On Dec 15, 2009, at 4:49 AM, Joakim Aronius wrote:
* Steven Bellovin (s...@cs.columbia.edu) wrote:
On Dec 14, 2009, at 11:47 PM, Joel Jaeggli wrote:
Owen DeLong wrote:
Stable outgoing connections for p2p apps, messaging, gaming
platforms
and foo website with java script based rpc mechanisms have similar
properties. I don't sleep soundly at night becasuse the $49 buffalo
router I bought off an endcap at frys uses iptables, I sleep soundly
because I don't care.
Precisely. And if you want to get picky, remember that
"availability" is part
of the standard definition of security. A firewall that doesn't
let me play
Chocolate-Sucking Zombie Monsters is an attack on the availability
of that
gmae, albeit from the purest of motives.
No, I'm not saying that this is good. I am saying that in the real
world, it
*will* happen.
So what you are saying is that ease of use and service availability
is priority one. Then what exactly are the responsibilities of the
ISP and CPE manufacturer when it comes to security? CPEs with WiFi
usually comes with the advice to change password etc. Is it ok to
build an infrastructure relying on UPnP, write a disclaimer, and let
the end user handle eventual problems? (I assume it is...)
/jkm
Personally, I think that CPE should come up relatively braindead
except on the interior wired ethernet
interfaces and require creating an SSID and suggesting creating a
password (regardless of whether
TKIM, WEP, WPA, etc, at least something) before enabling any
wireless. It should require the user
to create their own administrative password before being able to
enable any other features on the box.
If CPE manufacturers did this, it would remove a great many
vulnerabilities in the world without making
it particularly harder for the average end-user.
Owen
