ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    AzureAD and shares

    Scheduled Pinned Locked Moved IT Discussion
    137 Posts 9 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • brandon220B
      brandon220 @scottalanmiller
      last edited by

      @scottalanmiller said in AzureAD and shares:

      @brandon220 said in AzureAD and shares:

      I confirmed yesterday that they prefer to have files accessible on the LAN versus through a web client/webdav.

      WebDAV and LAN is the same thing to most people. Those aren't competing concepts. WebDAV and SMB shares are "the same thing." Both are "LAN mentality mapped drives." WebDAV works better over a WAN than SMB, but both are the same category of item, rather than alternatives.

      WebDav is painfully slow for me, especially when connected to Nextcloud from a Windows 10 machine. I've tested this with multiple NC servers and different W10 clients, and at different locations. Browsing files and folders is fine. Opening, losing, and saving things take way longer than it should.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • brandon220B
        brandon220 @scottalanmiller
        last edited by

        @scottalanmiller said in AzureAD and shares:

        @brandon220 said in AzureAD and shares:

        They are 100% a MS shop so I think a Linux server with samba shares may not make sense.

        Why? In what way would a Windows FS be superior?

        By this logic, no shop would ever use NAS, SAN, or things like BSD, because they are not the OS of the desktops. Or Mac because it can't be used as a server. There can be a case, in extreme circumstances, where homogeneity itself has some value, but it's so rare that it should generally be simply discounted.

        My logic here is: If the client wants to add a share on the MS server, they can easily do this themselves. If you throw samba in the mix, I feel they would struggle to understand why they are not using a MS server first, and then struggle to actually create a usable share in a system they know nothing about.

        If it were for me, it would be samba 100%. I have to "fight" people all the time who will argue to the death that they don't want a Linux server of any type, because it is "free" and "not secure". I know we talk about audits all the time here on ML. The auditors, especially in the financial sector, argue this all the time and try to penalize you for using FOSS tools.

        scottalanmillerS 3 Replies Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @brandon220
          last edited by

          @brandon220 said in AzureAD and shares:

          @scottalanmiller said in AzureAD and shares:

          @brandon220 said in AzureAD and shares:

          I confirmed yesterday that they prefer to have files accessible on the LAN versus through a web client/webdav.

          WebDAV and LAN is the same thing to most people. Those aren't competing concepts. WebDAV and SMB shares are "the same thing." Both are "LAN mentality mapped drives." WebDAV works better over a WAN than SMB, but both are the same category of item, rather than alternatives.

          WebDav is painfully slow for me, especially when connected to Nextcloud from a Windows 10 machine. I've tested this with multiple NC servers and different W10 clients, and at different locations. Browsing files and folders is fine. Opening, losing, and saving things take way longer than it should.

          WebDAV is slow, but SMB is slow compared to NFS 😉 But they are the same tech category, all of them. Some are fast, some medium, some slow, but not different kinds of things.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @brandon220
            last edited by

            @brandon220 said in AzureAD and shares:

            My logic here is: If the client wants to add a share on the MS server, they can easily do this themselves. If you throw samba in the mix, I feel they would struggle to understand why they are not using a MS server first, and then struggle to actually create a usable share in a system they know nothing about.

            That's good logic, but important to understand that it isn't being Windows or homogenous that makes that true, it's that Samba is a bit complex. EXCEPT, you can get Samba interfaces that are even easier than Windows, and so that same logic could dictate not using Windows.

            Also, if they don't 100% understand why they are or are not spending money on an MS server, they are not in any position to ever make these decisions and/or touch any server, Windows or otherwise. In fact, this completely makes Windows the worst option because it will empower them to do all kinds of bad things like break security or functionality.

            1 Reply Last reply Reply Quote 2
            • scottalanmillerS
              scottalanmiller @brandon220
              last edited by

              @brandon220 said in AzureAD and shares:

              The auditors, especially in the financial sector, argue this all the time and try to penalize you for using FOSS tools.

              No actual auditor, quite the opposite.

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @brandon220
                last edited by

                @brandon220 said in AzureAD and shares:

                If it were for me, it would be samba 100%. I have to "fight" people all the time who will argue to the death that they don't want a Linux server of any type, because it is "free" and "not secure".

                I feel like you have a really low opinion of these people, not technically, but as people. You think that they are capricious, illogical, and out to screw their business for emotional / personal reasons (e.g. willing to hurt the business without any concerns for what is good for it, just what sounds good to them personally.) I find that IT often feels this way about businesses, but once I speak to them, they were never like that. LIterally had this happen with a bank four days ago. I bet if you present the real reasons, they aren't running a bank and this crazy. It might feel that way, but I bet if presented with good logic and factors, they are probably way more sane and trying to do a good job than you think.

                brandon220B DashrenderD 2 Replies Last reply Reply Quote 0
                • brandon220B
                  brandon220
                  last edited by

                  Here is an example from the FFIEC Cybersecurity Assesment Tool:
                  assessmentsnip.PNG
                  The more OSS you have, the lower your score will be.

                  scottalanmillerS ObsolesceO stacksofplatesS 5 Replies Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @brandon220
                    last edited by

                    @brandon220 said in AzureAD and shares:

                    The more OSS you have, the lower your score will be.

                    Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                    brandon220B 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @brandon220
                      last edited by

                      @brandon220 said in AzureAD and shares:

                      The more OSS you have, the lower your score will be.

                      Remember, all SEC regulated banks are 100% core on OSS. All, 100%. No exceptions. And their security is a million times the needs, audits, and requirements of small banks and little financials. In the REAL financial world, better security means better scores.

                      Literally, I'd consider legal action here. As the IT adviser, you have a legal requirement to let them know that they are being scammed and have a legal requirement to take action.

                      brandon220B 1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @brandon220
                        last edited by

                        @brandon220 said in AzureAD and shares:

                        FFIEC Cybersecurity Assesment Tool

                        It is REALLY fishy that a government agency is trying to put small banks at risk and goes directly against requirements for the big institutions.

                        travisdh1T 1 Reply Last reply Reply Quote 0
                        • brandon220B
                          brandon220 @scottalanmiller
                          last edited by

                          @scottalanmiller said in AzureAD and shares:

                          @brandon220 said in AzureAD and shares:

                          The more OSS you have, the lower your score will be.

                          Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                          Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                          scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @brandon220
                            last edited by

                            @brandon220 said in AzureAD and shares:

                            @scottalanmiller said in AzureAD and shares:

                            @brandon220 said in AzureAD and shares:

                            The more OSS you have, the lower your score will be.

                            Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                            Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                            Right, so you have a criminal activity going on for personal gain. The bank needs to understand that the auditors are being paid to put them at risk, because that's how they get compensated. Doesn't change that it's illegal.

                            DashrenderD 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @brandon220
                              last edited by

                              @brandon220 said in AzureAD and shares:

                              It just justifies the money spent for the audit.

                              Not ot competent management, it would do the opposite. Only a real audit would justify the audit.

                              1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce @brandon220
                                last edited by

                                @brandon220 said in AzureAD and shares:

                                Here is an example from the FFIEC Cybersecurity Assesment Tool:
                                assessmentsnip.PNG
                                The more OSS you have, the lower your score will be.

                                To basically if there is any Linux / Unix in use, you get a bad score... Wtf.

                                brandon220B 1 Reply Last reply Reply Quote 0
                                • brandon220B
                                  brandon220 @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in AzureAD and shares:

                                  @brandon220 said in AzureAD and shares:

                                  The more OSS you have, the lower your score will be.

                                  Remember, all SEC regulated banks are 100% core on OSS. All, 100%. No exceptions. And their security is a million times the needs, audits, and requirements of small banks and little financials. In the REAL financial world, better security means better scores.

                                  Literally, I'd consider legal action here. As the IT adviser, you have a legal requirement to let them know that they are being scammed and have a legal requirement to take action.

                                  Exactly. Our main core is 100% Unix. Makes no sense how they come up with this stuff.

                                  1 Reply Last reply Reply Quote 0
                                  • brandon220B
                                    brandon220 @Obsolesce
                                    last edited by

                                    @Obsolesce Yes. Unbelievable.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @brandon220
                                      last edited by

                                      @brandon220 said in AzureAD and shares:

                                      @Obsolesce Yes. Unbelievable.

                                      Worse, is that someone pays and/or believes them. How could it come to that?

                                      ObsolesceO DashrenderD 2 Replies Last reply Reply Quote 0
                                      • brandon220B
                                        brandon220 @scottalanmiller
                                        last edited by

                                        @scottalanmiller As far as samba goes - if they could manage it with Cockpit or the likes, it would be an easy choice.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • ObsolesceO
                                          Obsolesce @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in AzureAD and shares:

                                          @brandon220 said in AzureAD and shares:

                                          @Obsolesce Yes. Unbelievable.

                                          Worse, is that someone pays and/or believes them. How could it come to that?

                                          Someone better call up Linus Torvalds and tell him his kernel isn't secure enough for financial institutions and so to do a better job.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 1
                                          • brandon220B
                                            brandon220
                                            last edited by

                                            That "tool" comes directly from https://www.ffiec.gov/ and it is apparently the "Gold Standard" that all financial institutions are graded by. It is a glorified Excel file with multiple tabs.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 2 / 7
                                            • First post
                                              Last post