Zombie PCs to be throttled, isolated under new ISP code

Powered by SC Magazine
 

Voluntary ISP code of practice launched for Cyber Security Awareness week.

Internet service providers should quarantine or even slow down the connections of customers with infected computers, according to a new Australian industry code of practice.

The voluntary code of practice was designed by the Federal Government and the Internet Industry Association (IIA) to formalise cyber security standards for ISPs and customers.

The code [PDF] outlines measures to educate customers, detect malicious activity on the network, take action against compromisde customers and also a requirement to report serious activity to the Australian Federal Police and the national computer emergency response team (CERT).

Communications Minister Stephen Conroy announced the code at yesterday's launch of Australian Cyber Security Awareness Week, and hinted that the code might not remain 'voluntary' should ISPs not sign up.

"At the moment we're working with [IIA CEO Peter Coroneos] and the industry, to make it work this way," Mr Conroy said. "Down the track if it doesn't work - [compulsory adherence to the code] is something we'll have to look at.

"But we are genuienly working well with the sector to get the best outcome."

The code is built around a free monitoring service introduced by the Australian communications and media authority (ACMA) in 2005 -- Australian Internet Security Initiative -- which is used by 78 ISPs to detect whether their customers' computers are connected to a network of hacked PCs, known as a botnet.

The government and IIA have added several resources for ISPs including standard cyber security education messages, notification guidelines, a requirement to report significant infections to the authorities and courses of action to reduce a threat.

The recommended courses of action include the option to slow down or limit a customer's connection.

"Actions that ISPs can take when they become aware of a compromised computer include... apply an ‘abuse' plan where the customer's internet service is speed throttled," the code recommends.

"Temporarily quarantining the customer's service, for example by holding them within a ‘walled garden' with links to relevant resources that will assist them until they are able to restore the security of their machine."

These two measures are more relaxed than suggestions made in a draft of the code in September last year, which recommended ISPs cut access to zombie-infected PCs altogether.

The code states that "user privacy is paramount", but does not provide details for how this will be protected if a compromised computer is reported to authorities.

The ISP code is policed by the IIA and there are no penalties for breaches, according to IIA CEO Peter Coroneos.

"It goes around the compliance symbol," Mr Coroneos said. "They'll be given a trust mark that they put on their website that shows that their code is compliant.

"If we become aware down the track in the unlikely event that an ISP is going to stop acting in their best interests, then we'll take action." 


Zombie PCs to be throttled, isolated under new ISP code
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1450

Vote