An ISP - Internet Service Provider - is a company that provides a gateway to the Internet for individuals and companies. In its simplest form, connecting to the Internet requires a telephone line to dial up an ISP using a computer and modem. The ISP then provides the route onto the Internet.
Choosing an Internet Service Provider requires a simple first step. Ask yourself: "What do I want to use the Internet for?" If you can answer this, you can then start to work out your requirements.
Answers to the question "What do I want to use the Internet for?" can include:
- How much will I use the Internet each month?
- What time of day will I use it?
- Do I need web space?
- Is customer support important to me?
- How many e-mail addresses will I need?
- Can the ISP support online payments?
- How much does it cost?
Another question to ask is “How long has the ISP been in business?” This might not seem important but in this industry ISP’s come and go quite regularly. Running an ISP requires extensive computer knowledge, experience and quality hardware, not to mention a reliable line into the Internet, plenty of good modems and adequate customer support.
Different types of Internet service
Dial-up: connects to the ISP using a modem. This is the most basic, slowest and cheapest option.
DSL: popular high speed internet service. It uses a regular telephone line to connect to the InternetHealth Fitness Articles, however it is faster that dial-up and allows you to access the Internet and use the phone at the same time.
Cable: high speed Internet service that uses your TV cable.
Satellite: It connects to the Internet using a satellite dish. It is more expensive than other options but allows people leaving in isolated areas to access the Internet.
Wireless: Connect to the Internet while you are away from home. Allows people to travel with their laptops and access the Internet from hot spots worldwide.
T1: very high speed internet service special for businesses.
The next step should be to start calling the Internet Service Providers in your area or visiting their websites for more information. A good way to find out about a particular ISP in your area is to ask people who use it or try it yourself. On the Internet there are good ISP's directories that you may want to visit as well.
http://www.articlesfactory.com/articles/communication/how-to-choose-an-internet-service-provider.html
Thursday, October 11, 2007
The Plague Upon Us
Posing this question is not intended to make light of the threat. Viruses are proliferating at a phenomenal rate, causing enormous damage. According to Computer Economics, the worldwide economic impact of malicious code attacks in 2001 topped $13.2B. Nimda alone infected over two million servers and 700,000 PCs in just 24 hours. Downtime and recovery from this single worm rang up a $635M price-tag last year. And there's more to come: Eight months after being released into the wild, Nimda remained on the top ten list of viruses detected last week.
SonicWALL claims there are over 50,000 known viruses, with 200 to 800 new viruses discovered every month. This month, the new kid on the block is W32/Klez. According to Sophos, Klez-G and H accounted for 77.8 percent of all virus activity last week. Klez propagates with its own SMTP engine, mailing itself to addresses harvested from Windows address books, ICQ lists, text files, Word documents, Acrobat files—even cached Web pages. By exploiting an old Microsoft Outlook preview pane vulnerability, Klez spreads without requiring naïve users to execute file attachments.
McAfee, Symantec, TrendMicro, Sophos, and other AV vendors quickly supplied Klez signature updates and disinfectant programs. But after these vendors finally wrestle Klez variants into submission, another prolific worm is sure to follow. According to ICSA, 87 percent of major virus infections today are carried by e-mail. Business use of e-mail has become so mission-critical that reacting to new threats by temporarily blocking all incoming e-mail or file attachments is impractical, prohibitively expensive, and ultimately doomed to failure.
An effective antidote?
Virus protection is clearly warranted, but where are AV measures best deployed? Major AV software vendors produce a dizzying array of products for desktops, PDAs, mail servers, Web servers, Web caches, file servers, and firewalls. Some even market AV appliances: turnkey hardware dedicated solely to virus scanning. What are the benefits of virus scanning in each of these locations? Is there value in scanning at all of these locations?
Stand-alone AV products like McAfee VirusScan, Norton AntiVirus, Trend Micro PC-cillin, and F-Secure Anti-Virus Personal Edition are appropriate for individual users and small businesses. These desktop scanners are foot soldiers—our first and last line of defense in the war against computer viruses. However, end users retain control over repair, quarantine, and delete actions taken when a virus is detected. Furthermore, although most of these products can automatically download updates, users may disable auto-update, suspend scanning, or remove the product entirely. A survey conducted by Central Commands found that 25 percent of all users neglect to install or update their AV software.
Boris Yanovsky, Director of Software Engineering at SonicWALL, strongly recommends using some mechanism to enforce timely updates. "This is where the concept of time to protection comes in: the time between a virus being released into the wild and the time to distribute and install updates," said Yanovsky. "On average, time to protection is 48 hours. That is only for highly publicized attacks where people realize they need to install an update."
Forced inoculation
For central AV enforcement, larger enterprises typically use products like F-Secure Anti-Virus for Desktops & Laptops, Norton AntiVirus (NAV) Corporate Edition, McAfee VirusScan Thin Client, Trend Micro OfficeScan, and Sophos AntiVirus. Such products can provide a single point of control for cross-platform policy management, virus event monitoring, automated response, and large-scale deployment of updates and remedies. These products also use volume licensing to reduce cost. For example, one retailer that sells single-user NAV for $52.47 sells NAV Corporate Edition from $30.58 for 10-24 users, dropping to $12.66 for 5,000-9,999 users.
Smaller companies can also benefit from central AV enforcement but may lack the IT staff to administer it. In this case, consider enforcing desktop AV updates with an Internet security appliance like SonicWALL. This appliance prevents users from accessing the Internet unless they have current virus protection installed on their desktops. "This is safer because updates are deployed upon release, in fastest possible time, protecting against users who would uninstall or turn off AV," said Yanovsky. But comparing total cost of ownership is difficult. For example, one retailer sells the SonicWALL SOHO3 for $820 with a 50-user AV upgrade for $1,300. Although these AV licenses alone may be similarly priced, how do you quantify the "hidden cost" of administration?
Multi-tier protection
Centrally administered desktop AV is popular and, by most accounts, highly effective. However, many security experts recommend complementing best practices—this includes, eliminating unused services, applying patches, maintaining security logs, and auditing them for suspicious activity—with multi-tiered virus protection.
"Considering the prevalence and proliferation of e-mail borne viruses, desktop AV is necessary but is no longer sufficient," said Fred Avolio, principal of Avolio Consulting. "I recommend to my clients, supplementing desktop AV (which also deals with viruses from mobile PC and removable disks, as well) with AV software on either the firewall or the e-mail server. And I recommend that priority order: desktop first, firewall or server next."
Software deployment is simpler when there are fewer copies to administer. As Trend Micro put it, "When a threat like the LoveLetter can spread around the world in less than an hour, the time required to update all networked PCs is completely inadequate [and] can cost a business millions of dollars. On the other hand, a handful of Internet and E-mail gateways can be updated in a matter of minutes."
Gateway scanning can also be more efficient. An infected document on a file server can spread rapidly to networked clients. Even if desktop AV detects the virus on file access, it is computationally less expensive—and less risky—to repair, quarantine, or delete the virus at the source. Similarly, malicious mail attachments that are stripped at the SMTP or POP server never get the chance to spread to unprotected desktops or PDAs.
Despite these added efficiencies, gateway AV should not be used alone. Scanning at the mail server, Web server, or firewall may stop Internet-borne viruses, but cannot prevent propagation by other vectors—notably, the floppies, zip drives, and CDs that carry files (and viruses) from home to office to customer site and back again. Scanning at the gateway and desktop is a one-two punch that provides more comprehensive coverage.
http://www.isp-planet.com/technology/2002/antivirus.html
SonicWALL claims there are over 50,000 known viruses, with 200 to 800 new viruses discovered every month. This month, the new kid on the block is W32/Klez. According to Sophos, Klez-G and H accounted for 77.8 percent of all virus activity last week. Klez propagates with its own SMTP engine, mailing itself to addresses harvested from Windows address books, ICQ lists, text files, Word documents, Acrobat files—even cached Web pages. By exploiting an old Microsoft Outlook preview pane vulnerability, Klez spreads without requiring naïve users to execute file attachments.
McAfee, Symantec, TrendMicro, Sophos, and other AV vendors quickly supplied Klez signature updates and disinfectant programs. But after these vendors finally wrestle Klez variants into submission, another prolific worm is sure to follow. According to ICSA, 87 percent of major virus infections today are carried by e-mail. Business use of e-mail has become so mission-critical that reacting to new threats by temporarily blocking all incoming e-mail or file attachments is impractical, prohibitively expensive, and ultimately doomed to failure.
An effective antidote?
Virus protection is clearly warranted, but where are AV measures best deployed? Major AV software vendors produce a dizzying array of products for desktops, PDAs, mail servers, Web servers, Web caches, file servers, and firewalls. Some even market AV appliances: turnkey hardware dedicated solely to virus scanning. What are the benefits of virus scanning in each of these locations? Is there value in scanning at all of these locations?
Stand-alone AV products like McAfee VirusScan, Norton AntiVirus, Trend Micro PC-cillin, and F-Secure Anti-Virus Personal Edition are appropriate for individual users and small businesses. These desktop scanners are foot soldiers—our first and last line of defense in the war against computer viruses. However, end users retain control over repair, quarantine, and delete actions taken when a virus is detected. Furthermore, although most of these products can automatically download updates, users may disable auto-update, suspend scanning, or remove the product entirely. A survey conducted by Central Commands found that 25 percent of all users neglect to install or update their AV software.
Boris Yanovsky, Director of Software Engineering at SonicWALL, strongly recommends using some mechanism to enforce timely updates. "This is where the concept of time to protection comes in: the time between a virus being released into the wild and the time to distribute and install updates," said Yanovsky. "On average, time to protection is 48 hours. That is only for highly publicized attacks where people realize they need to install an update."
Forced inoculation
For central AV enforcement, larger enterprises typically use products like F-Secure Anti-Virus for Desktops & Laptops, Norton AntiVirus (NAV) Corporate Edition, McAfee VirusScan Thin Client, Trend Micro OfficeScan, and Sophos AntiVirus. Such products can provide a single point of control for cross-platform policy management, virus event monitoring, automated response, and large-scale deployment of updates and remedies. These products also use volume licensing to reduce cost. For example, one retailer that sells single-user NAV for $52.47 sells NAV Corporate Edition from $30.58 for 10-24 users, dropping to $12.66 for 5,000-9,999 users.
Smaller companies can also benefit from central AV enforcement but may lack the IT staff to administer it. In this case, consider enforcing desktop AV updates with an Internet security appliance like SonicWALL. This appliance prevents users from accessing the Internet unless they have current virus protection installed on their desktops. "This is safer because updates are deployed upon release, in fastest possible time, protecting against users who would uninstall or turn off AV," said Yanovsky. But comparing total cost of ownership is difficult. For example, one retailer sells the SonicWALL SOHO3 for $820 with a 50-user AV upgrade for $1,300. Although these AV licenses alone may be similarly priced, how do you quantify the "hidden cost" of administration?
Multi-tier protection
Centrally administered desktop AV is popular and, by most accounts, highly effective. However, many security experts recommend complementing best practices—this includes, eliminating unused services, applying patches, maintaining security logs, and auditing them for suspicious activity—with multi-tiered virus protection.
"Considering the prevalence and proliferation of e-mail borne viruses, desktop AV is necessary but is no longer sufficient," said Fred Avolio, principal of Avolio Consulting. "I recommend to my clients, supplementing desktop AV (which also deals with viruses from mobile PC and removable disks, as well) with AV software on either the firewall or the e-mail server. And I recommend that priority order: desktop first, firewall or server next."
Software deployment is simpler when there are fewer copies to administer. As Trend Micro put it, "When a threat like the LoveLetter can spread around the world in less than an hour, the time required to update all networked PCs is completely inadequate [and] can cost a business millions of dollars. On the other hand, a handful of Internet and E-mail gateways can be updated in a matter of minutes."
Gateway scanning can also be more efficient. An infected document on a file server can spread rapidly to networked clients. Even if desktop AV detects the virus on file access, it is computationally less expensive—and less risky—to repair, quarantine, or delete the virus at the source. Similarly, malicious mail attachments that are stripped at the SMTP or POP server never get the chance to spread to unprotected desktops or PDAs.
Despite these added efficiencies, gateway AV should not be used alone. Scanning at the mail server, Web server, or firewall may stop Internet-borne viruses, but cannot prevent propagation by other vectors—notably, the floppies, zip drives, and CDs that carry files (and viruses) from home to office to customer site and back again. Scanning at the gateway and desktop is a one-two punch that provides more comprehensive coverage.
http://www.isp-planet.com/technology/2002/antivirus.html
Battening Down SNMP
Tuesday's CERT advisory about the Simple Network Management Protocol (SNMP) is making headlines, but what can you do to protect yourself against these vulnerabilities?
Find vulnerabilities
First, determine where SNMP [definition] may be running in your network. Even if you do not actively use SNMP to manage your network or systems, you may still be vulnerable. SNMP provides a platform for distribution management: many network management systems (NMSs) use the SNMP protocol to listen to alarms and retrieve or modify configurable parameters from any networked device. This of course requires every device to have an SNMP agent—a daemon that sends alarms (TRAPS) and listens for incoming GET and SET requests.
Standardized a decade ago, SNMP agents are nearly as common today as TCP/IP itself. Agent daemons are commonly included in switches, routers, firewalls, VPN gateways, Web caches, load balancers, remote access servers, bridges, wireless access points—nearly any network device suitable for enterprise or ISP deployment. To enable remote management of hosts and servers, SNMP agents are embedded in nearly every commercial operating system, from Solaris and RedHat Linux to Microsoft Windows. With the exception of truly entry-level home networks, odds are that your network includes SNMP agents.
Search and destroy
However, just because SNMP code is available for your operating system does not necessarily mean that you are vulnerable. Most (but not all) of the vulnerabilities reported in the CERT advisory require the SNMP agent daemon to be running, listening to UDP/161 and/or sending to UDP/162. Ports used by SNMP extensions include TCP/199 and TCP/705.
To determine where SNMP exists in your network, invoke "netstat" or the equivalent from the command line on every node, looking for these ports. Check task lists, looking for processes named snmp(d) or snmptrap(d). Use a LAN analyzer like NAI Sniffer or shareware Ethereal to capture traffic, looking for packets to or from these ports. Run a scanner like WebTrends Security Analyzer or shareware NMAP to probe these ports. (Please remember that even a well-intentioned port scan may be interpreted as an attempted intrusion; scan only network nodes that belong to you!)
CERT recommends disabling all unnecessary services; that includes SNMP managers and agents. If you are not actively using SNMP or just had it enabled for testing, turn those SNMP daemons off! On Windows hosts, find the SNMP or SNMP Trap Service in the Services Control panel, stop the service, and set startup type to disabled or manual. On RedHat, use linuxconf Service Control to stop the snmpd from automatically running at boot time. On Cisco gear running IOS, use the config command to enter "no snmp-server". On other devices, use help to find the configuration knobs that control services—it is not enough to kill the running task; you need to stop the task from being restarted automatically at boot time. If practical, remove the SNMP service or package to completely eliminate vulnerability.
Bolt the door
Eliminating SNMP is not always practical. If you rely on SNMP for remote monitoring or administration—even if you disable SNMP but leave the code installed— there are steps you should take to reduce the risk of intrusion and exploit.
SNMPv1 uses community strings—text passwords—to provide weak authentication. In theory, agents and managers ignore SNMP messages unless they carry a valid community string for the requested operation. Unfortunately, many hardware and software products that support SNMP ship with defaults that permit GET and SET operations with "public" and "private" community strings. Like any password, community strings should always be set to hard-to-guess, non-default values.
Never rely on community strings to keep outsiders away. In SNMPv1, community strings are carried in plaintext—they can be sniffed rather easily by anyone else on the LAN. SNMPv3 uses encrypted authentication, but few products in the field today use this newest version of the protocol. In some cases, it may be feasible to secure your management traffic—for example, by using PPTP, IPsec, or SSH to tunnel SNMP between the manager and agent.
Community string vulnerabilities have been known for a long time; if you use SNMP, employ the strongest authentication and privacy mechanisms you can muster. However, this week's CERT advisory is a clear indication that authentication by itself is insufficient.
The vulnerabilities uncovered by the Oulu University Secure Programming Group (OUSPG) include a number of attacks that do not require a valid community string to compromise the target.
http://www.isp-planet.com/technology/2002/snmp_lock.html
Find vulnerabilities
First, determine where SNMP [definition] may be running in your network. Even if you do not actively use SNMP to manage your network or systems, you may still be vulnerable. SNMP provides a platform for distribution management: many network management systems (NMSs) use the SNMP protocol to listen to alarms and retrieve or modify configurable parameters from any networked device. This of course requires every device to have an SNMP agent—a daemon that sends alarms (TRAPS) and listens for incoming GET and SET requests.
Standardized a decade ago, SNMP agents are nearly as common today as TCP/IP itself. Agent daemons are commonly included in switches, routers, firewalls, VPN gateways, Web caches, load balancers, remote access servers, bridges, wireless access points—nearly any network device suitable for enterprise or ISP deployment. To enable remote management of hosts and servers, SNMP agents are embedded in nearly every commercial operating system, from Solaris and RedHat Linux to Microsoft Windows. With the exception of truly entry-level home networks, odds are that your network includes SNMP agents.
Search and destroy
However, just because SNMP code is available for your operating system does not necessarily mean that you are vulnerable. Most (but not all) of the vulnerabilities reported in the CERT advisory require the SNMP agent daemon to be running, listening to UDP/161 and/or sending to UDP/162. Ports used by SNMP extensions include TCP/199 and TCP/705.
To determine where SNMP exists in your network, invoke "netstat" or the equivalent from the command line on every node, looking for these ports. Check task lists, looking for processes named snmp(d) or snmptrap(d). Use a LAN analyzer like NAI Sniffer or shareware Ethereal to capture traffic, looking for packets to or from these ports. Run a scanner like WebTrends Security Analyzer or shareware NMAP to probe these ports. (Please remember that even a well-intentioned port scan may be interpreted as an attempted intrusion; scan only network nodes that belong to you!)
CERT recommends disabling all unnecessary services; that includes SNMP managers and agents. If you are not actively using SNMP or just had it enabled for testing, turn those SNMP daemons off! On Windows hosts, find the SNMP or SNMP Trap Service in the Services Control panel, stop the service, and set startup type to disabled or manual. On RedHat, use linuxconf Service Control to stop the snmpd from automatically running at boot time. On Cisco gear running IOS, use the config command to enter "no snmp-server". On other devices, use help to find the configuration knobs that control services—it is not enough to kill the running task; you need to stop the task from being restarted automatically at boot time. If practical, remove the SNMP service or package to completely eliminate vulnerability.
Bolt the door
Eliminating SNMP is not always practical. If you rely on SNMP for remote monitoring or administration—even if you disable SNMP but leave the code installed— there are steps you should take to reduce the risk of intrusion and exploit.
SNMPv1 uses community strings—text passwords—to provide weak authentication. In theory, agents and managers ignore SNMP messages unless they carry a valid community string for the requested operation. Unfortunately, many hardware and software products that support SNMP ship with defaults that permit GET and SET operations with "public" and "private" community strings. Like any password, community strings should always be set to hard-to-guess, non-default values.
Never rely on community strings to keep outsiders away. In SNMPv1, community strings are carried in plaintext—they can be sniffed rather easily by anyone else on the LAN. SNMPv3 uses encrypted authentication, but few products in the field today use this newest version of the protocol. In some cases, it may be feasible to secure your management traffic—for example, by using PPTP, IPsec, or SSH to tunnel SNMP between the manager and agent.
Community string vulnerabilities have been known for a long time; if you use SNMP, employ the strongest authentication and privacy mechanisms you can muster. However, this week's CERT advisory is a clear indication that authentication by itself is insufficient.
The vulnerabilities uncovered by the Oulu University Secure Programming Group (OUSPG) include a number of attacks that do not require a valid community string to compromise the target.
http://www.isp-planet.com/technology/2002/snmp_lock.html
Security Tools for the Budget Conscious ISP
Monitoring and maintaining the security of routers, switches, and servers can be an enormous task. The frequency of new Common Vulnerabilities and Exposures and viruses continues to rise, with 4 out of 5 of attacks now perpetrated over Internet connections. According to a Computer Crime Survey conducted by the FBI and CSI, 82 percent of surveyed companies fell prey to viruses last year, while 56 percent encountered unauthorized use, and 42 percent came under Denial of Service (DoS) attack. Indeed, many organizations spent days recovering from Slammer, Blaster, SoBig, and Welchia worms in 2003, despite widespread use of anti-virus software.
In times like these, casual best-effort defense is not good enough. To stem the rising tide, ISPs must take proactive steps to find and eliminate their own vulnerabilities, and must be prepared to react quickly and effectively when compromise occurs. Large companies can afford to buy enterprise-class security products and services, but smaller organizations are often caught between the proverbial rock and hard place. The cost of clean-up often exceeds the cost of prevention, but when you're operating on a razor-thin budget, shelling out capital for security tools can be tough.
Fortunately, open source and shareware security tools can bridge the gap between need and budget. This article provides an overview of essential network and system security tools, what they do, and why you need them. Part 2 of this article will identify not just commercial products, but open source and shareware tools that budget-conscious ISPs can use to create their own security toolbox.
An Ounce of Prevention
Even with open source, you'll still be spending time compiling, installing, and learning to use each security tool. And time is money, so why should you spend money on attack prevention?
Service Disruption: For most ISPs, network and server downtime translates directly into dollars and cents. During any service outage, your help desk will be the first to feel the pain. During a prolonged outage, contractual Service Level Agreements (SLAs) may kick in to impose financial penalties, usually in the form of service credits.
Subscriber Good Will: Those credits don't come close to covering the actual cost of downtime. According to In-Stat/MDR, the average e-business loses $125,000 per hour while offline. In competitive markets, customer acquisition is expensive and retention is tough. You don't want to squander subscriber good will due to downtime. Nor do you want subscribers to question your ability to keep their on-line resources safe and secure.
Service Restoration: Resurrecting failed network devices and servers can be expensive, even if you maintain recent backups. According to Computer Economics, the worldwide cost of cleaning up the Slammer worm exceeded $1.25 billion. In August 2003, the Blaster-SoBig-Welchia tab topped $2.5 billion in just one month.
Legal Liability: Civil or criminal prosecution may occur less often, but this risk is no less real. Anti-SPAM and music piracy have garnered more attention recently, but ISPs can also be held liable for attacks against others launched from compromised resources and for disclosure of confidential data during a break-in. ISPs may also be required to assist government investigation into cyber-attacks, pursuant to the Patriot Act. This analysis [.pdf] by Clint N. Smith, MCI vice president and chief network counsel, highlights the legal risks to ISPs and the benefits of the Patriot Act.
Only a lawyer (and not this article) and tell you what the law obligates you to do.
The potential cost of security incidents varies by geographic location and customer base, and some risks can be reduced through other measures (e.g., redundant or hot-standby resources to reduce downtime, carefully-crafted contracts and acceptable use policies to redirect liability, insurance policies). Nevertheless, taking some common sense steps to secure your network and systems can make good business sense.
http://www.isp-planet.com/technology/2004/security_toolkit_intro.html
In times like these, casual best-effort defense is not good enough. To stem the rising tide, ISPs must take proactive steps to find and eliminate their own vulnerabilities, and must be prepared to react quickly and effectively when compromise occurs. Large companies can afford to buy enterprise-class security products and services, but smaller organizations are often caught between the proverbial rock and hard place. The cost of clean-up often exceeds the cost of prevention, but when you're operating on a razor-thin budget, shelling out capital for security tools can be tough.
Fortunately, open source and shareware security tools can bridge the gap between need and budget. This article provides an overview of essential network and system security tools, what they do, and why you need them. Part 2 of this article will identify not just commercial products, but open source and shareware tools that budget-conscious ISPs can use to create their own security toolbox.
An Ounce of Prevention
Even with open source, you'll still be spending time compiling, installing, and learning to use each security tool. And time is money, so why should you spend money on attack prevention?
Service Disruption: For most ISPs, network and server downtime translates directly into dollars and cents. During any service outage, your help desk will be the first to feel the pain. During a prolonged outage, contractual Service Level Agreements (SLAs) may kick in to impose financial penalties, usually in the form of service credits.
Subscriber Good Will: Those credits don't come close to covering the actual cost of downtime. According to In-Stat/MDR, the average e-business loses $125,000 per hour while offline. In competitive markets, customer acquisition is expensive and retention is tough. You don't want to squander subscriber good will due to downtime. Nor do you want subscribers to question your ability to keep their on-line resources safe and secure.
Service Restoration: Resurrecting failed network devices and servers can be expensive, even if you maintain recent backups. According to Computer Economics, the worldwide cost of cleaning up the Slammer worm exceeded $1.25 billion. In August 2003, the Blaster-SoBig-Welchia tab topped $2.5 billion in just one month.
Legal Liability: Civil or criminal prosecution may occur less often, but this risk is no less real. Anti-SPAM and music piracy have garnered more attention recently, but ISPs can also be held liable for attacks against others launched from compromised resources and for disclosure of confidential data during a break-in. ISPs may also be required to assist government investigation into cyber-attacks, pursuant to the Patriot Act. This analysis [.pdf] by Clint N. Smith, MCI vice president and chief network counsel, highlights the legal risks to ISPs and the benefits of the Patriot Act.
Only a lawyer (and not this article) and tell you what the law obligates you to do.
The potential cost of security incidents varies by geographic location and customer base, and some risks can be reduced through other measures (e.g., redundant or hot-standby resources to reduce downtime, carefully-crafted contracts and acceptable use policies to redirect liability, insurance policies). Nevertheless, taking some common sense steps to secure your network and systems can make good business sense.
http://www.isp-planet.com/technology/2004/security_toolkit_intro.html
MSSP Survey Part 4:Managed Anti-Virus, Anti-Spam, and Web Filtering Services
MSSP Survey Part 4:
According to the 2004 CSI/FBI Computer Crime and Security report, 59 percent of companies experienced insider abuse of Internet access last year, and 4 out of 5 fell victim to virus attacks.
Statistics gathered by Sophos indicate that 6 percent of e-mail messages sent last month carried viruses, and new outbreaks are propagating faster. For example, within one day of its December release, Zafi-D infected 10 percent of sent mail.
Today's viruses often combine multiple exploits and transmission methods, creating a slippery mix that can prove costly to businesses that lack adequate protection.
Furthermore, despite criminal legislation like the US CAN-SPAM act, spam rates continue to increase. Today, 10 out of 12 e-mail messages are spam, increasing 65 percent over the past three years. According to Gartner, 74 percent of customers now believe that ISPs should filter spam, and 36 percent would switch providers to receive less spam.
Like Sisyphus rolling that boulder uphill, fighting Internet abuse, viruses, and spam can be overwhelming. Many companies throw staff and software at these problems without making a serious dent, because creating a solid defense requires security savvy, innovation, and continuous improvement. Out-tasking these IT burdens to a managed security specialist can increase effectiveness, often at reduced cost.
In this year's Managed Security Provider survey, we find continued growth in broader, deeper offerings that stop viruses, spam, and (to a lesser extent) improper Web use. As shown in this figure (see chart below), participating providers with Managed anti-virus (AV) services have nearly doubled since our first survey. Moreover, most AV services are now accompanied by anti-spam services, surveyed for the first time this year.
While virus scanning, spam blocking, and Web filtering are complementary services, each presents unique challenges. Some MSSPs offer as these services on a single (often network-based) platform, while others offer discrete services on a variety of platforms.
http://www.isp-planet.com/services/ids/index.html
According to the 2004 CSI/FBI Computer Crime and Security report, 59 percent of companies experienced insider abuse of Internet access last year, and 4 out of 5 fell victim to virus attacks.
Statistics gathered by Sophos indicate that 6 percent of e-mail messages sent last month carried viruses, and new outbreaks are propagating faster. For example, within one day of its December release, Zafi-D infected 10 percent of sent mail.
Today's viruses often combine multiple exploits and transmission methods, creating a slippery mix that can prove costly to businesses that lack adequate protection.
Furthermore, despite criminal legislation like the US CAN-SPAM act, spam rates continue to increase. Today, 10 out of 12 e-mail messages are spam, increasing 65 percent over the past three years. According to Gartner, 74 percent of customers now believe that ISPs should filter spam, and 36 percent would switch providers to receive less spam.
Like Sisyphus rolling that boulder uphill, fighting Internet abuse, viruses, and spam can be overwhelming. Many companies throw staff and software at these problems without making a serious dent, because creating a solid defense requires security savvy, innovation, and continuous improvement. Out-tasking these IT burdens to a managed security specialist can increase effectiveness, often at reduced cost.
In this year's Managed Security Provider survey, we find continued growth in broader, deeper offerings that stop viruses, spam, and (to a lesser extent) improper Web use. As shown in this figure (see chart below), participating providers with Managed anti-virus (AV) services have nearly doubled since our first survey. Moreover, most AV services are now accompanied by anti-spam services, surveyed for the first time this year.
While virus scanning, spam blocking, and Web filtering are complementary services, each presents unique challenges. Some MSSPs offer as these services on a single (often network-based) platform, while others offer discrete services on a variety of platforms.
http://www.isp-planet.com/services/ids/index.html
MSSP Survey Part 3:Managed Virtual Private Networking Services
MSSP Survey Part 3:
Most mobile workers now use some type of Virtual Private Network (VPN) to reach their corporate network; Infonetics projects that penetration will reach 74 percent this year. Despite a soft economy, the VPN appliance market is going strong; In-Stat/MDR expects revenue to top $4 billion by 2007.
Nonetheless, after nearly a decade in the field, secure VPN services continue to evolve. Headaches with IPSec VPN client software installation and configuration have prompted growth in "clientless" SSL VPNs for anytime/anywhere remote access. IPsec still dominates secure site-to-site VPNs, but now shares the field with MPLS for high-performance connectivity with manageable quality of service (QoS).
In this year's MSSP survey, we find that managed site-to-site (S2S) and remote access (RA) VPN services mirror these general VPN market trends:
* Most participants still offer one or more IPsec VPN services, but the percentage offering SSL VPN services has more than doubled since our 2003 survey. Several participants offer both IPsec and MPLS site-to-site VPN services that can be deployed alone or in conjunction with other VPN and managed security services.
* As in 2003, we see modest improvement in encryption strength, as Advanced Encryption Standard (AES) support grows and the aging Data Encryption Standard (DES) dwindles.
* Better yet, our 2004 survey shows a marked increase in support for stronger authentication options like digital certificates, RSA SecurID tokens, and other two-factor methods.
These trends merely scratch the surface of managed VPN features and service characteristics. To better appreciate the breadth of available VPN services, network topologies, security options, administrative procedures, and bundled or add-on options, read on...
Why Outsource VPN Services?
MSSPs deliver Managed VPN services by taking on responsibility for VPN gateway installation, configuration, and (typically) 24x7x365 monitoring from a Security Operations Center (SOC). Many managed VPN offerings can still be purchased as firewall add-ons, but most the providers in our survey also offer standalone VPN-centric services, often based on MPLS-capable routers or SSL/IPsec VPN concentrators.
Depending upon the service, managed VPN hardware can be purchased up-front, rented from the provider, or (most often) bundled into the offering. Managed VPNs thus tend to reduce capital equipment investment and speed deployment vs. in-house VPNs.
Customers can also cut ongoing IT costs by offloading many routine VPN administration tasks to their provider, while retaining ownership of security, performance, and authorization policies. That is, customers still decide who should be permitted access VPN resources, from where, using which crypto methods, over which class(es) of service. Providers work with customers to identify these business needs and then implement a VPN to support them.
http://www.isp-planet.com/technology/2005/mssp3.html
Most mobile workers now use some type of Virtual Private Network (VPN) to reach their corporate network; Infonetics projects that penetration will reach 74 percent this year. Despite a soft economy, the VPN appliance market is going strong; In-Stat/MDR expects revenue to top $4 billion by 2007.
Nonetheless, after nearly a decade in the field, secure VPN services continue to evolve. Headaches with IPSec VPN client software installation and configuration have prompted growth in "clientless" SSL VPNs for anytime/anywhere remote access. IPsec still dominates secure site-to-site VPNs, but now shares the field with MPLS for high-performance connectivity with manageable quality of service (QoS).
In this year's MSSP survey, we find that managed site-to-site (S2S) and remote access (RA) VPN services mirror these general VPN market trends:
* Most participants still offer one or more IPsec VPN services, but the percentage offering SSL VPN services has more than doubled since our 2003 survey. Several participants offer both IPsec and MPLS site-to-site VPN services that can be deployed alone or in conjunction with other VPN and managed security services.
* As in 2003, we see modest improvement in encryption strength, as Advanced Encryption Standard (AES) support grows and the aging Data Encryption Standard (DES) dwindles.
* Better yet, our 2004 survey shows a marked increase in support for stronger authentication options like digital certificates, RSA SecurID tokens, and other two-factor methods.
These trends merely scratch the surface of managed VPN features and service characteristics. To better appreciate the breadth of available VPN services, network topologies, security options, administrative procedures, and bundled or add-on options, read on...
Why Outsource VPN Services?
MSSPs deliver Managed VPN services by taking on responsibility for VPN gateway installation, configuration, and (typically) 24x7x365 monitoring from a Security Operations Center (SOC). Many managed VPN offerings can still be purchased as firewall add-ons, but most the providers in our survey also offer standalone VPN-centric services, often based on MPLS-capable routers or SSL/IPsec VPN concentrators.
Depending upon the service, managed VPN hardware can be purchased up-front, rented from the provider, or (most often) bundled into the offering. Managed VPNs thus tend to reduce capital equipment investment and speed deployment vs. in-house VPNs.
Customers can also cut ongoing IT costs by offloading many routine VPN administration tasks to their provider, while retaining ownership of security, performance, and authorization policies. That is, customers still decide who should be permitted access VPN resources, from where, using which crypto methods, over which class(es) of service. Providers work with customers to identify these business needs and then implement a VPN to support them.
http://www.isp-planet.com/technology/2005/mssp3.html
Subscribe to:
Posts (Atom)