ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    AzureAD and shares

    Scheduled Pinned Locked Moved IT Discussion
    137 Posts 9 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ObsolesceO
      Obsolesce @scottalanmiller
      last edited by

      @scottalanmiller said in AzureAD and shares:

      @Obsolesce said in AzureAD and shares:

      @scottalanmiller said in AzureAD and shares:

      AD + SMB.... it's like designing for ransomware.

      What does AD have to do with ransomware?

      A ton. AD and SMB shares authenticated through it are the primary attack vector for ransomware. While AD itself is not a huge vulnerability, it ties many systems together so that a single compromise easily turns into a big one. It's like the authentication equivalent to a LAN. It magnifies exposure and discovery.

      So if you take away AD, nobody gets ransomware?

      I would say it's an issue of old outdated SMB versions with bad access and authentication practices.

      scottalanmillerS 2 Replies Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @Obsolesce
        last edited by

        @Obsolesce said in AzureAD and shares:

        So if you take away AD, nobody gets ransomware?

        Being a primary vector, and the only vector, and totally different things.

        If you have four attack vectors, three that are 24% of the time, and one that is 28% of the time, that one is the primary, but the other three make up 72% of attacks.

        So the leap from feeling something is primary, to all, can be astronomic.

        But yes, if you remove AD, a massive percentage of people getting ransomware, or getting it across systems rather than isolated to one system, drops dramatically.

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Obsolesce
          last edited by

          @Obsolesce said in AzureAD and shares:

          I would say it's an issue of old outdated SMB versions with bad access and authentication practices.

          That is a factor, too, of course. Anything outdated ups the risk. But for systems properly maintained, those things don't exist.

          ObsolesceO 1 Reply Last reply Reply Quote 0
          • brandon220B
            brandon220
            last edited by

            If you had a client/friend/relative and needed a file server for 'reasons' and they only knew MS since birth - would you still install a samba file server if licenses were not a factor?

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • ObsolesceO
              Obsolesce @scottalanmiller
              last edited by Obsolesce

              @scottalanmiller said in AzureAD and shares:

              @Obsolesce said in AzureAD and shares:

              I would say it's an issue of old outdated SMB versions with bad access and authentication practices.

              That is a factor, too, of course. Anything outdated ups the risk. But for systems properly maintained, those things don't exist.

              Bad things happen with good solutions when they are not implemented and maintained correctly.

              1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates @brandon220
                last edited by

                @brandon220 said in AzureAD and shares:

                Here is an example from the FFIEC Cybersecurity Assesment Tool:
                assessmentsnip.PNG
                The more OSS you have, the lower your score will be.

                I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @brandon220
                  last edited by

                  @brandon220 said in AzureAD and shares:

                  If you had a client/friend/relative and needed a file server for 'reasons' and they only knew MS since birth - would you still install a samba file server if licenses were not a factor?

                  Honestly, yes. For the very reason you mention.... someone who "only knows one thing", don't actually know that thing and are the most dangerous of people. Making it easy for people who don't understand to break things is really the worst option, IMHO . It's costly, and risky. Making IT "seem easy" is one of the biggest mistakes of the MS ecosystem.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @stacksofplates
                    last edited by

                    @stacksofplates said in AzureAD and shares:

                    @brandon220 said in AzureAD and shares:

                    Here is an example from the FFIEC Cybersecurity Assesment Tool:
                    assessmentsnip.PNG
                    The more OSS you have, the lower your score will be.

                    I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                    But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                    stacksofplatesS 1 Reply Last reply Reply Quote 0
                    • stacksofplatesS
                      stacksofplates @scottalanmiller
                      last edited by

                      @scottalanmiller said in AzureAD and shares:

                      @stacksofplates said in AzureAD and shares:

                      @brandon220 said in AzureAD and shares:

                      Here is an example from the FFIEC Cybersecurity Assesment Tool:
                      assessmentsnip.PNG
                      The more OSS you have, the lower your score will be.

                      I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                      But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                      Right, like I said I'm not defending them. Just trying to look at it from all angles.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @stacksofplates
                        last edited by

                        @stacksofplates said in AzureAD and shares:

                        @scottalanmiller said in AzureAD and shares:

                        @stacksofplates said in AzureAD and shares:

                        @brandon220 said in AzureAD and shares:

                        Here is an example from the FFIEC Cybersecurity Assesment Tool:
                        assessmentsnip.PNG
                        The more OSS you have, the lower your score will be.

                        I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                        But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                        Right, like I said I'm not defending them. Just trying to look at it from all angles.

                        What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                        stacksofplatesS 1 Reply Last reply Reply Quote 0
                        • stacksofplatesS
                          stacksofplates @scottalanmiller
                          last edited by

                          @scottalanmiller said in AzureAD and shares:

                          @stacksofplates said in AzureAD and shares:

                          @scottalanmiller said in AzureAD and shares:

                          @stacksofplates said in AzureAD and shares:

                          @brandon220 said in AzureAD and shares:

                          Here is an example from the FFIEC Cybersecurity Assesment Tool:
                          assessmentsnip.PNG
                          The more OSS you have, the lower your score will be.

                          I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                          But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                          Right, like I said I'm not defending them. Just trying to look at it from all angles.

                          What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                          Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                          I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @stacksofplates
                            last edited by

                            @stacksofplates said in AzureAD and shares:

                            @scottalanmiller said in AzureAD and shares:

                            @stacksofplates said in AzureAD and shares:

                            @scottalanmiller said in AzureAD and shares:

                            @stacksofplates said in AzureAD and shares:

                            @brandon220 said in AzureAD and shares:

                            Here is an example from the FFIEC Cybersecurity Assesment Tool:
                            assessmentsnip.PNG
                            The more OSS you have, the lower your score will be.

                            I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                            But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                            Right, like I said I'm not defending them. Just trying to look at it from all angles.

                            What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                            Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                            I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                            In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                            stacksofplatesS 1 Reply Last reply Reply Quote 0
                            • stacksofplatesS
                              stacksofplates @scottalanmiller
                              last edited by

                              @scottalanmiller said in AzureAD and shares:

                              @stacksofplates said in AzureAD and shares:

                              @scottalanmiller said in AzureAD and shares:

                              @stacksofplates said in AzureAD and shares:

                              @scottalanmiller said in AzureAD and shares:

                              @stacksofplates said in AzureAD and shares:

                              @brandon220 said in AzureAD and shares:

                              Here is an example from the FFIEC Cybersecurity Assesment Tool:
                              assessmentsnip.PNG
                              The more OSS you have, the lower your score will be.

                              I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                              But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                              Right, like I said I'm not defending them. Just trying to look at it from all angles.

                              What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                              Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                              I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                              In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                              In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @stacksofplates
                                last edited by

                                @stacksofplates said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @stacksofplates said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @stacksofplates said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @stacksofplates said in AzureAD and shares:

                                @brandon220 said in AzureAD and shares:

                                Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                assessmentsnip.PNG
                                The more OSS you have, the lower your score will be.

                                I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                                But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                                Right, like I said I'm not defending them. Just trying to look at it from all angles.

                                What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                                Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                                I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                                In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                                In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                                Yeah, although now we are talking product firms, not operations. The affect on operations is generally minimal.

                                stacksofplatesS 1 Reply Last reply Reply Quote 0
                                • stacksofplatesS
                                  stacksofplates @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in AzureAD and shares:

                                  @stacksofplates said in AzureAD and shares:

                                  @scottalanmiller said in AzureAD and shares:

                                  @stacksofplates said in AzureAD and shares:

                                  @scottalanmiller said in AzureAD and shares:

                                  @stacksofplates said in AzureAD and shares:

                                  @scottalanmiller said in AzureAD and shares:

                                  @stacksofplates said in AzureAD and shares:

                                  @brandon220 said in AzureAD and shares:

                                  Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                  assessmentsnip.PNG
                                  The more OSS you have, the lower your score will be.

                                  I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                                  But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                                  Right, like I said I'm not defending them. Just trying to look at it from all angles.

                                  What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                                  Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                                  I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                                  In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                                  In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                                  Yeah, although now we are talking product firms, not operations. The affect on operations is generally minimal.

                                  Yeah true, but that's similar with proprietary also, most people don't get caught. You still have to comply though. It can be a lot of work to ensure you're in compliance. Like when software decides to change licenses between versions.

                                  DashrenderD 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @stacksofplates
                                    last edited by

                                    @stacksofplates said in AzureAD and shares:

                                    @scottalanmiller said in AzureAD and shares:

                                    @stacksofplates said in AzureAD and shares:

                                    @scottalanmiller said in AzureAD and shares:

                                    @stacksofplates said in AzureAD and shares:

                                    @scottalanmiller said in AzureAD and shares:

                                    @stacksofplates said in AzureAD and shares:

                                    @scottalanmiller said in AzureAD and shares:

                                    @stacksofplates said in AzureAD and shares:

                                    @brandon220 said in AzureAD and shares:

                                    Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                    assessmentsnip.PNG
                                    The more OSS you have, the lower your score will be.

                                    I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                                    But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                                    Right, like I said I'm not defending them. Just trying to look at it from all angles.

                                    What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                                    Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                                    I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                                    In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                                    In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                                    Yeah, although now we are talking product firms, not operations. The affect on operations is generally minimal.

                                    Yeah true, but that's similar with proprietary also, most people don't get caught. You still have to comply though. It can be a lot of work to ensure you're in compliance. Like when software decides to change licenses between versions.

                                    Like java?

                                    stacksofplatesS scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • stacksofplatesS
                                      stacksofplates @Dashrender
                                      last edited by stacksofplates

                                      @Dashrender said in AzureAD and shares:

                                      @stacksofplates said in AzureAD and shares:

                                      @scottalanmiller said in AzureAD and shares:

                                      @stacksofplates said in AzureAD and shares:

                                      @scottalanmiller said in AzureAD and shares:

                                      @stacksofplates said in AzureAD and shares:

                                      @scottalanmiller said in AzureAD and shares:

                                      @stacksofplates said in AzureAD and shares:

                                      @scottalanmiller said in AzureAD and shares:

                                      @stacksofplates said in AzureAD and shares:

                                      @brandon220 said in AzureAD and shares:

                                      Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                      assessmentsnip.PNG
                                      The more OSS you have, the lower your score will be.

                                      I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                                      But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                                      Right, like I said I'm not defending them. Just trying to look at it from all angles.

                                      What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                                      Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                                      I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                                      In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                                      In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                                      Yeah, although now we are talking product firms, not operations. The affect on operations is generally minimal.

                                      Yeah true, but that's similar with proprietary also, most people don't get caught. You still have to comply though. It can be a lot of work to ensure you're in compliance. Like when software decides to change licenses between versions.

                                      Like java?

                                      Yeah that could be one. I was thinking more along the lines of changes like MongoDB, CockroachDB, Redis, etc. And even less obvious like when OwnCloud switched from GPL v2 to AGPL (before NextCloud came along). AGPL is quite a bit more open than GPL v2 is so you would need to be aware of any changes there.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • ObsolesceO
                                        Obsolesce @brandon220
                                        last edited by

                                        @brandon220

                                        https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share

                                        1 Reply Last reply Reply Quote 1
                                        • ObsolesceO
                                          Obsolesce
                                          last edited by

                                          @brandon220

                                          https://docs.microsoft.com/en-us/azure/storage/files/storage-sync-files-planning

                                          1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @Dashrender
                                            last edited by

                                            @Dashrender said in AzureAD and shares:

                                            @stacksofplates said in AzureAD and shares:

                                            @scottalanmiller said in AzureAD and shares:

                                            @stacksofplates said in AzureAD and shares:

                                            @scottalanmiller said in AzureAD and shares:

                                            @stacksofplates said in AzureAD and shares:

                                            @scottalanmiller said in AzureAD and shares:

                                            @stacksofplates said in AzureAD and shares:

                                            @scottalanmiller said in AzureAD and shares:

                                            @stacksofplates said in AzureAD and shares:

                                            @brandon220 said in AzureAD and shares:

                                            Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                            assessmentsnip.PNG
                                            The more OSS you have, the lower your score will be.

                                            I'm not defending or even sure this is what they are talking about, but they may be looking at the risk of the licensing. It can be tough to keep track of all of the licensing of open source tools and making sure you comply with them.

                                            But, honestly, not nearly as hard as the risks of anything else. And "can be" should never be a legitimate factor. ONce we go down that path, we could list unrealistic risks for forever.

                                            Right, like I said I'm not defending them. Just trying to look at it from all angles.

                                            What people never consider is that closed source licensing COULD still require in the EULA that you comply with GPL of your own code simply by using the closed source product 🙂 Cloud source EULAs can pretty much carry any risk imaginable. They don't, but they could.

                                            Yeah definitely true. I don't like closed source at all. I mean if I need the tool I'll buy it but I'd rather use a open source tool.

                                            I've seen a lot of people thought that think they can just do whatever since it's open source and it doesn't matter. AGPL is pretty strict and there's a lot of popular tools written with that license.

                                            In most cases, it's people thinking that they can just use the code without following the license. Technically, a far bigger risk with closed source under the same conditions.

                                            In general yeah, but the GPL police are fierce. I work with a guy who's old company was going to be sued for not including the simple configs they wrote along with the distribution.

                                            Yeah, although now we are talking product firms, not operations. The affect on operations is generally minimal.

                                            Yeah true, but that's similar with proprietary also, most people don't get caught. You still have to comply though. It can be a lot of work to ensure you're in compliance. Like when software decides to change licenses between versions.

                                            Like java?

                                            Well that's an example of license compliance where proprietary makes IT make mistakes easily. But totally different than the open source risk, which is a risk to developers who try to "steal code" rather than IT trying to "deploy without checking the EULA".

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 4 / 7
                                            • First post
                                              Last post