Service providers to patrol internet ?

Posted by Mayuresh | Security | Wednesday 18 June 2008 9:14 am

AT&T is planning to offer security services to inspect and stop malicious traffic before entering the corporate network.
Ref: http://www.mercurynews.com/business/ci_9593411

In all these years service providers are always looked upon as just thick pipes that do their best to get every piece of data to customers. Fundamental question that arises here is should they be allowed to look into the traffic passing through their network? One of the intended use is to stop spams before reaching the corporate networks. According to AT&T, 80% of emails that it delivers is spam. Argument looks very attractive and seems logical to stop all digital debris, malicious content at backbone itself.

But what if ISPs misuse this power. There are endless possibilities. With so many sophisticated solutions available today, it’s not hard to dig more to characterize behavior of subscribers which then can be used for targeted content OR to keep particular traffic away. Remember Comcast delaying BitTorrent traffic generated enough flames!! This needs to be studied deeply from legal aspects.

Nevertheless, I feel this would open lot of opportunities for security vendors who are struggling to sell in crowded enterprise market.

Comments welcome!!

1 Comment

Please note the views expressed in the comments below are that of the commenter and the owners of this website may not agree with the views expressed.

  1. Comment by Mouse — July 13, 2008 @ 10:48 pm

    There are indeed end user privacy issues (e.g. people don’t seem to like if police would search every visitor of their home). In addition, there are questions of (a) competency – do you really trust your half-clued ISP to do better job than you can in DETECTING and filtering out your inbound malicious traffic AND leaving alone what you need to see, and (b) ability – even if ISP’s weren’t half-clued, how likely is it for them to understand traffic peculiarities of every individual customer (private and corporate) to the point of being able to cull only the “bad” packets? Also, how is this filtering going to deal with SSL-protected traffic (and IPsec, etc)? Considering ever-increasing sophistication of the attacks and increasing tendency for attackers to try “flying under the radar” – I personally see little chance for an ISP to do something useful here.

    I understand the desire of ISP’s to play a role bigger than “dumb pipe” and get a bigger cut of the Internet money pie – but this lead ball doesn’t seem to fly well.

    Now snooping on “normal” legitimate customers and their traffic – that’s totally possible, but it’s a different topic altogether.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.