Firewall stall

Requiring ISPs to provide personal firewalls is no worse than requiring automakers to install seat belts

IT LOOKS LIKEone of my pet projects isn’t going anywhere for a while. I’m speaking of a proposal being kicked around as part of the U.S. government’s cybersecurity plan that would require ISPs to provide personal firewalls to their customers. According to early drafts of the “National Strategy to Secure Cyberspace” — which is merely a collection of recommendations — an obviously good idea is getting the kibosh.

As most of you know, I’m usually against anything that the government wants to ram down the throats of the unwilling. But being a sensible person, I’m willing to make exceptions. If you want precedents, look at automobiles — after all, we put up with all kinds of guff from the state in the name of safety on the road. Between helmet laws, seat-belt statutes, and child car-seat requirements, there exists a level of intrusion that would make any true libertarian gibber with rage.

But even I can see the sense behind those laws and regulations; if the people are too stubborn to protect themselves, someone else (read: Uncle Sam) is going to have to do it for them. Seat belts were optional for years before they became required equipment; child car-seats are an even more recent innovation. Family legend has it that I took my first steps in the backseat of a car flying down a then brand-new freeway. Today, my mother would be locked up for letting that happen.

So if we accept the need for a minimum level of safety equipment in our cars, why can’t we agree on similar standards for computers?

Few, if any, ISPs are thrilled about the prospect of having to harden their customer premises equipment. The broadband business is cutthroat as it is; profit margins are thin or nonexistent, and many customers in the home and small-office category can barely configure TCP/IP on their computers, much less deal with even simple, software-based personal firewalls.

Now, it may seem odd to some that in a space devoted to enterprise computing security, I’m complaining about the lack of protection for individuals and small businesses. But think about the “outsiders” — contractors and freelancers, to say nothing of regular employees — who are working from home and have access to your corporate network. Multiply that by 1,000 or 10,000, and I hope you begin to understand why I’m concerned about the little people.

I’m from the school where an ounce of prevention is worth a pound of cure. Judging from the attacks recorded in the logs of the firewalls here at chez Peej, there’s a lot to prevent, too. People are still trying to use that tired old SubSeven attack on me, for example. I don’t want my ISP to filter network traffic in a misguided attempt at protection, the NetBIOS protocol used by Windows machines being an exception.

But if an ISP sent me a CD with a firewall from Symantec, Zone Labs, or another reputable firm, I’d know they were at least trying to get on top of this security problem.

Source: www.infoworld.com