On Oct 21, 2011 7:37 PM, "Cameron Byrne" <[email protected]> wrote: > > > On Oct 21, 2011 6:52 PM, "Curtis Villamizar" <[email protected]> wrote: > > > > > > In message <CAD6AjGQCbRkqE4tg3P=+ [email protected]> > > Cameron Byrne writes: > > > > > On Fri, Oct 21, 2011 at 12:04 PM, Curtis Villamizar <[email protected]> wrote: > > > > > > > > In message <CAD6AjGRqy4yjHpWnY+qEiyuJ8egvNtH=5stj= [email protected]> > > > > Cameron Byrne writes: > > > > > > > >> I am in the camp the host should be strong and smart and networks > > > >> should be simple and fast. > > > >> > > > >> Cb > > > > > > > > Same here but we can't get rid of all the windows systems out there. > > > > > > > > > > Why? Even windows XP comes with a host based firewall since 2003 ... > > > That's coming up on 10 years by the time homenet influences the > > > market. > > > > > > <sarcasm> > > > > > > . blah blah blah... we all must engineer for the least common > > > denominator because somebody out there can be attacked by the Morris > > > Worm still... > > > > > > </sarcasm> > > > > > > > > > And, most (cite?) actual attacks are not preventable with a $30 home > > > router. Most (cite?) homenet security issues are relate to phishing > > > and users downloading and installing malware with admin privilege, > > > which PCP and stateful firewalls cannot solve. > > > > > > > > > > So service providers are compelled to put firewalls in front of > > > > consumer customers (and even most small business) and have them > > > > enabled by default. > > > > > > > > To not do so would result in the service provider having a network of > > > > malicious bots (as opposed to a network containing a subset of sites > > > > running malware that the service provider couldn't prevent). > > > > > > > > > > Is there proof that $30 home routers protect computers and "move the > > > needle" on malware? Or is this left over mindset from the 1990s? > > > > > > > > > > Back in the early 1990s I argued that we should not let windows > > > > systems on the Internet. That was back when your network (college > > > > campuses, corporations, etc) could be shut down by a provider if > > > > attacks were coming out of it and you did nothing to completely > > > > eradicate it. An example of this was Mitnik breaking into a > > > > university in Houston and Sesquinet shutting off their Internet for > > > > four days due to a computer science department response that security > > > > was a hard problem and from a practical standpoint there was nothing > > > > they could do about it. Back then, if you couldn't make it secure, it > > > > didn't belong on the Internet. > > > > > > > > > > Would a firewall stopped this or was this social engineering? Also, > > > this is not the 1990s... Things are indeed better now from a network > > > programming perspective. Social engineering and so on are a different > > > layer. > > > > > > > I do see your point and agree with you. From a technical perspective, > > > > firewalls are an inadequate bandaid over a set of OS and application > > > > security problems and the right thing to do is fix the root casue. > > > > > > > ^^^^ > > > Good stuff there. Lets focus on that instead of the dogma and FUD to > > > create "homenet" of the future. > > > > > > Thanks, > > > > > > Cameron > > > > > > > Curtis > > > > > > Cameron, > > > > I was arguing against firewalls as a security solution. You seemed to > > have missed the whole point of the email. Pleae reread it. > > > > Got it, no firewalls, you are against them. > > > At most you could say that I conceded that firewalls are a marginal > > improvement (and therefore won't go away). For the provider it may be > > whether 90% of their users end up running malware or 10% (cite?). > > When there is a new remote exploit discovered it limits the damage. > > Got it, you think firewalls are required because gradma is running BIND 8. > > But, my point is that sp3 windows xp has a default on firewalls. So, assume 10yo software, what exploits are we preventing? How often do they occur? > > I am just looking for specific data so we can make a data supported decision. > > Cb
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10 Accoding to this data, 0.16% are running win2k, which afaik does not have a standard OS based default firewall and is the last Windows OS to not have a standard host based firewall that prevents remote attacks. Are we really engineering and setting security policy for less than1%? Keep in mind this 1% is getting even smaller. Cb
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
