Fairly simple solution to this: offer them managed secure services.
For a nominal fee (1 CHF, 5 CHF, whatever) per month, you only allow
those services through. Mickey is right, it would not stop worms, a
lot of them would still get through though, but it would cut down.
regardless of what you do, I could see you being faced with
(a) massive support issues ("why isn't xyz working?" even if they agreed
to a 'limited' internet connection, and "hey, I want internet access,
but I can't run MSNetworkPornBrowser32.exe" if you just limit them
by default)
(b) potential legal issues ("you said xyz was secure, but I got a virus"
even if it came from a p1r8 war3z floppy little Hans-Fritzli brought
home from school)
Frankly, from a corporate network security standpoint, the ISP guys
have a great deal (see "common carrier".) I'd keep it simple, as the
solutions sound worse than the problem...
I'll shut up now.
-John
> Hi Pascal
> and folks
>
> Pascal Gloor wrote:
>> Hi folks,
>>
>> Considering those facts:
>>
>> - the growing number of worms and any other form of harmfull virus.
>> - that IP is a powerfull tool.
>> - the growing bandwidth usable for end-users.
>> - the need for business customers to have stable and reliable
>> internet
>> access.
>>
>> Today we're perhaps offering our customer a too powerfull tool. Most
>> (lets
>> say 80 or 90%) of our "mass" customers only use
>> smtp/pop3/imap/http/https.
>>
>> Is it still appropriate to give to "mass" customers ability to generate
>> any
>> kind of communication using IP?
>> What about blocking TCP_SYN _TO_ dial/adsl (non-business) customers?
>> Should we even think about blocking some kind of outgoing traffic?
>>
> then you'll don't sell a "free" internet.
> what's about users use vpn to the office? some special ports like to use
> web-mail (Port e.g. 8383) and M$ Terminal-Services? and...
>
> other Q: what do you want to block?
>
>> I'm not asking this on a technical point of view, but more on a
>> philosophical point of view.
>>
> That's ok, but we should kill the root.
>
>> Ideas?
>>
>>
>> Pascal
>>
> Roger
>
>> ----------------------------------------------
>> [EMAIL PROTECTED] Maillist-Archive:
>> http://www.mail-archive.com/swinog%40swinog.ch/
>> .
>>
>
> --
> F�r weitere Ausk�nfte stehen wir Ihnen gerne jederzeit zur Verf�gung.
>
> Mit freundlichen Gr�ssen
> Roger Buchwalder
>
> Internet Online AG
> Adlikerstr. 290
> 8105 Regensdorf
> Switzerland
> [EMAIL PROTECTED]
> tel +41 1 871 40 70
> fax +41 1 871 40 80
>
> .
>
> ----------------------------------------------
> [EMAIL PROTECTED] Maillist-Archive:
> http://www.mail-archive.com/swinog%40swinog.ch/
>
----------------------------------------------
[EMAIL PROTECTED] Maillist-Archive:
http://www.mail-archive.com/swinog%40swinog.ch/
