Re: OT: Educating users about Security

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Siri Amrit Kaur
Date:  
To: plug-discuss
Subject: Re: OT: Educating users about Security
On Saturday 13 November 2004 09:17 pm, Jim kindly wrote:
> I read once in The Register about an ISP that had an interesting way to
> handle customers' machines that are compromised.
>
> The first thing they do is warn the customer and tell them what to do in
> order to correct the problem.
>
> If the incident is severe enough, the ISP immediately suspends the
> customer's account.
>
> If the incident is not so severe, the customer is given time to correct
> the problem. If the deadline passes and the problem remains, the
> customer's account is suspended until the problem is corrected.
>
> I would be in favor of ISPs monitoring customers network traffic in order
> to find compromised machines. If one is found, it's account should be
> suspended until the owner corrects the problem. This would motivate
> people to get anti virus software, a firewall and keep it all updated.


I second that emotion.

If my boss lets us back on the internet with the changes I'm going to suggest
(thanks to all of you!), I'm going to recommend he tell everyone that their
internet access will be directly related to their internet behavior. And then
give them a short list of non-negotiable do's and dont's that they have to
agree to...

Siri Amrit
>
> --
> In 08 vote for a crook you can trust.
> Del Boy for President.
> http://www.ofah.net
>
> On Sat, 13 Nov 2004, Siri Amrit Kaur wrote:
> > How do you explain the security risks of viruses, worms, spyware, etc. to
> > people who need to take security seriously, but have NO technical
> > background and don't want to believe that:
> >
> > 1. Their home computers are vulnerable.
> > ("When I bought it 3 years ago it had Norton on it. Have I updated it? I
> > think it does that automatically. You mean I have to pay for Norton?")
> >
> > 2. They have anything on their computer that anybody would want.
> >
> > 3. Bad guys would ever crack "their" computer
> >
> > 4. Having their computer used for Distributed Denial of Service attacks
> > matters because they don't understand what a "server" is, therefor it
> > can't be a big deal.
> >
> > 5. Keystroke loggers really can trace their sensitive data.
> > (I don't believe that happens, but even if it does, who cares if their
> > bank account gets raided? You just log a fraud complaint with the bank!
> > Identity theft? I don't really believe it would happen to me!)
> >
> > 6. Their computer could be used as a porn server
> > ("What's a 'server'? You're just paranoid. I don't believe it and I don't
> > have time to go to the websites you recommend or read the stuff from CERT
> > you printed up for me")
> >
> > I've tried to explain to them what can happen to compromised systems. No
> > matter what I say, no matter how much I try to dumb-it-down for them,
> > they don't "get" it, their eyes glaze over and they and ultimately
> > respond with "But I don't care." Their level of denial and deliberate
> > naivete is dumbfounding!
> >
> > So, "how do you solve a problem like Maria?"
> >
> >
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list -
> > To subscribe, unsubscribe, or to change you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss