In message <CAD6AjGQCbRkqE4tg3P=+pgcujyfz-01bk6jr1byxvhcquwa...@mail.gmail.com> Cameron Byrne writes: > On Fri, Oct 21, 2011 at 12:04 PM, Curtis Villamizar <[email protected]> wrote: > > > > In message > > <CAD6AjGRqy4yjHpWnY+qEiyuJ8egvNtH=5stj=4kndyxbivt...@mail.gmail.com> > > Cameron Byrne writes: > > > >> I am in the camp the host should be strong and smart and networks > >> should be simple and fast. > >> > >> Cb > > > > Same here but we can't get rid of all the windows systems out there. > > > > Why? Even windows XP comes with a host based firewall since 2003 ... > That's coming up on 10 years by the time homenet influences the > market. > > <sarcasm> > > . blah blah blah... we all must engineer for the least common > denominator because somebody out there can be attacked by the Morris > Worm still... > > </sarcasm> > > > And, most (cite?) actual attacks are not preventable with a $30 home > router. Most (cite?) homenet security issues are relate to phishing > and users downloading and installing malware with admin privilege, > which PCP and stateful firewalls cannot solve. > > > > So service providers are compelled to put firewalls in front of > > consumer customers (and even most small business) and have them > > enabled by default. > > > > To not do so would result in the service provider having a network of > > malicious bots (as opposed to a network containing a subset of sites > > running malware that the service provider couldn't prevent). > > > > Is there proof that $30 home routers protect computers and "move the > needle" on malware? Or is this left over mindset from the 1990s? > > > > Back in the early 1990s I argued that we should not let windows > > systems on the Internet. That was back when your network (college > > campuses, corporations, etc) could be shut down by a provider if > > attacks were coming out of it and you did nothing to completely > > eradicate it. An example of this was Mitnik breaking into a > > university in Houston and Sesquinet shutting off their Internet for > > four days due to a computer science department response that security > > was a hard problem and from a practical standpoint there was nothing > > they could do about it. Back then, if you couldn't make it secure, it > > didn't belong on the Internet. > > > > Would a firewall stopped this or was this social engineering? Also, > this is not the 1990s... Things are indeed better now from a network > programming perspective. Social engineering and so on are a different > layer. > > > I do see your point and agree with you. From a technical perspective, > > firewalls are an inadequate bandaid over a set of OS and application > > security problems and the right thing to do is fix the root casue. > > > ^^^^ > Good stuff there. Lets focus on that instead of the dogma and FUD to > create "homenet" of the future. > > Thanks, > > Cameron > > > Curtis
Cameron, I was arguing against firewalls as a security solution. You seemed to have missed the whole point of the email. Pleae reread it. At most you could say that I conceded that firewalls are a marginal improvement (and therefore won't go away). For the provider it may be whether 90% of their users end up running malware or 10% (cite?). When there is a new remote exploit discovered it limits the damage. Curtis
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
