So, how do you propose the ISP's keep tab on what you do? Think about this, for a moment.
How will a firewall help in this case? Your website is supposed to be "open on the internet", so the firewalls really only protect the servers / switches / routers / etc.
If you (not you personally, the client) installs Joomla, and insists on using "Johny" as an admin password, then that's NOT the ISP's fault or responsibility. And if the client insists on using "Jonhy" as his email password, then again that's not the ISP's fault.
We, for example, have a minimum password strength of 65 - which is rather high, you need a capital letter a lower case letter, a digit, and non-numeric password. To get 65 score on most encryption algorithms, you also need a minimum of 6 characters. But this is only effective on our own servers, where we have control over it, for example with cPanel, FTP, email, etc. This doesn't help you if you have a weak admin password in your Joomla installation.
BUT, my point is still, if you access your control panel from the internet cafe in town, then NO SECURITY in the world will help you.
Re: the comments on the bank: No matter how strong their vaults are, how secure their entire operation is, etc, if you go and withdraw R10,000 cash from an ATM in Hillbrow, then it's your own fault for being robbed.
While we all like to blame someone else for problems that happen, we also need to be mature enough to take responsibility for our own actions. I can't vouch for another ISP, but I get a bit upset if it's always "the stupid ISP that is to blame".
Did you like this article? Share it with your favourite social network.