The ISP Security Compromise: Allow, But Alert
from the interesting-solutions dept
Over the years, we’ve had many discussions about what role ISPs should play in the computer security of their customers. On the one side, if ISPs are too stringent (blocking things at the network level, for instance), users get upset that their ISPs are disallowing things that should be allowed. Many users just want bandwidth, and get worried when their ISPs take a more active role. On the other side of things, ISPs who are too free with security issues risk allowing themselves to become a huge target for spammers and others. So far, ISPs have pretty much taken an all or nothing approach. If they notice that someone is causing problems, they tend to cut them off completely, leading to an expensive service call. However, there was one presenter at DEMO that had an interesting idea to deal with this. It was a proxy system that would take data from client side security apps and then alert a user through their browser. So, for example, if the ISP noticed the user was acting as a spam-spewing zombie or had some spyware, the next time the user opened his or her browser, the ISP could present a message explaining the problem and how to solve it. It’s much more efficient than simply cutting the person off. Of course, if such solutions became popular, it seems like only a matter of time before phisher moved on to spoofing the browser-based error messages.
Comments on “The ISP Security Compromise: Allow, But Alert”
Plus.net
My ISP already does this with certain viri and spyware. i was browsing and it came up with a page that wouldn’t let me browse the web but it would let me visit there home page and various anti-virus sites and microsoft.com
Message from ISP explaining the problem
Nice idea, but unfortunately malware has been using fake error messages to trick users for years.
No Subject Given
The simple solution is to always tell the customer to contact the ISP support line on the pop up screen. Easy enough for tier one support to then walk them to real cleansing sites. Will not stop all of course, but reminders that “ISP ABC” does not send you to links added to billing statements would also help some. Just my opinion.
Re: why not chat
how about a live chat popup. would decrease call volume for the ISP and give the customer a better experience. And is a it more proactive
No Subject Given
The problem with giving them a heads up is that they then can adjust their tatics to avoid detection.
Monitor and allow limited email from infected user
Perhaps one the ISP can control SMAP infections is have a weekly limit of email from each user. Then if this is exceeded – advise the user.t this number is exceeded then tell the user so the user can clear up the situation.
Another step would be to only allow the user a web based Email while infected – with a limit of the
number of outgoing emails. This would limit the outgoing SPAM while letting the user still communicate – the web based eamil might be text only.
Comments?
Cisco kind of already does this:
Cisco kind of has technology like this. It is called Cisco Clean Access.
Link: http://www.cisco.com/en/US/products/ps6128/
We have it implemented at the University of California, Irvine. While it doesn’t tell them what virus they have, it enforces network rules such as mandatory windows updates, they must have an anti virus. Not sure I would want an ISP doing this to me, but i’m sure it could be modified
No Subject Given
I don’t want my ISP paying attention to my traffic. I want it to transmit my bits.
If this becomes popular (as in, my ISP starts doing it), that will just lead me to start encrypting/tunnelling more of my traffic (as in, all web traffic; my mail and shell traffic already is).
I pay for a road, not a traffic cop.
Re: No Subject Given
hyundai
hyundai tiburon
hyundai sonata
hyundai santafe
hyundai dealer
hyundai car
honda
dealer honda
honda accord
honda civic
honda odyssey
honda pilot
Security Messaging Clarification
Mike,
Nice write up. A couple of clarifications for your readers.
1. Front Porch uses a non-proxy method to deliver security notifications based on output from IDS/IPS. Proxy’s have lots of problems delivering content. We know, we used a proxy approach for a number of years.
2. Security Messages are branded by service provider, enterprise, university and are served from a secure server. Phishers are not likely to duplicate this approach.
Best
Raul