While doing some research on public cloud-based backup to blob storage solutions, I decided to tinker with the possibility of using Azure not just as my backup target but as a replacement for my main file server sitting under my desk.
I had already gone through the process of eliminating all my rack mount systems from my house that were taking up space and consuming too much electricity. These were being used for test purposes and it was easy to replace them with IaaS VMs in Azure.
Using public cloud as your file server, though, that's a bit different. It's actually quite easy to do as a small business; the Azure file service makes it easy to turn on SMB/CIFS file sharing with any storage account.
It doesn't consume compute, just storage costs, but it acts just like any other file server or NAS device on-premises.
And if your business uses business-class broadband, such as an MPLS connection to a Tier-1 telco, it works great. But if you are a SOHO-based business and are using consumer-class broadband, not so much.
It's got nothing to do with Azure's technology -- that part works great. The problem has to do with what providers like Comcast are doing with access controls on their networks.
When I was setting up my Azure file services, I discovered that I could not map a drive from Windows to the file storage. At first, I thought I had something in my firewall set wrong.
Nope. Even with my PC set to ANY/ANY exclusions coming from that MAC address, I still couldn't connect to it.
After some trial and error and some basic geek forensics, I determined that one of the ports that the SMB protocol uses -- TCP 445 -- was being blocked upstream. So I called my broadband company, Blue Stream, which maintains the local cable infrastructure in the town where I live in South Florida.
Nope, no ports being blocked there.
But do you know where lots of ports are being blocked? Comcast, which is Blue Stream's upstream bandwidth provider.
Comcast presumably blocks port 445 because it is used by the WannaCry malware to spread between systems. However, it's also the port Microsoft Active Directory uses.
So, if you use Comcast, but want to develop and test file services on Azure, you're going to have to establish a VPN connection, which kind of defeats the purpose of being able to access your file services from any mobile device.
Comcast is not the only provider that blocks certain ports. AT&T does, as do others.
I understand ISPs wanting to be proactive about security, but blocking ports that essentially disable functionality on major cloud services is unacceptable.
I feel... Comcastrated.
Now, Microsoft could fix this problem by making protocol changes to SMB -- by having it communicate over alternate ports and being able to configure that in Azure. But that means making changes to the Windows OS communications protocol stack and pushing that out to tens of millions of systems.
It also would mean changes in the SMB/CIFS standard as well, and that would need to be rolled out to SAMBA and anything else that needs that protocol including all sorts of NAS devices that run on Linux and other derivative OSes.
SMB is just one protocol. There are others that are needed for so many other apps. We can't change or replace all of them every time a new piece of malware comes out.
What we need is a better solution for monitoring network traffic and acting on threats at the residential level rather than blocking ports wholesale.
Ideally, it would be great to be able to provide a deep packet inspection device to every home, but this type of technology is typically deployed at enterprises and it starts at around $1,000 an appliance and can cost upward of thousands of dollars a year for the subscription, depending on the vendor.
First, there's no reason why the industry cannot develop a packet inspection and intrusion detection/web application gateway using open source components and then deploy it in a multi-tenant fashion at the provider at the edge of the network, with some sort of an app that the home broadband customer can use to secure their traffic in an easy, wizard-like, self-service fashion.
Log threats going in and out, get notifications on strange activity, all that good stuff.
Perhaps provide unified threat management and deep packet inspection as a value-added service. Managed internet security for residential customers and small business.
As more and more of our services go cloud-based, particularly with the proliferation of Internet of Things devices that need to have constant connectivity, we are going to need to find a better way to deal with the issues of proactive monitoring and acting on internet traffic coming from the home, versus ham-fisted and draconian methods such as port blocking that diminish the value of the broadband connectivity in the first place.
This isn't just an issue of net neutrality; it's the only way we are going to be able to seamlessly move to the cloud, long term. The price of entry should not have to be a direct Tier-1 leased line, with an enterprise class service-level agreement and a private virtual circuit to the cloud provider.
Cloud services should be accessible to everyone. It is possible to be both safe and open, but it will require a re-thinking of how providers allow access to those pipes.
Net neutered: When ISPs like Comcast crash the cloud - ZDNet
- Global Internet Security Market Growth Opportunities & Factors and Profit Margin | Size, Share, Trends and CAGR Up To 2028 - The State News -... - December 5th, 2019
- Research center planned to help companies protect the Internet of Things more effectively - KU Today - December 5th, 2019
- NATO Should Count Spending on Secure 5G Towards Its 2% Goals - Defense One - December 5th, 2019
- Internet freedom and security challenges: notes from the IGF 2019 - Democracy Without Borders - December 5th, 2019
- A Sprint contractor left thousands of US cell phone bills on the internet by mistake - TechCrunch - December 5th, 2019
- Most recent Internet Security Threats of 2019 - OBN - December 5th, 2019
- 5,183 breaches in first nine months of 2019 exposed 7.9b data records - TEISS - December 5th, 2019
- Click Moment | 'Weak internet signals showed us our strong impact' - Livemint - December 5th, 2019
- What to Make of the Inaugural NetThing 2019 - CircleID - December 2nd, 2019
- cloudtamer.io Announces Availability of Compliance Jumpstarts for Cloud Governance Solution - PR Web - December 2nd, 2019
- 5G hackers: These eight groups will try to break into the networks of tomorrow - ZDNet - December 2nd, 2019
- Opinion | What Iran Did Not Want You to See - The New York Times - December 2nd, 2019
- Multi-domain operations: Like bringing Waze to the battlefield - FedScoop - December 2nd, 2019
- Can New Norms of Behavior Extend the Rules-Based Order Into Cyberspace? - World Politics Review - December 2nd, 2019
- With Brutal Crackdown, Iran Is Convulsed by Worst Unrest in 40 Years - The New York Times - December 2nd, 2019
- What is the Internet of Things? Your IoT roadmap - Ericsson - December 2nd, 2019
- Now even the FBI is warning about your smart TVs security - TechCrunch - December 2nd, 2019
- Cybersecurity: The web has a padlock problem - and your internet safety is at risk - ZDNet - December 2nd, 2019
- How To Secure The Internet: Troy Hunt Talks Breaches, Passwords And IoT - Forbes - December 2nd, 2019
- Chuck Todd challenges John Kennedy on Ukraine: Putin is only other person 'selling this argument' | TheHill - The Hill - December 2nd, 2019
- How Healthcare Organizations Use AI to Boost and Simplify Security - HealthTech Magazine - December 2nd, 2019
- How do I add a Trusted Site in Windows 10 - TWCN Tech News - December 2nd, 2019
- Bargain alert: there's up to $300 off MacBooks right now - Louder - December 2nd, 2019
- 'Restore Internet in J&K without compromising national security' - The Hindu - December 2nd, 2019
- Understanding Biometric Security: The Growing Threats and How to Beat Them - Techopedia - December 2nd, 2019
- Cyber crime: Hackers could gain access to your new internet connected car in seconds - Express - December 2nd, 2019
- Podcast: Digital Trust in the Age of Deepfakes - insideHPC - December 2nd, 2019
- The Debate Over How to Encrypt the Internet of Things - WIRED - November 25th, 2019
- The EU says security is not the only concern when it comes to 5G - CNBC - November 25th, 2019
- Perimeter 81 raises $10M to texpand its Network as a Service platform - Help Net Security - November 25th, 2019
- Recent Research: Internet Of Things (IOT) Security Market Comprehensive SWOT Analysis and Competitive Insight Report 2019-2028 - Daily Criticism - November 25th, 2019
- Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast - BleepingComputer - November 25th, 2019
- Global and Regional IT Security Spending Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Daily Industry News Journal - November 25th, 2019
- DDoS Protection Market Witness an Unsold Story - The Market Journal - November 25th, 2019
- Six reasons for organisations to take control of their orphaned encryption keys before it triggers the next security breach - CSO Australia - November 25th, 2019
- Through Its YubiKey, Yubico Provides a Hardware Solution that Maximizes Online Security and Usability while Moving Beyond Passwords - CardRates.com - November 23rd, 2019
- 110 Nursing Homes Cut Off from Health Records in Ransomware Attack - Krebs on Security - November 23rd, 2019
- 'Tool of repression': Iran and regimes from Ethiopia to Venezuela limit Internet, go dark online - USA TODAY - November 23rd, 2019
- Organisations Join Forces To Fight Off Stalkerware And Domestic Violence - Women Love Tech - November 23rd, 2019
- How did Iran's government pull the plug on the Internet? - Euronews - November 22nd, 2019
- Expert: Education industry ranks one of the worst when it comes to cyber security - FOX 59 Indianapolis - November 22nd, 2019
- Putin: 'Thank God' election interference accusations have stopped amid US 'political battles' | TheHill - The Hill - November 22nd, 2019
- The internet as we know it is off in Iran. Heres why this shutdown is different - WGNO New Orleans - November 22nd, 2019
- The eyes have it - Telegraph India - November 22nd, 2019
- The internet loved Fiona Hill blasting sexism in impeachment testimony - INSIDER - November 22nd, 2019
- What is Google Authenticator?: How to set up Googles two-step verification software to secure all of your Google apps - Business Insider - November 22nd, 2019
- Cybersecurity perils: What CISOs must bear in mind - Elets - November 22nd, 2019
- Symantec | Internet Security Threat Report 2019 - November 21st, 2019
- Evaluating Internet Isolation Clouds: Must-Have Features - Security Boulevard - November 21st, 2019
- Perimeter 81 Announces $10 Million Funding Round to Expand its Network as a Service Platform; Partners with SonicWall to Add Unified Security Services... - November 21st, 2019
- Iranians Struggle Without the Internet - VOA News - November 21st, 2019
- 1.19 billion confidential medical images available on the internet - Help Net Security - November 21st, 2019
- AI, cyberbullying, probably the hot topics at the security workshop - Mash Viral - November 21st, 2019
- Senate Democrats urge DHS to fund cyber threat information-sharing programs | TheHill - The Hill - November 21st, 2019
- What is Google Authenticator? How to set up the app - Business Insider - November 21st, 2019
- LINE Antivirus 2.0.2 Update is Now Live with Enhanced Internet Security and New Features - Feed Ride - November 21st, 2019
- Cybercrime Support Network Awarded $1 Million Cooperative Agreement from the US Department of Homeland Security to Create a Uniform Cybercrime... - November 21st, 2019
- Hillicon Valley: Progressives oppose funding bill over surveillance authority | Senators call for 5G security coordinator | Facebook gets questions... - November 21st, 2019
- The 7 'creepiest' smart gadgets people give as holiday gifts, according to experts - Business Insider - November 21st, 2019
- Election Security: How 3 Local Counties Are Preparing For 2020 - Houston Public Media - November 21st, 2019
- Iran: More than 100 protesters believed to be killed as top officials give green light to crush protests - Amnesty International - November 21st, 2019
- Embedded Security For Internet Of Things Market 2019 Global Analysis by Growth, Size, Share, Trend and Forecast 2025 - Eastlake Times - November 21st, 2019
- #InfosecNA: The Benefits of Training Employees to Hack - Infosecurity Magazine - November 21st, 2019
- The Internet: Looking Back and Forward 50 Years - Security Boulevard - November 18th, 2019
- Internet security Market Outlook 2019: Business Overview And Top Company Analysis Forecast By 2026 - The Market Publicist - November 18th, 2019
- Cybersecurity and digital trade: What role for international trade rules? - Brookings Institution - November 18th, 2019
- The American Internet Sucks. The Alternative Is China. - BuzzFeed News - November 18th, 2019
- 3 types of email you should never open - AndroidPIT - November 18th, 2019
- When will 5G arrive? - Verizon Communications - November 18th, 2019
- New Bytecode Alliance Brings the Security, Ubiquity, and Interoperability of the Web to the World of Pervasive Computing - Mozilla & Firefox - November 18th, 2019
- Kaspersky Internet Security 2021 188.8.131.527 - 60% OFF ... - October 23rd, 2019
- Securing Your Wireless Network | FTC Consumer Information - October 14th, 2019
- Amazon.com: Kaspersky Internet Security | 1 Device | 1 ... - October 1st, 2019
- Download ESET Internet Security | ESET - September 30th, 2019
- VPN Publishes Forbes Internet Security Guide for Law Firms - September 18th, 2019
- Avast Internet Security 2019 v19.7.2388 Activation Code ... - September 18th, 2019
- Trend Micro - Simply Security News, Views and Opinions from ... - May 30th, 2019
- Kaspersky Internet Security - Wikipedia - May 13th, 2019
- Anti-Virus Web Protection & Spyware Removal | StopSign ... - May 13th, 2019
- Internet security Great-West Life - ssl.grsaccess.com - March 22nd, 2019