On Sun, 23 Feb 1997, Russ wrote:
> Last time I checked, very few Mom and Pop ISPs were even
> interested in putting up a Firewall to protect themselves. They're
> typically seeking every bps they can find out of their connections and
> not terribly interested in burdening themselves with either the
> administration or latency that a Firewall would introduce.
Most of the small ISPs with whom I've worked, had buddies who worked
there, known people, done lunch, etc., have actually been pretty security
conscious. In fact, most of them fit a fairly constant profile:
1) Undercapitalized. 8^)
3) Run (at least, the machines) by young guys new to Unix.
4) Pretty decent quality of administration. Nothing great, but most of
them had a clue what they were doing.
5) All of them were fairly security conscious.
A little disclaimer. Ever since I moved to Mindspring, I have had fairly
little contact with other ISPs. Most of this exposure was at my previous
job, where in one form or another I dealt with most of the ISPs in
Alabama. Alabama's not exactly known for its citizen's overall
technological prowess, but it's still a pretty good sample.
This was over a year ago, and in the interim, more people have started
doing the ISP gig using NT. Most of these people have been far less
technologically aware in general, network savy to be more specific, and
security-clueful to get to the crux of the matter, than are Unix people.
I think it's a cultural thing, a phenomenon on which I and others have
Anyway, long story short, I think that Mom & Pop ISPs are more security
aware than a lot of people give them credit for. Sure, there are tons of
idiots out there, but to say:
> very few Mom and Pop ISPs were even interested in putting up a Firewall
> to protect themselves.
is, I think, an overstatement. Far worse are the companys who get an ISDN
link or a T1 and slap their entire network onto it.
I don't think I'm going to touch the rest of the thread; it just looks
Todd Graham Lewis Mindspring Enterprises tlewis @