Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Cloud The Internet

Cloudflare Offers 'Isolated' Cloud-Based Browser, Plus a Network-as-a-Service Solution (techradar.com) 52

Cloudflare has released the beta of its new "browser isolation" service, which runs a web browser in the cloud, reports TechRadar. As more and more computing is done inside a browser as opposed to on a system itself, many enterprise organizations have begun to deploy browser isolation services where the browser doesn't actually run on a user's computer. Instead the browser runs on a virtual machine inside a cloud provider's data center. This means that any threats from the browser will stay in that virtual machine and won't be able to infect a corporate laptop or move laterally across an organization's network...

Cloudflare Browser Isolation does thing a bit differently by sending the final output of a browser's web page rendering. As a result, the only thing every sent to a user's device is a package of draw commands to render the webpage and this also means that the company's new service will be compatible with any HTML5 compliant browser including Chrome, Safari, Edge and Firefox.

As Cloudflare has data centers in 200 cities around the world, its browser isolation service should be able to deliver a responsive web browsing experience regardless of where a user is located.

It's part of a larger push, since this week Cloudflare also released their network-as-a-service solution "Cloudflare One," which according to Cloudflare "protects and accelerates the performance of devices, applications, and entire networks to keep workforces secure." "After decades of building legacy corporate networks, organizations are left with clunky systems designed to protect their now empty offices. The only way to secure today's work-from-anywhere economy is to secure each individual employee, protecting their individual networks, devices, and access to business-critical applications," said Matthew Prince, CEO of Cloudflare... Companies have traditionally used a castle-and-moat approach to security, creating a barrier between the enterprise network and external threats. Now that applications have moved to the cloud, and more employees have moved outside of the office, that model is broken.

Employees are frustrated with the speed and experience of VPNs, and organizations want an alternative to the expensive patchwork of legacy solutions required to secure and connect corporate offices to each other and the internet. Today's new landscape requires a zero trust approach, where organizations do not automatically trust any requests to corporate data or resources, and instead, verify every attempt to connect to corporate systems before allowing them access... This unified solution enables fast and safe connections to workplace applications, allows teams to use an app without exposing it to the public internet, makes personal devices safe for business use, and works in any environment with any cloud provider.

This discussion has been archived. No new comments can be posted.

Cloudflare Offers 'Isolated' Cloud-Based Browser, Plus a Network-as-a-Service Solution

Comments Filter:
  • by CaptainDork ( 3678879 ) on Sunday October 18, 2020 @11:48AM (#60621784)

    ... the mainframe.

  • So back to a local terminal that just takes input and and displays output without any local data processing? Back to the model where you or or your department pays for every transaction / calculation you perform?
  • Try "isolation.site" for a safe way to preview a sketchy webpage. It basically renders a clickable image of the page and it seems pretty safe from what I can tell.

    • And - surprise surprise - it doesn't work if you don't run the equally sketchy isolation.site script, when it has zero reasons to run any scripts at all, by definition. Gee, I'm convinced. Sign me in!

  • by Anonymous Coward

    Yo dawg, I heard you like surfing the web, so I put a web surfer in the cloud so you could surf to the web server to surf the web.

  • Oh great (Score:5, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Sunday October 18, 2020 @12:34PM (#60621916)

    It's hard enough to avoid CloudFlare's ubiquitous surveillance and singlehanded control to access of large swathes of the internet (try to access websites from TOR, see what happens thanks to them). But now they want to host my browser too? Ah! I don't think so.

    Also, that how things were during the mainframe era. You know, back when we used to talk about the BOFH controlling the system. We were so happy to be finally be free of the BOFHs when the personal computer finally arrived. And now we're going right back to that - and worse, since the BOFHs of the 60s and 70s were choirboys compared to CloudFlare.

    What a sad, sad world. People never learn.

    • It's hard enough to avoid CloudFlare's ubiquitous surveillance and singlehanded control to access of large swathes of the internet (try to access websites from TOR, see what happens thanks to them). But now they want to host my browser too? Ah! I don't think so.

      Wait until Google buys Cloudflare ...

      • A buyout is unlikely. But I wouldn't be surprised one bit if they merged. And since the US has dropped the ball completely on monopolies, it might just happen for real.

    • Re:Oh great (Score:4, Insightful)

      by tlhIngan ( 30335 ) <slashdot&worf,net> on Monday October 19, 2020 @02:42AM (#60623838)

      It's hard enough to avoid CloudFlare's ubiquitous surveillance and singlehanded control to access of large swathes of the internet (try to access websites from TOR, see what happens thanks to them)

      Cloudflare is a content delivery network that provides DDoS isolation. They offer their services to many websites for a low price. They monitor where DDoS attacks come from and block and try to isolate legitimate traffic from it.

      You complain TOR users suffer - have you considered that TOR is (mis)used by other people? It doesn't take long for a new exit node to be abused and detected by Cloudflare and marked as an abusive IP. If you. as a legitimate user attempt to use the same exit node, are you supposed to be surprised when you're presented with lots of user tests to determine if your traffic is abusive or legitimate?

      It's the same reason why you can't run mailservers off a dynamic IP anymore - too many people abused them for spamming so mail servers started disallowing connections from them. When eople abuse TOR to launch their attacks, you'd expect CDNs to react - usually by just blocking the IP. Cloudflare just happens to know sometimes there are legitimate users too from those bad IPs and just makes them jump through a few hoops to ensure they're real traffic.

      Lots of services now classify IPs by reputation, and it turns out TOR and often VPN services get blacklisted because idiots use them for DDOS purposes.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Sunday October 18, 2020 @12:38PM (#60621928)
    Comment removed based on user account deletion
    • This looks to me like a great idea, if I could self-host it. Run the "cloud browser" on a VM and isolate the sites. I could do that with RDP or VNC right now, but they are not that great for audio and video.

      • Repeat after me:
        A VM is not a security solution.
        A VM is not a security solution.

        • Splitting email and other important stuff from random sites (either a VM or a physical server) would improve security, even if the "random site" server got encrypted. Just restore it from backup and continue.

          So, what CloudFlare is offering is interesting, jsut that I would like to not use someone else's computer for that.

          • by thogard ( 43403 )

            I would love to have a self hosted version of this thing. I use an old blackberry that lets me vpn all my traffic to my own server which I've been doing for years.

            This sort of thing should also allow the framework to lie to programs that won't run unless they have access to too much stuff. Who cares if and app insists on a GPS location, have a drop down box with some choices like a major city nearby.

            This might be the start of the return of phones that can be charged once a week or maybe even once a month.

      • Re: (Score:3, Informative)

        by Shades72 ( 6355170 )

        Then you should look at a project called: Apache Guacamole

        It helps you provide access to systems through RDP, VNC and SSH, only by using your web-browser. That software you can self host and can be managed by your web-browser as well..

        That leaves questions regarding access control. Such a feature is built-in, but you can also hook it up to Kerberos, RADIUS etc. Those access control systems can have 2FA or MFA features, so access to (company) resources is pretty secure.

        Oh yeah, Guacamole runs only on Linux.

        • This is interesting, though it would most likely have the same problems with video as the other RDP and VNC clients.

  • by bjwest ( 14070 ) on Sunday October 18, 2020 @12:47PM (#60621960)
    Is the idea of browsing on a free and open internet now a thing of the past? It seems Cloudflare is now the gateway everyone's forced to use and there is no way to opt out. I've been stopped cold with a message from Cloudflare telling me the site I tried to go to is not secure and there was no way to tell Cloudflare to fuck off and allow me access anyway. Who the fuck are they to tell me where I can and cannot go? Why are we giving one institution so much power over what we do and see?
    • I'm not doubting you but can you give examples of URLs that Cloudflare denied you access? I'd like to see the messages themselves.
      • I've seen it too.

        It is due to cloudflare obviously verifying it is the right site it's doing the caching for, since somebody is responsible for it or paying. Otherwise anyone could just run their site throuh cloudflare under any name.
        I figure you upload your TLS certificate to them, and it only accepts proxying data from a site with that certificate.

        And the reason the real URL is not visible, is because the site owner uses cloudflare for a reason! As in: DDOS protection. Its own servers would very likely no

  • Presumably Cloudflare would then have access to any sensitive data that is being displayed in the browser?
  • by Rick Schumann ( 4662797 ) on Sunday October 18, 2020 @12:55PM (#60621982) Journal

    For a mere $39.99 per month you can have all your computing and web browsing needs fulfilled -- and never have to touch a nasty old computer ever again!
    With Just Phone It In, you're 100% safe from hacking and phishing attacks, because you don't even need to own a computer! Just call our convenient toll-free number, and our helpful staff will do all that messy computing and web browsing for you, just tell them what you want done and voila, it's done in a flash -- and you never, ever need to even own a computer ever again!
    Just Phone It In is the newest concept in cloud-based computer-and-Internet-as-a-service, removing all risk and pesky costs of equipment ownership from you, the consumer. While your order is being processed you can go on about the more imporant parts of your day, secure in the knowledge that our skilled staff if taking care of all that messy complicated computer work on your behalf.

    o Personal web shopping
    o Banking and other financial business
    o Social media browsing and posting
    o Browsing YouTube cat videos (our highly trained staff will describe what they see in vivid full-color detail to you)
    o Even trolling-by-proxy on 4chan (extra hazard fee may apply)

    With Just Phone It In you'll be free to pursue all the more important things in your life and never have to worry about messy, pesky, complicated, annoying things like 'computers', 'operating systems', 'web browsers', or 'The Internet' ever again, and enjoy unprecedented reductions in your overall life-stress levels!

    We even offer business services! Call us at 800-PHONEIT for pricing information.

    Phone It In -- taking the power of computing away from your since 2020
    (Copyright 2020 Rick Schumann, all rights reserved, not a real service, </SATIRE>)

    • You kid, but a lot of people do effectively pay for this.
      • Re: (Score:2, Interesting)

        I used to think that most people were getting dumber not smarter over time. Then I thought that it was just the Intenet revealing that people were always dumb. Now, I think both things are true: they're getting dumber over time, and the Internet is showing us how dumb they actually are. Not so sure there's hope for the human species, and I'm not so sure we're worthy to survive anymore anyway. :-(
        • by gtall ( 79522 )

          It isn't just the internet, but that's made it worse. TV started trend of not reading. If all your information comes in small bites, you eventually lose the ability to concentrate for any long period of time. The result is people merely are first responders to whatever they hear or see. They immediately respond and then move on to the next nibblet.

          • TV started trend of not reading.

            As the Internet spreads out to the non-geek masses, it seems to become more and more like TV. Back in the day, you got on the Internet to look for something specific, and then you focused on that thing. A bit like going to the library for a book and reading it. When I think of social media, it seems that people prefer an endless curated stream of content, just like having the TV on all the time. And then there's streaming video, which is another huge waste of technology when compared to broadcast TV or P2P

      • That's a massive understatement.

        Most people do not even live their own lives anymore. They are in a permanent walking daze, just rattling down their routines, and having the opinions, wishes and choices they were told to have by the media.
        And they are /fine/ with that. They think /you/ are crazy for "putting up with all that hassle" ... e.g. of choosing your actual own words instead of autocorrect and "Did you mean ...?".

        Frankly, it's like an entirely different species. A swarm lifeform. A hivemind. "The le

    • That's what my wife has me for.

      She: *yells to the other room* "Hey, can you look up $x for me?"
      Me: "You're holding the damn phone in your hands *right now*!"

    • by jjbenz ( 581536 )
      That parody was hilarious. Luckily I'm alone at work today and nobody heard me bust out laughing.
  • We are already sharing everything with Google - let's make sure to share it all with Cloudflare as well.
  • by qzzpjs ( 1224510 ) on Sunday October 18, 2020 @01:41PM (#60622146)

    So, if the browser is running on their server, that means the HTTPS connection starts there and all your credit card numbers are going to be entered there for online shopping. I'd prefer to have those numbers encrypted before they left my PC.

    • by micheas ( 231635 )

      The only way I can actually see using this is if they make it available as a docker image I can run on my server platform.

      I can see startups in the healthcare space wanting to do this as a secure browsing environment until they get their own IT infrastructure built. But, with Cloudflare providing closer to 99.9% uptime compared to their "guaranteed" 100% uptime I wouldn't trust this to be even close to highly available, just an up more often than down service.

    • Yup, now in the name of security, your employer can easily read your encrypted e-mail, or whatever personal browsing you do at work, in much more granular detail.

      This is a divorce lawyer's dream!...oh, you said you were gone for a "business trip" on the 12th, but we can see from your e-mails in your burner account that you thought was encrypted, that you were actually meeting up with your ex girlfriend in a Ramada Inn, room 24b, to be specific...say goodbye to your dog, because your wife is getting full
  • by PPH ( 736903 ) on Sunday October 18, 2020 @02:46PM (#60622368)

    ... and thin clients live!

    [Diabolical laugh]

    • by dknj ( 441802 )

      they are just repackaging xpra for the masses. been remote browsing since 2016

  • I run my browser *in the browser*! [copy.sh]

    *exhales massive cloud*

  • Well, you use your web browser of course. The remote browser sends your browser "a package of draw commands to render the webpage" in various bleeding edge technologies like HTML and Javascript. Did they just re-brand the HTTP Proxy?
  • Won't this break a lot of pages that rely on user input for re-rendering?
  • So you enter all your usernames and password through their tool? And hope it's secure? And you trust everyone's data in your Enterprise with this?

    Also, how would a user download an attachment? Often, a user needs to retrieve files from their browser. That would negate most of the protections afforded by something like this.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...