[nSLUG] Off Topic: ISP filtering

George N. White III aa056 at chebucto.ns.ca
Sat Mar 13 08:35:53 AST 2004


On Sat, 13 Mar 2004 bdavidso at supercity.ns.ca wrote:

> [typical accounts of Win32 security problems]
>
> So... Here's my dilemma.  I'm thinking about the benefits of putting our
> dialup clients behind a firewall, not unlike what I use in our office.  I
> [...]

In practice, firewalls have poor cost/benefit ratios.  You will end up
with more "why can't I connect to http://www.xx.yy:NNNN" questions to deal
with, and users can run firewalls themselves.  In a non-commercial
environment it makes sense to put more effort into upfront measures (e.g.,
initial system config) so you spend less time cleaning up messes, but I'm
not sure how that would work in the standard service provider environment.
Maybe including a 1-time free setup and charging much higher $$ for
subsequent cleanups.  You might want to provide pro-active port scanning
and maintenance.  Maybe 2 classes of service: with and without firewalls
with different fee structures (including cleanup fees).

--
George N. White III  <aa056 at chebucto.ns.ca>
  Head of St. Margarets Bay, Nova Scotia, Canada



More information about the nSLUG mailing list