Flash: Sometimes Common Sense Isn't Sexy

By Michael Hall | Jun 23, 2004 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3372531/Flash-Sometimes-Common-Sense-Isnt-Sexy.htm

Main     Elsewhere     The Week in CrossNodes     The Week in Network News

Yesterday the Anti-Spam Technical Alliance (ASTA) released a set of "best practices" in the war against spam. The recommendations were aimed at three distinct groups: ISPs and mail providers, end users, and legitimate bulk e-mailers.

For anyone who's been thinking about spam for any period of time, the recommendations are probably pretty obvious. A sampling includes:

  • Block or Limit the use of Port 25
  • Close all open relays
  • Configure proxies for internal network use only
  • Detect compromised computers (zombies)
  • Develop effective complaint reporting systems
  • Do not harvest e-mail addresses through SMTP or other means without the owners' affirmative consent.
  • Register your e-mail domain with a creditable safelist provider.
  • Monitor SMTP responses from recipients' mail servers. Promptly remove all e-mail addresses for which the receiving mail server responds with a 55x SMTP error code
  • Make use of spam filtering technologies and customize settings that provide the appropriate level of protection needed.

There are quite a few more of varying utility. One thing they all have in common is their remarkably prosaic and utilitarian bent. There are no magical deathrays to fight a problem that's chimeric to the extent it thrives on both human and technological fallability. That prosaic and utilitarian angle, in fact, had some people reacting to the list with disappointment: Microsoft, Earthlink, AOL, and Yahoo! all got together, hashed out the state of the war against spam, and only came up with THAT? Block port 25? Close open relays? Use safelists? Honor SMTP error codes?

Well, yeah. Because if we should be disappointed about anything in that report, it's that those things still need to be said. There will be no Manhattan Project to stop spam. There won't be an Apollo program that lofts us to a spamless moon and beyond. We'll never send a Voyager probe to the edges of the netiverse to report on how the people of planet Whitelist beat back their spam issue and made sure every mail is a wanted mail.

What will fix the problem, or at least make it more manageable, will be disciplined and focused efforts to adhere to best practices like the ones the ASTA listed: They're common sense to most professionals, they're pointedly not sexy, and they're how we'll gradually narrow down the free-fire zone in which spammers currently operate. Waiting around for a magical anti-spam raygun won't do it.

Elsewhere:

» We're not in the habit of doing security updates, but this one might be a big one for DHCP-using readers:

A pair of security flaws found in the Internet Systems Consortium's (ISC) implementation of the DHCP protocol could leave users at risk of denial-of-service or code execution attacks, experts warned Tuesday.

According to an alert from the U.S. Computer Emergency Response Team (US-CERT), the vulnerabilities were discovered in ISC DHCP versions 3.0.1rc12 and 3.0.1rc13, the de-facto standard for all UNIX and UNIX-like systems, including Linux and BSD.

"All versions of ISC DCHP 3, including all snapshots, betas, and release candidates, contain the flawed code," US-CERT cautioned.

» The US-CERT homepage includes a series of RSS channels and instructions on how to deploy them in a web site. The feeds include:

  • Technical Cyber Security Alerts
  • Cyber Security Bulletins
  • Cyber Security Alerts
  • Cyber Security Tips

We'll be adding them to our RSS reader right away.

If you run a site that deploys RSS feeds, as a by-the-by, today's article from Carla Schroder, which explains how to use mod_gzip to compress Apache traffic, might be useful to you: Most RSS readers have a habit of repeatedly downloading your feed all through the day, which makes the bandwidth usage stack up. By gzipping your RSS feeds, you can save up to 80 percent of that bandwidth with a very little amount of effort in setup.

» MasterCard is going after phishers:

"MasterCard joined forces with digital fraud detection company NameProtect in a new anti-identity theft initiative that aims to thwart phishing (define) scams.

[...]

The NameProtect technology will continuously monitor multiple online mediums, including Web pages, online discussions and hidden content, to nab identity theft trading rings. According to Mark McLane, CEO of NameProtect, the company will then provide the real-time exclusive reports to MasterCard. Together with law enforcement's own network of 25,000 financial institutions, MasterCard can take the necessary action to shut down and prosecute the phishers, as well as inform and protect cardholders.

» Intranet Journal's rundown of government security certification is a good starting point on the topic.

» Intel has released the latest in its Centrino chipsets, but with a wrinkle to previous plans, which included turning desktop machines into WLAN APs:

Late last year the company announced plans to build technology into future desktop chipsets -- " the "glue" between the microprocessor and the rest of the PC" according to an Intel press release -- that could turn desktop PCs into "softAPs." Such computers would serve as software-based access points on a wireless network, adding to the overall capabilities of the WLAN. The chipset in question, previously called Grantsdale --now the 915 G/P, where the G version includes integrated graphics -- is available this week (along with the Alderwood, now the 925 X).

However, there's no softAP ability. eWeek first reported this last week, saying that soft AP ability won't happen at all.

The Week in Network News

» Monday: Cisco's Self-Defending Network Takes Shape

Cisco's vision of a self-defending network took more form today as a bevy of NAC-supporting products were announced and the company moves ahead with third-party outreach. Also: Your enterprise IM choices just narrowed by one as AOL and Yahoo reconsider their IM strategies, and SUPERCOMM kicks off in Chicago.

» Tuesday: XP SP 2 Will Break Your Network. It's About Time.

XP SP2 is looming, it's going to disrupt your network, and your users are going to panic: What took Microsoft so long? Also: Motorola hops on the WiMax bandwagon, VoIP is so six months from now, Cisco goes MAN, and major ISPs write your anti-spam checklist for you.

The Week in CrossNodes

» Get More Out of Your Pipe with Apache and mod_gzip

It's never bad to give your users a faster site. With mod_gzip and Apache, you can compress Web traffic on the fly, reducing file sizes (and download times) up to 80 percent.

» NFS/NIS: Lessen Your Legacy Security Liabilities

You may be an old-school holdout, or you may have inherited a network with NFS/NIS driving some of the file-sharing load. Either way, here's how you can button down these venerable but potentially dangerous services.

» VoWLAN: The Wireless Voice Future is Here ... Almost

VoWLAN might be the chocolate and peanut butter of networking, but the convergence of VoIP and wireless freedom has its share of snags. Here's what you need to know.

» Squid Puts the Squeeze on Net Wrongdoers (Part 2)

Between online deathmatches, hearts tournaments, and sports bookies, your network might be looking more like a playground than a place to get work done. Here's how to use Squid to button down the traffic and make sure your more slippery users don't slide out of its grasp.

Network News Break is CrossNodes' daily summary of networking news and opinion, served up fresh daily. Please send your comments and suggestions to the editor.