ISPs should take lead in Internet security

Stephen Withers
Friday, 25 May 2007 14:05

Your IT - Home IT

A pioneer of network-layer spam blocking has called on ISPs to play a more active role in ensuring their customers' security.

The biggest threat to Internet security is the 125 million PCs that have been compromised and organised into botnets, according to Dave Rand, chief technologist, Internet content security at Trend Micro. Up to 17G per second of traffic can be brought to bear on a target by bot herders: enough to bring down practically any company, and more than the total bandwidth available to some nations.

The massive computational power provided by botnets might also be employed for other projects such as decrypting messages and documents thought to be secure.

Simple measures that could be taken by ISPs include improved customer education and blocking commonly misused ports, said Rand, adding that technically competent users should be able to unblock ports they need to use.

He also believes ISPs should take responsibility for the traffic that leaves their networks. In the 1990s, AOL was the largest source of spam on the Internet. Now, even though around half their customers are infected by malware, the company block malicious traffic as it attempts to leave the AOL network.

Even some fairly simple measures can help, he suggests. If an ISP sees 100 messages a minute coming from a PC, it is obviously not being generated by a human user.

"It is their [the ISP's] obligation to be aware of the traffic that's leaving their network," said Rand. Furthermore, ISPs are uniquely placed to relate an IP address to a specific accountholder, and this means they can alert customers whose PCs are generating malicious traffic.

"I'm not asking them to do this for free," he explained, but he is working with various bodies to convince ISPs - possibly through legislation - that they need to take on this role.