Internet Service Providers:The Little Mans Firewall

There has recently been call for Internet Service Providers to begin filtering traffic related to the spread of malicious data traffic such as viruses, worms and open proxy abuse to and from their end-users. This case study outlines the planning, implementation, and results phase of such an endeavour by a medium sized national Australian ISP. It illustrates that a significant improvement in the security of the ISP network, end-user connections and indeed the Internet as a whole may be achieved by filtering access to ten TCP/IP ports extensively targeted by this malicious data traffic. By providing an 'opt-out' mechanism for those end-users that do not wish to have such filtering applied this heightened security is possible without negatively impacting connectivity or functionality. This document is intended to be a high level case study in order to have relevance beyond the scope of the specific organisation but at the same time provide enough detail to serve as a good illustration and reference document. While the implementation phase details this process as it applies to Cisco access server hardware the general concepts explored are still valid across other platforms.