Today there will be a quiz. Ready? Look at this picture and see if you can spot the problem:
Problem with Harris SX2.5A transmitter
If you said “Hey, that green wire seems a little odd; it disappears behind the heat sink next to that screw then reappears again at the top,” you are correct. What really sucks is the green wire is the transmitter off connection to the remote control. So, when the PA board was secured to the heat sink, the wire was trapped between the board and the heat sink. Since the components were cold, they did not pinch through the insulation right away, no. Rather, after the transmitter ran for several hours at full power, it got hot enough to displace the wire insulation and cause a short. Doh! The transmitter is off and it won’t come back on!
This is a picture of the wire after it was removed:
Pinched wire
Haste makes waste. Unfortunately, it was someone else’s haste that ruined my Saturday afternoon when I was supposed to be taking my son to little league practice. I am sure that some not-so-kind words will be exchanged very soon.
Most broadcast facilities have an engineering department or service and an IT department or service which are separate. There is often a fuzzy line between what machines belong strictly to engineering and what belongs to IT. There are several different systems that have network interfaces but are not generally considered computers and fall squarely in the engineering department. These include such equipment as transmitters, satellite receivers, EAS machines, IP-based audio routers and audio consoles, and IP audio CODECS. In many cases, windows based automation systems and servers also fall under the responsibility of the engineering department.
As the recent incidents of network intrusions into vulnerable EAS machines show, after installation, steps must be taken to secure networked equipment from malicious or accidental intrusions. The aforementioned EAS intrusion was bad but it could have been much worse.
Anything with a network interface can be exploited either internally or externally and either by purpose or accident. The threat plan looks like this:
Computer network intrusion plain
Every unauthorized network access incident falls somewhere on this plain. An unauthorized network intrusion can be as simple as somebody using the wrong computer and gaining access to back-end equipment. It can also be the hacker or cracker from a foreign country attempting to breach a firewall.
Basic network security falls into these categories:
Physical security of machine or server room
Security against internal accidental or malicious use
Security against external intrusion
Protection against malicious software exploitation
The first category is the easiest to understand. Physical security means securing the server room through locking doors and preventing crawl-over/under entries. Security cameras and monitoring are also a part of physical security. Something that is often neglected is extended networks that bridge to transmitter sites. Non-maned off site facilities that have network access are vulnerable points if multiple clients or tower tenants have access to the same room. Locked equipment racks and video cameras are two ways to secure non-maned transmitter sites. Also, when using good quality, managed switches at transmitter sites, switch port security features can be enabled, and unused switch ports shut down.
Accidental or malicious internal intrusions can be reduced or eliminated with proper password policies. The first and most important password policy is to always change the default password. There are lists of default routers and switch passwords available online. The default passwords for EAS machines and other equipment is published in owner’s manuals and most broadcast engineers know them by heart. Always change the default password, if you do nothing else, do this.
Other password policies include such things as minimum password length, requiring special characters, numbers and both upper and lower case letters. Even taking those steps, passwords are still vulnerable to dictionary attacks. To prevent a dictionary attack, the login attempts should be limited to five or so with a thirty minute freeze out after the attempt limit is reached.
External intrusion can come from a number of different sources. Unsecured WIFI is the easiest way to gain access to a network. Always secure WIFI with WPA or WPA2 AES encrypted pre-shared key. This will keep all but the most determined intruders out. Other external threats can come from man in the middle attacks. IP bridges and WIFI must always be encrypted.
External attacks can also come over the wired network. Most small routers have default network and password settings. I have started moving away from using 192.168 internal networks. Router firewalls and personal software firewalls are effective but not foolproof. Software updates need to be performed regularly to be effective. One recently discovered exploit is UPnP, which is enabled on many home and small office routers. UPnP (Universal Plug-n-Play) SSDP (Simple Service Discovery Protocol) can be exploited of exposed to the public network side of the router. ShieldsUP! by Gibson Research Corporation is a good evaluation tool for router exploits, leaks and phone homes. They also have links to podcasts and youtube videos.
Disabling unused features on routers is a good security policy. Features such as DHCP, DNS, SNMP, CDP, HTTP server, FTP server etc are all vulnerable to exploitation of one form or another. Turning off those protocols that are not in use will eliminate at least a portion of those threats.
Finally, worms, bots, viruses and other malicious software can come from anywhere. Even reputable websites now have drive-bys in linked advertizing banners. Non-windows operating systems are less vulnerable to such programs, but not immune. All windows machines and servers that are in anyway connected to the internet need to have updated antivirus software. Keyloggers can steal passwords and send them to bad places where people have nefarious intent.
There are entire books, standards and upper level classes taught on network security. This less than 1,000 word article barely brushes the surface, as the titles says, these are but a few very basic ways to implement a security policy. It is important for technical managers and engineers to learn about, understand and implement security policies in broadcast facilities or suffer the consequences of complacency.
Radio Caroline went on the air forty-nine years ago this weekend, broadcasting from the MV Caroline off the coast of England. Why is this important? Before offshore broadcasting was attempted, in Europe the only radio stations (and TV) were government owned. As such, they had a monopoly over the airwaves and were very restrictive on which groups or types of music they allowed to be broadcast. Many of the so-called “British Invasion” groups like The Beatles, Rolling Stones, The Who, The Kinks, etc got their first airplay on offshore radio stations like Radio Caroline or Radio London.
This video “Radio Caroline – A Day in the Life,” shows what it was like to be an offshore broadcaster:
By the haircuts and music, that appears to be sometime in the eighties.
Check out the Radio Caroline website for more information. From 1983 onward, Radio Caroline was broadcast from the MV Ross Revenge. This is an overview of the Ross Revenge transmitter hold. The movie “Pirate Radio” is loosely (very loosely, by most accounts) based on Radio Caroline/Radio London composite.
Radio London was one of the other well-known offshore radio ships.
I am sure that there are other tribute sites with lots of technical information on how they broadcast. Much of offshore radio was outlawed in the late 1960s by several European countries. Radio London signed off on August 14, 1967. Radio Caroline continued on in various iterations until about 1991 or so.
WBCQ is airing a radio ships special on Sunday, March 31, 2013, at 5,110 KHz starting at 6 pm Eastern daylight time (2200 UTC).
