October 2014
M T W T F S S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Archives

Categories

Network Security, part II

With the spate of ransomware and crypto virus attacks on automation systems, perhaps a quick review of network security is in order:

  1. Isolate the automation system on a separate network from the general office network and do not allow internet access on the automation system’s work stations or servers.
  2. Use a separate switch for all automation network connections.
  3. install a small router between the automation network and the office network.  On the router, the WAN port faces outward toward the office network, make the WAN port non-pingable.  Grant access from the office network for certain users; e.g. traffic, music director, etc via access lists.  Open up a few ports for VNC or RDP on the router so technicians can remotely access machines to do maintenance and troubleshooting.
  4. Use supported and up to date operating systems.
  5. Use separate admin and user accounts, make sure that admin rights are removed from user accounts and keep machines logged in as users.  This ensures that some errant DJ or other person does not install any unauthorized programs.
  6. Install and keep up to date a good antivirus program.
  7. Back up the data and test the backups.

The office network is more vulnerable because of the human element.  Internet access is require, of course.  Click on a pop up, sure!  Hey, that photograph has a funny file extension, lets open it and see what it is.  I never heard of this person before, but look, they sent me an executable!

Much of the office network security will rely on the quality of the router connected to the internet and the antivirus software installed.  Of course, the network users have a good deal of responsibility also.

Be Sociable, Share!

6 comments to Network Security, part II

  • Thank you Paul for the reminder! This newbie needs all the help he can get 🙂

  • Would you call TeamViewer as secure as VNC/RDP? That’s my remote access at the moment… and because I am running an internet station, my automation by default is connected to the Internet (though through a hardware option, not software encoder).

  • Lorne

    In addition to backups (most folks think of backups as the data and such) – I’d recommend having an image of the boot and software partitions of each computer in the automation system. If you’re looking for an open-source system to do this, have a look at setting up a FOG server. Otherwise there are other imaging options out there. Then in the event that automation system does get compromised to the point of a full reinstall, you’ve got a base image with software to start from, then it is a matter of restoring the data from the backup.

  • Chuck Gennaro

    The weak point is probably the production machine in a lot of setups as it needs to access email, web and FTP sites AND be able to talk to the on-air servers.
    I haven’t come up with a 100% solution for that one yet.
    Minimal permissions, \\unc\ to the on-air machines instead of mapped drives and several fingers crossed….

  • bill frahm

    Get rid of any log-in drive mapping to the automation.

  • RCN

    Useful list – I’d add use linux computers/servers wherever you can – but automation/traffic/scheduling are Windows world.

Axiom


A pessimist sees the glass as half empty. An optimist sees the glass as half full. The engineer sees the glass as twice the size it needs to be.

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
~1st amendment to the United States Constitution

Any society that would give up a little liberty to gain a little security will deserve neither and lose both.
~Benjamin Franklin

The individual has always had to struggle to keep from being overwhelmed by the tribe. To be your own man is hard business. If you try it, you will be lonely often, and sometimes frightened. But no price is too high to pay for the privilege of owning yourself.
~Rudyard Kipling

Everyone has the right to freedom of opinion and expression; this right includes the freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers
~Universal Declaration Of Human Rights, Article 19

...radio was discovered, and not invented, and that these frequencies and principles were always in existence long before man was aware of them. Therefore, no one owns them. They are there as free as sunlight, which is a higher frequency form of the same energy.
~Alan Weiner

Free counters!