IIA releases draft eSecurity for ISPs

Comment sought on voluntary code of conduct
The proposed IIA Trustmark

The proposed IIA Trustmark

The Internet Industry Association (IIA) has released a draft eSecurity code to help Internet service providers (ISPs) to improve security for their customers.

The code, which will be finalised by December 1, 2009, takes in four main elements:

  • Identification of compromised computers
  • Customer contacts
  • Provision of information and advice to fix the compromised system
  • A reporting function for alerting about serious scale threats

The number of spam messages and malware is growing daily. The IIA claims about 200,000 million spam messages clog inboxes each day. The average zombie PC can send 10,000 spam messages a day.

According to the IIA, there are about 100,000 'zombies' in Australia at present. Zombie infections also account for about 90 per cent of spam worldwide.

The association hopes the voluntary code will provide a fair and uniform approach to reducing malware-infected systems. It will not include SMS or smartphone mobile devices.

It calls on ISPs to actively monitor systems for malicious activity and compromised computers as part of normal network management activities and notifying trusted third party sources. Providers must also provide standard security information to their customers.

ISPS will be encouraged to monitor mail queues and network traffic patterns for anomalies or patterns using:

  • Ingress antivirus and spam checking
  • Ingress address validation (not accepting any packets from computers that have source addresses not assigned within the ISP's allocation block)
  • Gateway IPS/IDS
  • Internal firewall systems
  • Internal systems used to identify well known trojan/viruses using well known TCP and UDP port numbers Reports from customers.

ISPs who are compliant with this code will be entitled to use a special IIA Security Friendly ISP Trustmark on their websites.

The IIA is calling for public response to the draft code by via email at securitycode@iia.net.au by Friday, October 30, 2009.

More about: eSecurity, etwork, Gateway, IIA, Internet Industry Association, IPS, Provision, Trustmark
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: e-security, IIA, isp, security, spam
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/22/cdex/

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia