On Fri, Oct 21, 2011 at 12:04 PM, Curtis Villamizar <[email protected]> wrote: > > In message > <CAD6AjGRqy4yjHpWnY+qEiyuJ8egvNtH=5stj=4kndyxbivt...@mail.gmail.com> > Cameron Byrne writes: > >> I am in the camp the host should be strong and smart and networks >> should be simple and fast. >> >> Cb > > Same here but we can't get rid of all the windows systems out there. >
Why? Even windows XP comes with a host based firewall since 2003 ... That's coming up on 10 years by the time homenet influences the market. <sarcasm> . blah blah blah... we all must engineer for the least common denominator because somebody out there can be attacked by the Morris Worm still... </sarcasm> And, most (cite?) actual attacks are not preventable with a $30 home router. Most (cite?) homenet security issues are relate to phishing and users downloading and installing malware with admin privilege, which PCP and stateful firewalls cannot solve. > So service providers are compelled to put firewalls in front of > consumer customers (and even most small business) and have them > enabled by default. > > To not do so would result in the service provider having a network of > malicious bots (as opposed to a network containing a subset of sites > running malware that the service provider couldn't prevent). > Is there proof that $30 home routers protect computers and "move the needle" on malware? Or is this left over mindset from the 1990s? > Back in the early 1990s I argued that we should not let windows > systems on the Internet. That was back when your network (college > campuses, corporations, etc) could be shut down by a provider if > attacks were coming out of it and you did nothing to completely > eradicate it. An example of this was Mitnik breaking into a > university in Houston and Sesquinet shutting off their Internet for > four days due to a computer science department response that security > was a hard problem and from a practical standpoint there was nothing > they could do about it. Back then, if you couldn't make it secure, it > didn't belong on the Internet. > Would a firewall stopped this or was this social engineering? Also, this is not the 1990s... Things are indeed better now from a network programming perspective. Social engineering and so on are a different layer. > I do see your point and agree with you. From a technical perspective, > firewalls are an inadequate bandaid over a set of OS and application > security problems and the right thing to do is fix the root casue. > ^^^^ Good stuff there. Lets focus on that instead of the dogma and FUD to create "homenet" of the future. Thanks, Cameron > Curtis > _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
