Why Don't ISP's Do More to Protect Customers?

Discussion in 'Networking & Security' started by Barometer, May 6, 2019.

  1. scrappymouse

    scrappymouse n00b

    Messages:
    32
    Joined:
    Mar 18, 2016
  2. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,398
    Joined:
    Oct 4, 2007
    What is this thread.
     
  3. Nicklebon

    Nicklebon Gawd

    Messages:
    550
    Joined:
    May 22, 2006
    The child-like rantings of a loose nut behind the keyboard best to be ignored and never spoken of again. :)
     
    Aluminum likes this.
  4. Rifter0876

    Rifter0876 [H]Lite

    Messages:
    102
    Joined:
    Nov 1, 2017
    ISP's should screw right the hell off and stay away from my data. Im already forced to use a VPN to access some IPTV services as well as certain sites they decided i should not have access to. ISP's need to have less to do with "protecting customers" not more.

    Im an adult, i can make my own decisions, i dont need my ISP trying to babysit me, its insulting.
     
  5. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,669
    Joined:
    Jun 13, 2003
    I get wanting to reduce ISP control, but I'm actually for more ISP 'filtering' if it can be disabled / dialed back by the customer as desired.

    When speaking to the average customer that ISPs service, well, having the ISP filter crap out helps keep everyone safe.
     
  6. Nicklebon

    Nicklebon Gawd

    Messages:
    550
    Joined:
    May 22, 2006
    Taking my own advice and ignoring the whiny child.
     
    Last edited: May 15, 2019
  7. Rifter0876

    Rifter0876 [H]Lite

    Messages:
    102
    Joined:
    Nov 1, 2017
    Yes for sure if it can be disabled then thats one thing and then yes having filtering would be fine, if you can pick and choose whats being filtered. My particular ISP wont even admit they are filtering anything let alone let you disable it. Luckily there is another company laying fiber in the next year or so to my building so maybe i will be able to switch shortly.

    Realistically though you can filter whatever you want with a good router, so ISP filtering is uneeded.
     
  8. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,669
    Joined:
    Jun 13, 2003
    Sure- my submission is mostly that the filtering should be enabled by default, but also manageable from the customer's gateway device.

    For a home user that might be logging into the gateway page or even using an app, where I envision some combination of DNS filtering and blocking and IPS / inspection filtering and blocking, with network wide, client range, and specific clients in terms of granularity. Being able to see what's being passed, what's being blocked, and what isn't, with real descriptions of services etc., would be something that most consumers would be able to handle I think.

    For the enterprise, perhaps something similar in terms of implementation but with more granularity and customization, and also perhaps with an API for integration into enterprise edge management frameworks.
     
  9. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    It's a legitimate question and the evidence is that many people have chimed in to add their thoughts.

    It may not be advisable or even possible, but that does not detract from the question thank you very much.
    Even the President (past and present) is frequently called an idiot by the peanut gallery. Fortunately they carry on regardless of the disrespectful people and the frivolous background chatter.

    The internet has made tuff guys out of little nobodies with nothing to contribute. I'll leave to your imagination who I might be referring to.
     
  10. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012

    Good suggestions.

    But wouldn't the argument for a bit more protection lie in fact that breeches have occurred at the DOD, FBI, Major banks and millions of smaller websites where data has been stolen.
    If those people cannot keep the bad guys out how can the rest of us? we don't have anywhere near the resources they do.
     
    x509 likes this.
  11. Aluminum

    Aluminum Gawd

    Messages:
    617
    Joined:
    Sep 18, 2015
    ITT: people that don't understand networking begging ISPs to do the one thing they never should: mess with your packets.

    Bad enough that its considered SOP to fuck with your UDP/53: a "feature" shoved onto the unwashed masses you have to opt out of by choosing real DNS sources.

    I randomly discovered that verizon is also messing with ICMP traffic as well, easy workaround for now.
     
    Cmustang87, Cypher- and Nicklebon like this.
  12. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,669
    Joined:
    Jun 13, 2003
    Nearly all of these are due to institutional incompetence. Others can be pinned to insiders. Usually, it's a bit of both.

    Here, while a consumer lacks the benefit of defense in depth (unless ISPs help!), they also are far more agile and present a far smaller attack surface.

    This is the basic deal with the devil, really. On the one hand, ISPs doing defensive filtering can be a great thing, and on the other, there's no guarantee that they'd limit their intrusion just to defense.
     
  13. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,398
    Joined:
    Oct 4, 2007
    Sometimes even using real DNS sources they will NAT your UDP/53 traffic to your ISP DNS.
     
  14. x509

    x509 [H]ard|Gawd

    Messages:
    1,687
    Joined:
    Sep 20, 2009
    I think a core issue for governments and private companies is a lack of sufficient skilled personnel. There just aren't enough of those to go around. Also, some companies still don't get it. For example, the Target breach of a few years ago happened because the CSO or CIO asked for more resources for security but had the request denied. That didn't save them from getting fired, of course. :confused:

    Check out my 'nym.:D

    x509
     
    IdiotInCharge likes this.
  15. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,669
    Joined:
    Jun 13, 2003
    A big issue I see is that the available resources could be better pooled, but are not. Obviously this is harder for enterprises to do but on the government side, well, they're failing spectacularly.
     
  16. pek

    pek prairie dog

    Messages:
    825
    Joined:
    Nov 7, 2005

    This +1000. The amount of configuring that has to be done on routers & firewalls is staggering, add in the outbound proxying and you can barely keep up. ID10T users clicking on links in emails (or just opening emails) is the primary access method for bad actors now, so having to filter/scan ALL emails in and out is now a growing segment. The 800.x NIST "best practices" & CERT guidelines are just the start of keeping relatively secure.