18 Dec
2016
18 Dec
'16
10:37 p.m.
Hi,
There was a consultation earlier regarding what to do about
customers who do not react to the alerts we send about serious
security issues we have found during regular scans of our IP space:
http://lists.bitfolk.com/lurker/message/20161215.152008.2ee18732.en.html
Dealing with that was becoming quite a time sink and I was also
getting concerned about potentially inconsistent handling of these
issues when not working to any kind of documented process.
The consensus seemed to prefer the idea of network suspension after
21 days, so this has now been documented along with a bit more
information about the things we (or partners) scan for:
https://tools.bitfolk.com/wiki/Vulnerability_scanning
This will now allow for some more automation.
I've also updated the Terms and Conditions page:
https://bitfolk.com/policy/terms.html
with a new paragraph that points to that page:
BitFolk and its partners regularly scan BitFolk's IP space for
well-known vulnerabilities and misconfigurations, some of which
are serious enough that BitFolk will insist that The Customer
fixes them within a reasonable timescale.
Although the paragraph above that one is the usual blanket "reserve
the right to suspend service", so perhaps technically not necessary
to list particular things, it does however seem like useful info to
have there.
Normally we try to have changes to T's&C's not take effect for 30 days but I
don't see this as a change, since we have always used the "reserve
the right to suspend service" clause if necessary with things like
this. So if it is unfortunately necessary to suspend someone's
network we won't be waiting until 30+21 days to do it. And happily
there currently isn't anyone who's been receiving alerts for
anything like that long.
If you have any questions or feel the article (or process) could be
improved please let us know.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
"The electric guitar - like making love - is much improved by a little
feedback, completely ruined by too much." — The League Against Tedium