Why Don't ISP's Do More to Protect Customers?

The child-like rantings of a loose nut behind the keyboard best to be ignored and never spoken of again. :)
 
ISP's should screw right the hell off and stay away from my data. Im already forced to use a VPN to access some IPTV services as well as certain sites they decided i should not have access to. ISP's need to have less to do with "protecting customers" not more.

Im an adult, i can make my own decisions, i dont need my ISP trying to babysit me, its insulting.
 
Im an adult, i can make my own decisions, i dont need my ISP trying to babysit me, its insulting.

I get wanting to reduce ISP control, but I'm actually for more ISP 'filtering' if it can be disabled / dialed back by the customer as desired.

When speaking to the average customer that ISPs service, well, having the ISP filter crap out helps keep everyone safe.
 
I get wanting to reduce ISP control, but I'm actually for more ISP 'filtering' if it can be disabled / dialed back by the customer as desired.

When speaking to the average customer that ISPs service, well, having the ISP filter crap out helps keep everyone safe.

Yes for sure if it can be disabled then thats one thing and then yes having filtering would be fine, if you can pick and choose whats being filtered. My particular ISP wont even admit they are filtering anything let alone let you disable it. Luckily there is another company laying fiber in the next year or so to my building so maybe i will be able to switch shortly.

Realistically though you can filter whatever you want with a good router, so ISP filtering is uneeded.
 
Realistically though you can filter whatever you want with a good router, so ISP filtering is uneeded.

Sure- my submission is mostly that the filtering should be enabled by default, but also manageable from the customer's gateway device.

For a home user that might be logging into the gateway page or even using an app, where I envision some combination of DNS filtering and blocking and IPS / inspection filtering and blocking, with network wide, client range, and specific clients in terms of granularity. Being able to see what's being passed, what's being blocked, and what isn't, with real descriptions of services etc., would be something that most consumers would be able to handle I think.

For the enterprise, perhaps something similar in terms of implementation but with more granularity and customization, and also perhaps with an API for integration into enterprise edge management frameworks.
 
The child-like rantings of a loose nut behind the keyboard best to be ignored and never spoken of again. :)

It's a legitimate question and the evidence is that many people have chimed in to add their thoughts.

It may not be advisable or even possible, but that does not detract from the question thank you very much.
Even the President (past and present) is frequently called an idiot by the peanut gallery. Fortunately they carry on regardless of the disrespectful people and the frivolous background chatter.

The internet has made tuff guys out of little nobodies with nothing to contribute. I'll leave to your imagination who I might be referring to.
 
Sure- my submission is mostly that the filtering should be enabled by default, but also manageable from the customer's gateway device.

For a home user that might be logging into the gateway page or even using an app, where I envision some combination of DNS filtering and blocking and IPS / inspection filtering and blocking, with network wide, client range, and specific clients in terms of granularity. Being able to see what's being passed, what's being blocked, and what isn't, with real descriptions of services etc., would be something that most consumers would be able to handle I think.

For the enterprise, perhaps something similar in terms of implementation but with more granularity and customization, and also perhaps with an API for integration into enterprise edge management frameworks.

Good suggestions.

But wouldn't the argument for a bit more protection lie in fact that breeches have occurred at the DOD, FBI, Major banks and millions of smaller websites where data has been stolen.
If those people cannot keep the bad guys out how can the rest of us? we don't have anywhere near the resources they do.
 
  • Like
Reactions: x509
like this
ITT: people that don't understand networking begging ISPs to do the one thing they never should: mess with your packets.

Bad enough that its considered SOP to fuck with your UDP/53: a "feature" shoved onto the unwashed masses you have to opt out of by choosing real DNS sources.

I randomly discovered that verizon is also messing with ICMP traffic as well, easy workaround for now.
 
But wouldn't the argument for a bit more protection lie in fact that breeches have occurred at the DOD, FBI, Major banks and millions of smaller websites where data has been stolen.

Nearly all of these are due to institutional incompetence. Others can be pinned to insiders. Usually, it's a bit of both.

Here, while a consumer lacks the benefit of defense in depth (unless ISPs help!), they also are far more agile and present a far smaller attack surface.

ITT: people that don't understand networking begging ISPs to do the one thing they never should: mess with your packets.

This is the basic deal with the devil, really. On the one hand, ISPs doing defensive filtering can be a great thing, and on the other, there's no guarantee that they'd limit their intrusion just to defense.
 
ITT: people that don't understand networking begging ISPs to do the one thing they never should: mess with your packets.

Bad enough that its considered SOP to fuck with your UDP/53: a "feature" shoved onto the unwashed masses you have to opt out of by choosing real DNS sources.

I randomly discovered that verizon is also messing with ICMP traffic as well, easy workaround for now.

Sometimes even using real DNS sources they will NAT your UDP/53 traffic to your ISP DNS.
 
Nearly all of these are due to institutional incompetence. Others can be pinned to insiders. Usually, it's a bit of both.

Here, while a consumer lacks the benefit of defense in depth (unless ISPs help!), they also are far more agile and present a far smaller attack surface.

I think a core issue for governments and private companies is a lack of sufficient skilled personnel. There just aren't enough of those to go around. Also, some companies still don't get it. For example, the Target breach of a few years ago happened because the CSO or CIO asked for more resources for security but had the request denied. That didn't save them from getting fired, of course. :confused:

Check out my 'nym.:D

x509
 
I think a core issue for governments and private companies is a lack of sufficient skilled personnel. There just aren't enough of those to go around.

A big issue I see is that the available resources could be better pooled, but are not. Obviously this is harder for enterprises to do but on the government side, well, they're failing spectacularly.
 
I know I haven't been around here very long by most standards, but I suspect this will still resonate with some of you -

With all these health issues befalling us, I was reflecting that it wasn't that long ago I was quite invincible. I remember it clearly and fondly. What a severe difference only a few years makes, doesn't it? I'm beginning to think I should stop burning the candle at both ends, or at least consider it.

I think a core issue for governments and private companies is a lack of sufficient skilled personnel. There just aren't enough of those to go around. Also, some companies still don't get it. For example, the Target breach of a few years ago happened because the CSO or CIO asked for more resources for security but had the request denied. That didn't save them from getting fired, of course. :confused:

Check out my 'nym.:D

x509


This +1000. The amount of configuring that has to be done on routers & firewalls is staggering, add in the outbound proxying and you can barely keep up. ID10T users clicking on links in emails (or just opening emails) is the primary access method for bad actors now, so having to filter/scan ALL emails in and out is now a growing segment. The 800.x NIST "best practices" & CERT guidelines are just the start of keeping relatively secure.
 
Back
Top