Commentary — It is troubling to read a network security-related rant on eWeek where the columnist misses obvious points.
Quoting the eWeek story:
It is not uncommon for support workers at ISPs to tell users who call in for assistance to turn off anti-virus programs and firewalls before any help can be provided. I guess virus
– and worm-ridden computers are much easier to troubleshoot and support. (…)
But maybe anti-virus programs and firewalls are overrated as security tools. In a response to my column, IT consultant Triona Guidry told me that a support person at an ISP informed one of her clients that he didn’t need these kinds of tools because the ISP network already had them.
I would really love to see that ISP network?it must be almost magical. Why, this ISP apparently has been able to pull off a level of network-based protection that would make any corporation or government envious.
It is true that ISPs ask users to turn their anti-virus and firewall software off. I’ve experienced this once. I answered “no way” to the friendly prompt. The operator replied: “I’m sorry, I can’t do anything for you if you do not cooperate.” This pissed me off so much — I had spent half a day configuring a server and this clueless person wanted me to let viruses in?!? — that they eventually escalated the call. And level-3 tech support acknowledged I merely needed to answer ICMP-related queries. So if anything, the main problem comes from the lack of a skilled workforce involved in level-1 tech support. And who can blame the ISPs for this? Most of the time, users just need help to configure MS-Outlook. Do you really expect these same users to configure their firewall to let ICMP in and out?
Speaking of level-1 tech support, here’s a tip if you don’t like to deal with them: When you call your ISP’s tech support, immediately ask for level-2 or level-3 support. They’ll usually let you through if you ask them to confirm your diagnosis in a straightforward manner, e.g. “xyz.xyz.xyz.xyz, named blah.isp.domain is one of your machines, right? I trace my packets until there but it looks like something is down right behind it. Thank you for passing me on to someone who can tell me how long it will take to solve the issue.” If this doesn’t work, hang up, find the Head of Technical Support or the Head of Technology using a search engine, call the company’s HQ and ask to speak to him. When prompted to leave a message, ask what the guy in charge of network operations’ name is and whether he or one of his colleagues is available. If they don’t put you through at this point, call a random person in the company. As in: “Oops, I’m so sorry, I thought I dialed [guy in charge of network operations’ name]’s phone number. Would you mind transferring me please?” Oh, and… Don’t forget to immediately ask for a direct phone number upon getting the right person — before he understands you just bypassed the entire support procedure.
Regarding whether you need an anti-virus and a firewall, I would challenge the relevance of the antivirus at the very least. I have no antivirus, but I’ve a tool that protects my registry settings. Technically, however, it never has been necessary in the past years. My two firewalls — one on the router, and one on the PC — have blocked every single threat. Why? Because Windows viruses don’t usually target Cisco software. Because I’ve disabled active components almost entirely on my browser. And because I read my emails as plain text. Thus, exposure is minimal.
But do I really need the firewall at all? It depends. A firewall is meant to reduce your exposure to security threats, so technically, I’d say you want an active firewall on every device. However, if you are a clueless user with a single computer, as is the case with many ISP customers, you might prefer that the ISP takes care of it. Which he can, since multiservice access routers let you manage firewalls, VPNs and antiviruses from within your network’s core. Compare your internet connection with a tunnel. Putting the security measures at one end or the other makes no difference whatsoever. Hence, you might as well put the firewall, VPN and antivirus at the edge the ISP is managing rather than at the edge the user is managing. If you’re a company, however, things are different: As soon as you have two devices, you want firewalls around.