Farelf Posted December 1, 2010 Posted December 1, 2010 Most Australian ISPs are members of the (Australian) Internet Industry Association and more or less conform to the several voluntary codes of conduct. Now the Federal Government has added some clout, saying in effect "Regulate yourselves or we will do it for you." The Minister with responsibility for the internet has always questioned the specific immunity of ISPs ('Carriers') against prosecution for the misdeeds of their customers, most would say he seeks to weaken it, many that he looks to destroy it. Against that backdrop, the Code on Cyber-Security has come into effect. Other codes, such as the one against spam, have indicated that ISPs should assist users clean up their infected machines. The absence of an agreed framework for any such actions has more or less guaranteed there were none, a deficiency now addressed by a specific code on security. The level of "assistance" proscribed is quite basic and the backbone of security enforcement from the ISP point of view remains the ability to suspend or terminate accounts that appear to be the source of nastiness (spam, DDoS packets, etc., that is: hosting a zombie) under an appropriately-worded AUP/TOS/CRA. The onus is now put on the ISP to act on abuse complaints and also to scan for activity levels indicative of zombie activity (no defence of ignorance). All they have to do to help the unwitting owner of a compromised machine (on my quick reading) is to point them at a help site - though user education before that point is reached is encouraged. THEN they pull the account . The Code: http://iia.net.au/images/resources/pdf/icode-v1.pdf Education/Help site: http://icode.net.au/index.php It certainly fills a vacuum in the Australian context. Just how effective it will be remains to be seen but it HAS to be infinitely better than doing nothing. Heh ... note SpamCop gets top billing under 4. Other sources of information There are also external sources of compromises / malicious activity which an ISP may choose to use, such as: (a) Spamcop reports; ... - Though I think that could have been worded a little better.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.