While doing some research on public cloud-based backup to blob storage solutions, I decided to tinker with the possibility of using Azure not just as my backup target but as a replacement for my main file server sitting under my desk.
I had already gone through the process of eliminating all my rack mount systems from my house that were taking up space and consuming too much electricity. These were being used for test purposes and it was easy to replace them with IaaS VMs in Azure.
Using public cloud as your file server, though, that’s a bit different. It’s actually quite easy to do as a small business; the Azure file service makes it easy to turn on SMB/CIFS file sharing with any storage account.
It doesn’t consume compute, just storage costs, but it acts just like any other file server or NAS device on-premises.
And if your business uses business-class broadband, such as an MPLS connection to a Tier-1 telco, it works great. But if you are a SOHO-based business and are using consumer-class broadband, not so much.
It’s got nothing to do with Azure’s technology — that part works great. The problem has to do with what providers like Comcast are doing with access controls on their networks.
When I was setting up my Azure file services, I discovered that I could not map a drive from Windows to the file storage. At first, I thought I had something in my firewall set wrong.
Nope. Even with my PC set to ANY/ANY exclusions coming from that MAC address, I still couldn’t connect to it.
After some trial and error and some basic geek forensics, I determined that one of the ports that the SMB protocol uses — TCP 445 — was being blocked upstream. So I called my broadband company, Blue Stream, which maintains the local cable infrastructure in the town where I live in South Florida.
Nope, no ports being blocked there.
But do you know where lots of ports are being blocked? Comcast, which is Blue Stream’s upstream bandwidth provider.
Comcast presumably blocks port 445 because it is used by the WannaCry malware to spread between systems. However, it’s also the port Microsoft Active Directory uses.
So, if you use Comcast, but want to develop and test file services on Azure, you’re going to have to establish a VPN connection, which kind of defeats the purpose of being able to access your file services from any mobile device.
Comcast is not the only provider that blocks certain ports. AT&T does, as do others.
I understand ISPs wanting to be proactive about security, but blocking ports that essentially disable functionality on major cloud services is unacceptable.
I feel… Comcastrated.
Now, Microsoft could fix this problem by making protocol changes to SMB — by having it communicate over alternate ports and being able to configure that in Azure. But that means making changes to the Windows OS communications protocol stack and pushing that out to tens of millions of systems.
It also would mean changes in the SMB/CIFS standard as well, and that would need to be rolled out to SAMBA and anything else that needs that protocol including all sorts of NAS devices that run on Linux and other derivative OSes.
SMB is just one protocol. There are others that are needed for so many other apps. We can’t change or replace all of them every time a new piece of malware comes out.
What we need is a better solution for monitoring network traffic and acting on threats at the residential level rather than blocking ports wholesale.
Ideally, it would be great to be able to provide a deep packet inspection device to every home, but this type of technology is typically deployed at enterprises and it starts at around $1,000 an appliance and can cost upward of thousands of dollars a year for the subscription, depending on the vendor.
First, there’s no reason why the industry cannot develop a packet inspection and intrusion detection/web application gateway using open source components and then deploy it in a multi-tenant fashion at the provider at the edge of the network, with some sort of an app that the home broadband customer can use to secure their traffic in an easy, wizard-like, self-service fashion.
Log threats going in and out, get notifications on strange activity, all that good stuff.
Perhaps provide unified threat management and deep packet inspection as a value-added service. Managed internet security for residential customers and small business.
As more and more of our services go cloud-based, particularly with the proliferation of Internet of Things devices that need to have constant connectivity, we are going to need to find a better way to deal with the issues of proactive monitoring and acting on internet traffic coming from the home, versus ham-fisted and draconian methods such as port blocking that diminish the value of the broadband connectivity in the first place.
This isn’t just an issue of net neutrality; it’s the only way we are going to be able to seamlessly move to the cloud, long term. The price of entry should not have to be a direct Tier-1 leased line, with an enterprise class service-level agreement and a private virtual circuit to the cloud provider.
Cloud services should be accessible to everyone. It is possible to be both safe and open, but it will require a re-thinking of how providers allow access to those pipes.
- Trend Micro - Simply Security News, Views and Opinions from ... - May 30th, 2019
- Kaspersky Internet Security - Wikipedia - May 13th, 2019
- Anti-Virus Web Protection & Spyware Removal | StopSign ... - May 13th, 2019
- Internet security Great-West Life - ssl.grsaccess.com - March 22nd, 2019
- Download COMODO Internet Security 126.96.36.19944 - softpedia.com - January 31st, 2019
- Avast Internet Security Review 2018 - We Hate Malware - November 8th, 2018
- Security Packages | High-Speed Internet | Windstream - November 8th, 2018
- Antivirus vs Internet Security [Security Software Comparison] - November 8th, 2018
- Internet Security Lectures by Prabhaker Mateti - November 8th, 2018
- Vipre Internet Security 2016 Free Download - Softlay - November 8th, 2018
- Internet security software Reviews 2018 - Compared & Reviewed - November 2nd, 2018
- Exhibit A - Internet Security Requirements - November 2nd, 2018
- CIS Benchmarks - Center for Internet Security - November 2nd, 2018
- Kaspersky Internet Security 2018 Crack + License Key [Latest] - October 12th, 2018
- Zillya! Internet Security | Best Security Solution for Active ... - October 12th, 2018
- Download Norton Internet Security 188.8.131.52 - softpedia.com - October 9th, 2018
- Avast Internet Security 2018 Activation Code, Serial Key Till ... - October 9th, 2018
- Download Avast Internet Security 18.6.2349 Build 18.6.3983 ... - October 9th, 2018
- Download McAfee Internet Security 19.0 Build 19.0.4016 - October 3rd, 2018
- AVG Internet Security 2018 Free Download - FileHippo - October 3rd, 2018
- Internet Security - Quick Heal - October 3rd, 2018
- Kaspersky Internet Security 2019 v184.108.40.2068 | Software ... - October 3rd, 2018
- VIPRE Internet Security Review & Comparison - September 22nd, 2018
- Internet Security Suite | Verizon Internet - September 20th, 2018
- Antivirus Security Software & Internet Security - Newegg.com - September 19th, 2018
- Amazon Best Sellers: Best Internet Security Suites - September 7th, 2018
- Download Bitdefender Internet Security 2019 220.127.116.11 - August 24th, 2018
- Best (and Worst) Internet Security Software of 2018 for Windows - August 18th, 2018
- Amazon.com: Kaspersky Internet Security 2018 | 3 Device | 1 ... - August 8th, 2018
- AVG Internet Security - Free download and software reviews ... - August 3rd, 2018
- Top 3 Internet Security Software Suites Reviews ... - July 26th, 2018
- GRC | LeakTest -- Firewall Leakage Tester - July 26th, 2018
- Internet Security is an important part of Identity Theft ... - June 22nd, 2018
- V3 Internet Security | AhnLab - June 22nd, 2018
- Internet Security with Xfinity - Norton Security Online - June 17th, 2018
- Best Internet Security Software Compared - May 25th, 2018
- Computer and internet security software Chili Security - May 21st, 2018
- Internet Security Market Size, Share and Technology, 2021 - May 21st, 2018
- Center for Internet Security - Wikipedia - May 10th, 2018
- Download Webroot SecureAnywhere Antivirus & Internet ... - May 1st, 2018
- AVG Internet Security 2018 review | Ultimate antivirus ... - April 29th, 2018
- The Internet Security Academy - SAHCOM Technologies LLP - April 27th, 2018
- These files can't be opened. Your Internet security ... - April 20th, 2018
- How to Uninstall Norton Internet Security: 12 Steps - April 20th, 2018
- Internet Security Software at Office Depot OfficeMax - April 19th, 2018
- Why is Internet security important? | Reference.com - March 26th, 2018
- AVG Internet Security Unlimited 2018 18.2.3827 20% OFF ... - March 25th, 2018
- Trend Micro Titanium Internet Security - Download - March 21st, 2018
- Kaspersky Mobile Antivirus: AppLock & Web Security ... - March 21st, 2018
- Why do I Need Internet Security - The High Tech Society - March 21st, 2018
- Cincinnati Bell - Other Services Support - March 21st, 2018
- Internet Security Essentials for Business 2.0 | U.S ... - March 21st, 2018
- ESET Internet Security 10.0.386.0 Crack + License Keys ... - March 21st, 2018
- Privacy and Security in the Internet Age | WIRED - March 19th, 2018
- News & Events | K9 Web Protection - Free Internet Filter ... - March 19th, 2018
- 10 Internet Security Programs (for Windows), Ranked Best ... - March 7th, 2018
- AVG Internet Security 2015 Free Download - getintopc.com - March 3rd, 2018
- McAfee Internet Security Download - softpedia.com - February 28th, 2018
- COMODO Internet Security Download - softpedia.com - January 30th, 2018
- Best Internet Security Software 2018 - The best rated ... - January 28th, 2018
- Comodo Antivirus - Best Virus Removal Software 2018 - January 13th, 2018
- ZoneAlarm Antivirus Software | Virus Protection & Firewall - January 13th, 2018
- What Is the Meaning of Internet Security? | Techwalla.com - January 12th, 2018
- Download Avast Internet Security 17.7.2314 - FileHippo.com - January 12th, 2018
- Vipre Antivirus VIPRE Internet Security - January 12th, 2018
- AVG Internet Security 2018 License Key With Crack Full Version - January 8th, 2018
- CA Internet Security Suite Plus - Download - December 27th, 2017
- Collaborative Security: An approach to tackling Internet ... - December 27th, 2017
- Norton Internet Security - Download - December 20th, 2017
- Best Internet Security 2017 - Total Security Software for ... - December 20th, 2017
- Get the Best Internet Security Software of 2016! - December 20th, 2017
- Internet Security Administrator: Job Description and Requirements - December 19th, 2017
- Top 10 Cheap Antivirus and Internet Security Protection for ... - December 19th, 2017
- Download AVG Internet Security Unlimited - FileHippo.com - December 19th, 2017
- Norton Internet Security - softpedia.com - December 19th, 2017
- Internet Security - Cisco - December 19th, 2017
- Best Antivirus Software, Internet Security & Malware Removal - December 19th, 2017
- internet security | eBay - October 26th, 2017
- Avast Internet Security Download - softpedia.com - October 20th, 2017
- Internet Security Software | Trend Micro - October 3rd, 2017