LINUX SECURITY --- June 26, 2001 Published by ITworld.com -- changing the way you view IT http://www.itworld.com/newsletters __________________________________________________________________________ ______ HIGHLIGHTS * After opening a can of worms with his article about an ISP's responsibilities, Rick responds to some readers' views on the issue. __________________________________________________________________________ ____ An ISP's Responsibility By Rick Johnson Last week's article caused quite a debate regarding the liabilities that an Internet Service Provider must burden. Each person's email that I received offered a different view, each with valid points. Keep in mind, this is just my opinion. Some readers feel an ISP is responsible for keeping users from doing anything illegal or immoral, even if this encroaches on the users' constitutional rights. On the other hand, some feel that users should be free to do whatever they want, placing the burden of stopping those acting inappropriately on the law enforcement community. My beliefs fall somewhere in the middle. I cut my teeth in the service provider market and, therefore, never seem to venture too far from that arena. Over the years, I've seen complaints on everything from stalking to kiddie porn, and from DDoS to outright hacking. I've always done my best to assist law enforcement whenever possible and if one of my users was the problem, then they were dealt with swiftly and fairly. Most ISPs post an acceptable use policy that subscribers must agree to or have their account cancelled. These policies include blanket statements covering everything from general illegal activities to spamming and hacking. Acceptable use policies are, basically, the laws governing the virtual state created by the service provider. Moreover, they legally protect the ISP if any questions were to arise. Rarely can the ISP foreshadow the events, or do anything to prevent them during the normal course of operations. An outside source must register a complaint before the issue becomes known. I hope that if you are registering a complaint, then it will be to a small ISP. They are usually staffed with people who actually care and will put forth the extra effort to do the right thing. Large ISPs don't take it personally because they simply don't have to. I fully support doing everything possible to prevent users from doing something bad; however, let's be realistic. As long as the subscribers stay on the right side of the law or, more importantly, do not generate any complaints from outside sources, then they will usually be left alone. While configuration changes can be made to the various daemons and routers, these are usually already in place if they follow best practices guidelines. Some of the possible configurations that are passed over are just too resource intensive to be cost effective and they simply cannot be justified as helping the business. That may sound cold in today's world of "Open Source" and "Free Standards", but most people are in this to make a profit, or at least pay the bills. Until the grocery stores stop charging me every time we go shopping, keeping a roof over our heads will have to come first. Hence, most of us do our open source programming during the midnight hours when all sane people are asleep. It's a labor of love, not money. About the author(s) ------------------- Rick Johnson is currently involved in a number of projects, none of which he can discuss at this time. Aren't non-disclosure agreements wonderful? When not involved with those, he heads the development team for PMFirewall, an Ipchains Firewall and Masquerading Configuration Utility for Linux. Rick can be contacted via email at rick@pointman.org or on the web at http://www.pointman.org. __________________________________________________________________________ ______
<<attachment: winmail.dat>>