unfortunately people plug things in, and if they work for them, they don't
even think about how what they are doing might affect anyone else. In some
cases, they don't even care. They've got soccer games and work and TV
shows and kids and family. Who has time to become an expert in Internet
security?
Google is doing a great job of annoying or alerting customers to potential
issues, such as the red lock icon on their email, indicating that the
email was sent unencrypted. The user gets worried (oooh, a red lock, that
must be bad, I'm going to yell at someone to fix it for me) and the
service provider jumps to improve the Internet, ideally.
FreeBSD updated their default config so you have to proactively remove
email encryption.
If we are truly worried about IoT and consumers contributing to the
downfall of the Internet, force the consumer router manufacturers and third
party firmware folks to implement whatever is necessary to make filters
and blocking the default. 90%+ of consumers don't change any settings,
beyond the SSID and Wifi Password, and those who do might take the
responsibility you want.
Get the ISPs to realize that secure-by-default consumer routers that they
distribute saves them millions/billions of dollars annually in customer
service and security personnel. Secure-by-default routers means
cost-savings. Get ISPs to pressure manufacturers to implement measures to
protect their own network and the Internet from the non-network-admin consumer.
We tech folk need to do this for the Internet citizens who don't know,
don't care, or don't have time to mess with it.
> If Timmy Numbnuts doesn't understand that plugging in a random device he
> found at Goodwill to his network could potentially carry liabilities, then he
> will keep doing it.
Timmy Numbnuts needs to be protected from himself, so when he plugs in
that device, it doesn't do any harm to anyone but his own network. He'd
have to proactively turn off features or filters on his Router in order to
harm others.
> I point to the current trend of parents watching and smiling, doing nothing
> as their kids destroy people's stores and restaurants. ISPs are literally
> doing the exact same thing when it comes to coddling their customers.
Automation and default configs means customers don't have to do anything,
nor think about it. They are protected both FROM harm from the Internet
and FROM harming the Internet, at least by default.
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the NANOG
mailing list