While doing some research on public cloud-based backup to blob storage solutions, I decided to tinker with the possibility of using Azure not just as my backup target but as a replacement for my main file server sitting under my desk.
I had already gone through the process of eliminating all my rack mount systems from my house that were taking up space and consuming too much electricity. These were being used for test purposes and it was easy to replace them with IaaS VMs in Azure.
Using public cloud as your file server, though, that’s a bit different. It’s actually quite easy to do as a small business; the Azure file service makes it easy to turn on SMB/CIFS file sharing with any storage account.
It doesn’t consume compute, just storage costs, but it acts just like any other file server or NAS device on-premises.
And if your business uses business-class broadband, such as an MPLS connection to a Tier-1 telco, it works great. But if you are a SOHO-based business and are using consumer-class broadband, not so much.
It’s got nothing to do with Azure’s technology — that part works great. The problem has to do with what providers like Comcast are doing with access controls on their networks.
When I was setting up my Azure file services, I discovered that I could not map a drive from Windows to the file storage. At first, I thought I had something in my firewall set wrong.
Nope. Even with my PC set to ANY/ANY exclusions coming from that MAC address, I still couldn’t connect to it.
After some trial and error and some basic geek forensics, I determined that one of the ports that the SMB protocol uses — TCP 445 — was being blocked upstream. So I called my broadband company, Blue Stream, which maintains the local cable infrastructure in the town where I live in South Florida.
Nope, no ports being blocked there.
But do you know where lots of ports are being blocked? Comcast, which is Blue Stream’s upstream bandwidth provider.
Comcast presumably blocks port 445 because it is used by the WannaCry malware to spread between systems. However, it’s also the port Microsoft Active Directory uses.
So, if you use Comcast, but want to develop and test file services on Azure, you’re going to have to establish a VPN connection, which kind of defeats the purpose of being able to access your file services from any mobile device.
Comcast is not the only provider that blocks certain ports. AT&T does, as do others.
I understand ISPs wanting to be proactive about security, but blocking ports that essentially disable functionality on major cloud services is unacceptable.
I feel… Comcastrated.
Now, Microsoft could fix this problem by making protocol changes to SMB — by having it communicate over alternate ports and being able to configure that in Azure. But that means making changes to the Windows OS communications protocol stack and pushing that out to tens of millions of systems.
It also would mean changes in the SMB/CIFS standard as well, and that would need to be rolled out to SAMBA and anything else that needs that protocol including all sorts of NAS devices that run on Linux and other derivative OSes.
SMB is just one protocol. There are others that are needed for so many other apps. We can’t change or replace all of them every time a new piece of malware comes out.
What we need is a better solution for monitoring network traffic and acting on threats at the residential level rather than blocking ports wholesale.
Ideally, it would be great to be able to provide a deep packet inspection device to every home, but this type of technology is typically deployed at enterprises and it starts at around $1,000 an appliance and can cost upward of thousands of dollars a year for the subscription, depending on the vendor.
First, there’s no reason why the industry cannot develop a packet inspection and intrusion detection/web application gateway using open source components and then deploy it in a multi-tenant fashion at the provider at the edge of the network, with some sort of an app that the home broadband customer can use to secure their traffic in an easy, wizard-like, self-service fashion.
Log threats going in and out, get notifications on strange activity, all that good stuff.
Perhaps provide unified threat management and deep packet inspection as a value-added service. Managed internet security for residential customers and small business.
As more and more of our services go cloud-based, particularly with the proliferation of Internet of Things devices that need to have constant connectivity, we are going to need to find a better way to deal with the issues of proactive monitoring and acting on internet traffic coming from the home, versus ham-fisted and draconian methods such as port blocking that diminish the value of the broadband connectivity in the first place.
This isn’t just an issue of net neutrality; it’s the only way we are going to be able to seamlessly move to the cloud, long term. The price of entry should not have to be a direct Tier-1 leased line, with an enterprise class service-level agreement and a private virtual circuit to the cloud provider.
Cloud services should be accessible to everyone. It is possible to be both safe and open, but it will require a re-thinking of how providers allow access to those pipes.
- Comodo Antivirus - Best Virus Removal Software 2018 - January 13th, 2018
- ZoneAlarm Antivirus Software | Virus Protection & Firewall - January 13th, 2018
- What Is the Meaning of Internet Security? | Techwalla.com - January 12th, 2018
- Download Avast Internet Security 17.7.2314 - FileHippo.com - January 12th, 2018
- Vipre Antivirus VIPRE Internet Security - January 12th, 2018
- AVG Internet Security 2018 License Key With Crack Full Version - January 8th, 2018
- CA Internet Security Suite Plus - Download - December 27th, 2017
- Collaborative Security: An approach to tackling Internet ... - December 27th, 2017
- Norton Internet Security - Download - December 20th, 2017
- Best Internet Security 2017 - Total Security Software for ... - December 20th, 2017
- Get the Best Internet Security Software of 2016! - December 20th, 2017
- Internet Security Administrator: Job Description and Requirements - December 19th, 2017
- Top 10 Cheap Antivirus and Internet Security Protection for ... - December 19th, 2017
- Download AVG Internet Security Unlimited - FileHippo.com - December 19th, 2017
- Norton Internet Security - softpedia.com - December 19th, 2017
- Internet Security - Cisco - December 19th, 2017
- Best Antivirus Software, Internet Security & Malware Removal - December 19th, 2017
- internet security | eBay - October 26th, 2017
- Avast Internet Security Download - softpedia.com - October 20th, 2017
- Internet Security Software | Trend Micro - October 3rd, 2017
- Lenovo Faces No Significant Penalty for Security-Destroying Superfish Debacle - ExtremeTech - September 7th, 2017
- 25% Upside Seen In Palo Alto, Argus Research Upgrades To Buy - Benzinga - September 5th, 2017
- How to: Your essential guide to internet security - PC Authority - September 5th, 2017
- Internet security startup founded by former CIA analyst raises $40 million - San Francisco Business Times - September 2nd, 2017
- CyberRehab's mission? To clean up the internet, one ASN block at a time - The Register - September 2nd, 2017
- Kaspersky Lab launched updated versions of Kaspersky Internet ... - Software Testing News - September 1st, 2017
- Cloud-based CAE HPC Partnership Focuses on Speed and Security of Data Transfer - ENGINEERING.com - September 1st, 2017
- China's cybersecurity law grants government 'unprecedented' control over foreign tech - The Register - September 1st, 2017
- Symantec CEO Sees Broad-Based Internet Security Threats - Bloomberg - August 31st, 2017
- Expert warns sexting is seen as normal by many young people - Evening Echo Cork - August 31st, 2017
- Internet Explorer - Wikipedia - August 30th, 2017
- Your essential guide to internet security - IT PRO - August 30th, 2017
- DUO to increase student internet security - The Crimson While - August 30th, 2017
- Online threats lead to real-world harm, say security experts - CNBC - August 30th, 2017
- Upgrade your internet security with Private Internet Access VPN ... - Popular Science - August 28th, 2017
- Internet 101 Survey results show disconnect between confidence and Internet user knowledge - TechSpot - August 28th, 2017
- Leak of >1700 valid passwords could make the IoT mess much worse - Ars Technica - August 27th, 2017
- How to Choose the Best Internet Security Software? | Bdaily - Bdaily - August 25th, 2017
- China overtakes Belgium on world innovation index - TechNode (blog) - August 25th, 2017
- Zephyr Cove internet security company enters into Paten Standstill Agreement - Northern Nevada Business Weekly - August 25th, 2017
- Internet key to farm security, farmer Bruce Crafter says at Farm Security and Farmers Health Expo in Bendigo - Bendigo Advertiser - August 25th, 2017
- Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation ... - PR Newswire (press release) - August 25th, 2017
- OneLogin is Changing How We Think About Internet Security - HiTechChronicle - August 25th, 2017
- Q2 2017 Akamai State Of The Internet / Security Report Analyzes Re-Emergence Of PBot Malware; Domain Generation ... - GuruFocus.com - August 23rd, 2017
- Getting serious about research ethics: Security and Internet Measurement - Freedom to Tinker - August 23rd, 2017
- Dozens of pro-Trump rallies retreat to internet, insist it's not due to poor attendance - Mashable - August 22nd, 2017
- Ransomware Victims Pay Much More Than Just the Ransom - eWeek - August 22nd, 2017
- A Very Dumb Mistake Costs Cryptocurrency Investors Big Time - WIRED - August 22nd, 2017
- WomensLaw.org | Internet Security - August 20th, 2017
- Facebook Awards $100K for Spear Phishing Security Research - eWeek - August 19th, 2017
- Resilience, Emergencies and the Internet: Security In-Formation - Peace Research Institute Oslo (PRIO) (press release) - August 18th, 2017
- LIBTELCO Hosts First Cyber Security Confab - Liberian Daily Observer - August 18th, 2017
- Free or hate speech? Silicon Valley searches for proper line - CBS News - August 18th, 2017
- The Yin-Yang of Cybersecurity Legislation The Internet of Things Cybersecurity Act - CSO Online - August 16th, 2017
- Women build capacity in internet security - Ghana News Agency - August 14th, 2017
- Can US lawmakers fix IoT security for good? - Network World - August 14th, 2017
- 3 Problems Related to Internet Security and Online Safety - Bdaily - August 14th, 2017
- Internet security at home avoid being an online victim - North Coast Courier - August 11th, 2017
- Healthcare Industry May Not Be Prepared For Internet of Things - JD Supra (press release) - August 11th, 2017
- Kaspersky Lab Launches Internet Security Campaign in Asia Pacific - Guiding Tech - August 10th, 2017
- Bitdefender Internet Security 2016 - PCMag India - August 6th, 2017
- Mozilla bets its Rust language will make your internet safer - CNET - August 3rd, 2017
- Kaspersky Internet Security 2018 220.127.116.115 - Tech Advisor - August 3rd, 2017
- Top 5 Internet Security Practices to Staying Safe Online - The Merkle - August 1st, 2017
- Every day is Internet Security Day | Opinion | thenewsherald.com - Southgate News Herald - August 1st, 2017
- Security This Week: The Very Best Hacks From Black Hat and Defcon - WIRED - August 1st, 2017
- 'Internet of things' hackers raise cloud of fear - E&E News - August 1st, 2017
- Facebook Donates $1M in New Funds for Internet Security at Black Hat - eWeek - August 1st, 2017
- ARRIS Launches First Gateway with ARRIS Secure Home Internet by McAfee; Exclusively at Best Buy - PR Newswire (press release) - July 12th, 2017
- Bitdefender unveils 2018 edition of Total Security, Internet Security ... - Windows Report - July 12th, 2017
- Women in IT Security: Eight Women to Watch - SC Magazine - July 11th, 2017
- The Internet of Identities (IoI) - CSO Online - July 11th, 2017
- Trump Says He Pressed Putin, While Casting More Doubt On Election Meddling - NPR - July 9th, 2017
- Internet freedom must be protected but also respected - Independent Online - July 9th, 2017
- The internet, security and privacy - TechTarget (blog) - July 7th, 2017
- Save 20 Percent on AVG Internet Security Unlimited, AVG Ultimate - PCMag - July 7th, 2017
- Bitdefender Internet Security 2017 One of the most efficient security suites - GameSinners (press release) (blog) - July 5th, 2017
- The Whole Internet Is Managed By 14 People; Each One Is A Security Keyholder - Fossbytes - July 5th, 2017
- In our opinion: Individuals and governments should do more to recognize and combat cyber attacks - Deseret News - July 5th, 2017
- See Which Mac Antivirus Protects Best (and Worst) - Laptop Mag - July 5th, 2017