ISP Acceptable Use Policy and Incident Response

Previous page
Table of content
Next page

Like most people, you probably assume that your ISP is monitoring its network for all kinds of malicious activity, that it's looking for attacks against its customer networks, and that it'll shut down the attackers the moment it sees this type of activity. Why would you not assume this? Most ISPs have an acceptable use policy (AUP), which generally lists activities they do not allow on their network, for example:

  • We do not allow port scanning or packet spoofing.

  • We do not allow the use of tools intended to break into systems or exploit vulnerabilities on systems.

  • We do not allow traffic meant to disrupt or inhibit communication across our network.

We must admit, we have seen no AUPs from any ISP that explicitly state they actively monitor for these activities, and act on them in real time. An AUP is posted for legal reasons, and few ISPs have the resources to actively monitor and react to these activities. We mention the AUP only to educate you and to prompt you to ask your ISP what activities it monitors , and how you can best work with it in the event of a security incident to mitigate or track attacks.

In addition to policies, if your ISP manages devices for you such as firewalls and/or border routers, you need to be aware of its monitoring policies and procedures. Most ISPs providing managed services really do monitor the devices as well as track security events, but we have seen cases where the managed service provider was asleep at the wheel during scheduled security assessments. In some cases, the customer notifies the ISP that something is happening!

You should also ask your ISP if they participate in the Inter-Network Operations Center Dial-by-ASN (INOC-DBA) system. INOC-DBA is a free system that interconnects service providers, incident response teams , and industry experts, as well as vendors and security and policy governance bodies via Voice over IP (VoIP) telephones. You may consider this the equivalent of an ISP "Bat Phone." This system puts ISPs and organizations in immediate communication with each other by simply dialing the ASN of a specific organization. Within ISPs and the Internet community, major organizations are known by their ASNs. If your ISP does not participate in this system, you should encourage them to do so, or select an ISP that does participate in the system. This will help ensure that your ISP can track and/or mitigate attacks against your infrastructure.

Note 

After interviews with some of the largest ISP engineering teams, we're told that the utility of the INOC-DBA is sometimes less than expected. The system can be used to circumvent normal customer service/ticketing processes for events that do not merit emergency status. Still, we feel it's another useful asset to have in the incident response toolbox.


Previous page
Table of content
Next page
Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120
Authors: Victor Oppleman, Oliver Friedrichs, Brett Watson
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Data Structures and Algorithms in Java
101 Microsoft Visual Basic .NET Applications
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
DNS & BIND Cookbook
User Interfaces in C#: Windows Forms and Custom Controls
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy