The cloud, an easy way out? Maybe, or not...

Discussion topics, Linux related - not requests for help

Moderators: ChrisThornett, LXF moderators

The cloud, an easy way out? Maybe, or not...

Postby Dutch_Master » Mon May 27, 2013 11:18 pm

This is why you should NOT rely on the cloud:
http://www.youtube.com/watch?v=okhfDsKmAoY

A KRO (Dutch TV) network investigation...
Dutch_Master
LXF regular
 
Posts: 2459
Joined: Tue Mar 27, 2007 1:49 am

Postby guy » Tue May 28, 2013 10:07 am

Any chance of a summary? I don't have audio on my PC.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby towy71 » Tue May 28, 2013 10:23 am

The "about" below the video has
IT companies are failing to secure devices connected to the internet, leaving them open to hackers. This shocking report reveals how anything from your pins to your passport could now be accessed online.

"Is this your pin? Is this a letter you received from your bank? Do you have a HP e-Print scanner?" The young man answers yes to every question, stunned that all of his information was accessible on the internet for anyone who wanted to see it. And he's not alone: the wealth of information available is staggering. From shop owners whose security cameras can be watched and controlled remotely, to medical records and confidential documents for international companies like Unilever, Orange and KLM, it's a bonanza for any would-be hackers. While it would be simple for the IT firms who provide printers, scanners and software to make the system more secure, they don't see it as their problem and argue that attending to basic safety protocols is a bit of a marketing nightmare. "There are people who know all about how this works, security-wise, but it's too much trouble to explain all that." One company went so far as to call consumers who didn't know they had to change their passwords "idiots". As the rate of technological change continues at a frightening pace, do technology companies have a duty to prevent our privacy being eroded?
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4266
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

Postby towy71 » Tue May 28, 2013 11:01 am

In essence network enabled devices are by default not secure coming with security disabled or with standard login and passwords; in my experience most routers were similarly insecure but I'm not sure that is any longer true.

Mostly it says that your average punter does not look out for themselves very well :roll:
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4266
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

Postby wyliecoyoteuk » Tue May 28, 2013 11:34 am

Larger MFDs, (printer/copier/scanners) are more secure these days, Most now encrypt their hard drives by default.

Routers are getting a little more proactive, tending to use the serial number as a default password, which means you at least need physical access to find it out.

I frequently tell customers to change the default password on MFDs, but I am often ignored.
I also set an invalid gateway address, unless there is internal routing, or the device needs internet access for scan to email etc.

I remember years ago, when connected devices were quite new, I did a search for "network printer" and three Canon printers in the University of Edinburgh were in the top ten results, I was able to log in to their web page and check their settings!
The sig between the asterisks is so cool that only REALLY COOL people can even see it!

*************** ************
User avatar
wyliecoyoteuk
LXF regular
 
Posts: 3465
Joined: Sun Apr 10, 2005 10:41 pm
Location: Birmingham, UK

Postby guy » Tue May 28, 2013 9:32 pm

Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby towy71 » Tue May 28, 2013 9:37 pm

guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc :roll:

a lot of it was subtitled too :wink:
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4266
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

Postby guy » Wed May 29, 2013 9:32 am

towy71 wrote:
guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc :roll:

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby Ram » Wed May 29, 2013 11:52 am

guy wrote:
towy71 wrote:
guy wrote:Oh, thanks, yes I knew all that. But what has it to do with the cloud?

That is migrating fast to software defined networking, which tends to be a bit more secure. Also, cloud companies tend to take their system security a little more seriously than the average home printer buyer.
The film dealt with an Iomega NAS that came with security disabled out of the box allowing the Dutch investigators to access medical and financial records, Schipol security measures etc.etc :roll:

So, does cloud technology necessarily require NAS devices? Is that particular NAS device a popular hardware item with cloud storage service providers? Just because you have a rack of NAS devices doesn't necessarily mean you have installed a cloud on them.


It is referring to personal NAS storage that is open to the internet like a Imoga NAS, which are open by default.

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
User avatar
Ram
LXF regular
 
Posts: 1682
Joined: Thu Apr 07, 2005 9:44 pm
Location: Guisborough

Postby guy » Wed May 29, 2013 1:01 pm

So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby towy71 » Wed May 29, 2013 1:53 pm

guy wrote:So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.
I think DM is a bit clouded out :roll:
still looking for that door into summer
User avatar
towy71
Moderator
 
Posts: 4266
Joined: Wed Apr 06, 2005 2:11 pm
Location: wild West Wales

Postby Ram » Wed May 29, 2013 2:07 pm

guy wrote:So, noting to do with the cloud then. In fact quite the opposite.

Dutch_Master wrote:This is why you should NOT rely on the cloud:


I think you mean, "This is why you SHOULD rely on the cloud (and not your homespun NAS)"

Just wanted to be sure before I wrote that.


No its not home sprung, it bought NASes for home use that have been configured incorrectly... said NAS then used to store important data beit personal or home workers storing company stuff.

Same goes for MFD printers, open to the cloud again through bad configuration - some you can't set passwords on. So if you have the cloud services enabled left documents in the scanner can be access and printed by the hacker at their location. As demo'd in the video.

Both of these devices can be found in the home as well as businesses

Then there's the web/cctv cameras

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
User avatar
Ram
LXF regular
 
Posts: 1682
Joined: Thu Apr 07, 2005 9:44 pm
Location: Guisborough

Postby guy » Wed May 29, 2013 3:45 pm

Um.

Well, by homespun I mean you went out and bought a NAS and plugged it into your home network and maybe tinkered or maybe not.

You talk about "open to the cloud" and "cloud services enabled". With what meaning do you use the word "cloud"? I know a little about cloud storage, cloud computing and cloud services (as services architected on computer clouds) and none of those seems to be what you mean. Do you just mean "the whole darn Internet"? I'd certainly agree you shouldn't rely on that!
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Postby Ram » Wed May 29, 2013 7:59 pm

Home sprung, I took to mean home built, old server and a couple of disks.

My NAS does have what the vendor calls personal cloud, in theory can be accessed from anywhere in the world.

My printer gives me the facility to print from anywhere I can get an internet connection that goes through the vendors cloud once setup - it's turned off.

Cloud is a buzz word for the internet as far as I'm concerned. Cloud storage is dropbox, Ubuntu one etc.

lubuntu LXDE 13.10 running on AMD Phenom II*4; ASUS Crosshair III Formula MB; 4 GB Ram.....
User avatar
Ram
LXF regular
 
Posts: 1682
Joined: Thu Apr 07, 2005 9:44 pm
Location: Guisborough

Postby guy » Thu May 30, 2013 10:53 am

Ram wrote:Cloud is a buzz word for the internet as far as I'm concerned.

Ah, that explains a lot. Some of us old pro's adopted the word to describe a networked system architecture where the software platforms are independent of the underlying hardware. Virtualization is a key ingredient, with software defined networking (think of it as virtual networks) fast becoming equally essential.

Most of the Internet is not at all like that - at least, not yet. For example, note how some long-established Internet companies like Amazon and Google are getting very excited about the cloud revolution. One can hardly maintain that the revolutionary new thing, the cloud, is the same as the clunky old thing, the Internet.

If I saw a NAS with "cloud" in its sales blurb, I would expect specifically that I could create distinct storage areas for different users and expand these by striping across additional NAS units as capacity requirements rose, in other words the client-visible storage space is wholly independent of the individual hardware units. Furthermore, I would expect it to be a lot smarter, more automated and inherently secure than the old logical volume management (LVM). If your NAS doesn't do all that, then IMHO it does not offer a "personal cloud". And if it does but you aren't using it that way, then you are still not using the cloud, never mind relying on it.

Similarly if a printer offers "cloud services" I would expect that to mean that it will communicate seamlessly with and print directly from say my Google Drive using Google Cloud Print (see for example Google's current list of cloud-ready printers). I would not regard printing say a Google Map from my web browser as meeting that definition.

Ask the manufacturer and they will probably say that their device should be placed behind a properly-configured firewall - it's just that all too many folks, home users and corporate sysadmins alike, don't think about network security. If your firewall is indeed letting through spoof cloud services, just think what else it has been letting through all these years....

Buzz, grumble, rumble....
"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt
User avatar
guy
LXF regular
 
Posts: 1098
Joined: Thu Apr 07, 2005 12:07 pm
Location: Worcestershire

Next

Return to Discussion

Who is online

Users browsing this forum: No registered users and 2 guests