internet – Page 3 – Engineering Radio

Very basic network security for Broadcast Engineers

Most broadcast facilities have an engineering department or service and an IT department or service which are separate. There is often a fuzzy line between what machines belong strictly to engineering and what belongs to IT. There are several different systems that have network interfaces but are not generally considered computers and fall squarely in the engineering department. These include such equipment as transmitters, satellite receivers, EAS machines, IP-based audio routers and audio consoles, and IP audio CODECS. In many cases, windows based automation systems and servers also fall under the responsibility of the engineering department.

As the recent incidents of network intrusions into vulnerable EAS machines show, after installation, steps must be taken to secure networked equipment from malicious or accidental intrusions. The aforementioned EAS intrusion was bad but it could have been much worse.

Anything with a network interface can be exploited either internally or externally and either by purpose or accident. The threat plan looks like this:

Every unauthorized network access incident falls somewhere on this plain. An unauthorized network intrusion can be as simple as somebody using the wrong computer and gaining access to back-end equipment. It can also be the hacker or cracker from a foreign country attempting to breach a firewall.

Basic network security falls into these categories:

Physical security of machine or server room
Security against internal accidental or malicious use
Security against external intrusion
Protection against malicious software exploitation

The first category is the easiest to understand. Physical security means securing the server room through locking doors and preventing crawl-over/under entries. Security cameras and monitoring are also a part of physical security. Something that is often neglected is extended networks that bridge to transmitter sites. Non-maned off site facilities that have network access are vulnerable points if multiple clients or tower tenants have access to the same room. Locked equipment racks and video cameras are two ways to secure non-maned transmitter sites. Also, when using good quality, managed switches at transmitter sites, switch port security features can be enabled, and unused switch ports shut down.

Accidental or malicious internal intrusions can be reduced or eliminated with proper password policies. The first and most important password policy is to always change the default password. There are lists of default routers and switch passwords available online. The default passwords for EAS machines and other equipment is published in owner’s manuals and most broadcast engineers know them by heart. Always change the default password, if you do nothing else, do this.

Other password policies include such things as minimum password length, requiring special characters, numbers and both upper and lower case letters. Even taking those steps, passwords are still vulnerable to dictionary attacks. To prevent a dictionary attack, the login attempts should be limited to five or so with a thirty minute freeze out after the attempt limit is reached.

External intrusion can come from a number of different sources. Unsecured WIFI is the easiest way to gain access to a network. Always secure WIFI with WPA or WPA2 AES encrypted pre-shared key. This will keep all but the most determined intruders out. Other external threats can come from man in the middle attacks. IP bridges and WIFI must always be encrypted.

External attacks can also come over the wired network. Most small routers have default network and password settings. I have started moving away from using 192.168 internal networks. Router firewalls and personal software firewalls are effective but not foolproof. Software updates need to be performed regularly to be effective. One recently discovered exploit is UPnP, which is enabled on many home and small office routers. UPnP (Universal Plug-n-Play) SSDP (Simple Service Discovery Protocol) can be exploited of exposed to the public network side of the router. ShieldsUP! by Gibson Research Corporation is a good evaluation tool for router exploits, leaks and phone homes. They also have links to podcasts and youtube videos.

Disabling unused features on routers is a good security policy. Features such as DHCP, DNS, SNMP, CDP, HTTP server, FTP server etc are all vulnerable to exploitation of one form or another. Turning off those protocols that are not in use will eliminate at least a portion of those threats.

Finally, worms, bots, viruses and other malicious software can come from anywhere. Even reputable websites now have drive-bys in linked advertizing banners. Non-windows operating systems are less vulnerable to such programs, but not immune. All windows machines and servers that are in anyway connected to the internet need to have updated antivirus software. Keyloggers can steal passwords and send them to bad places where people have nefarious intent.

There are entire books, standards and upper level classes taught on network security. This less than 1,000 word article barely brushes the surface, as the titles says, these are but a few very basic ways to implement a security policy. It is important for technical managers and engineers to learn about, understand and implement security policies in broadcast facilities or suffer the consequences of complacency.

Undersea Cable Map

With the advent of fiber optic cables starting in the 1980s, the majority (one estimate says 99%) of this country’s overseas communications are carried by undersea cables. These are interesting system constructions, being first redundant and second, self-healing. Glass fiber stands themselves are fairly fragile. Bundling several together and then sinking them in the ocean can create mixed results. Deep ocean bottoms are often very rugged, containing mountains, canyons, and fault lines. Thus the submarine cables used have to be pretty rugged.

There is a common misconception that fiber optic cables do not need repeaters. That is not true, while they do not need as many repeaters as copper cable, repeaters are still required approximately every 40-90 miles (70-150 km) depending on the cable type. These active devices are another failure point. Overall, it is a complex system.

Submarine Fiber Optic Cable cross section — Submarine Fiber Optic Cable cross-section, courtesy of Wikipedia

Cross-section of a submarine fiber optic communications cable:

1. Polyethylene
2. Mylar tape
3. Stranded metal (steel) wires
4. Aluminum water barrier
5. Polycarbonate
6. Copper or aluminum tube
7. Petroleum jelly
8. Optical fibers

It weighs about 7 pounds per foot, which is pretty hefty.

There are a couple of interactive maps online that have detailed information about where these cables go, date in service, and data capacity. My favorite is Greg’s Cable Map which is a Google map with cable data overlayed with a downloadable KML file:

This shows a new cable called the “Emerald Express” which is going into service in 2013. Throughput is reported as 60 Tbps, which is moving right along. As noted on the map, this is more of a schematic diagram connecting two shore side points. The path the cable takes is an estimate and the actual geographical location may (is likely to) be different. Click on any line on the map for cable information. Most cables have their own web page and Wikipedia article.

Another undersea cable map is the Telegeography Submarine Cable Map, which has many of the same features noted above:

China US submarine Cable network diagram

Just in case you were wondering, as I often do, how a TCP/IP connection is being routed to any given place. For fun, I tried a trace route to a known server on Guam and found the results interesting:

Approximately 231 ms round trip route from NYC to LA to Guam and back, which is over 8,000 miles (12,850 km). A few of the intermediate routers did not answer and I tried this several different times; the same routers time out. This missing information looks to be small steps, not large ones. So, which cable goes directly from LA to Guam? Possibly the China-US Cable Network (CHUS) (picture above). At 2.2 Tbps and landing at San Luis Obispo, that is the likely candidate for the cable that carried my data.

As a general exercise, it is kind of fun, although it may be harder to figure out a particular route to say London or Berlin because there are many more different possibilities.

Route latency is something to keep in mind when planing out AOIP connections for remotes and other interactive type connections between studio and remote location. Almost nothing is worse than that half second delay when trying to take phone calls or banter back and forth with the traffic reporter.

h/t: jf

The neighborhood Mesh Network

Wireless IP Ethernet (802.11) technology has been around for a while. Many know it as “WIFI” but you could also call it “WLAN” or something similar. Like many other Ethernet technologies, WLAN relies on a spoke and hub connection system. The hub is the wireless access point or router and the individual hosts (PCs, tablets, phones, etc) are the end point for each connection. In a wired network, it is usually some type of switch that forms the center of the network data distribution system.

With a wireless mesh network or ad hoc network (802.11s), each wireless device can connect to any other wireless device within range. In this type of peer-to-peer network, there is no central access point, although something can act as an internet gateway or there can be several gateways. This type of topology functions much like the public network (AKA the internet), where there are many different paths to anyone (major) destination. If any one of those paths goes down, another route is quickly found.

This technology was developed by several vendors for military communications systems and for OLPC (One Laptop Per Child) programs in Africa and other places. Each link acts to extend the boundaries of the network, thus the more users there are, the more useful the network becomes.

Advantages of mesh networking:

Networks are self-forming; once the nodes are configured and can see other network nodes, the network automatically forms
Networks are self-healing; if one node drops offline, traffic is automatically routed to other nodes. If the node comes back up, it is included back into the network
High fault tolerance; in areas where many nodes exist and can see each other, the failure of any single node does not affect the rest of the network
Low cost to deploy; mesh networks use standard off-the-shelf WLAN (802.11) devices. The choice of software will dictate which hardware will work the best
Crowd-sourced infrastructure; as each network node is owned by an individual, the cost and responsibility is shared among the community

Several specific routing protocols have been developed for the network side of the system. Hazy Sighted Link State Routing Protocol (HSLS), BATMAN, OLSR HWMP and others. These work well with the existing 802.11 a/b/g wireless network hardware currently available.

On the host side, a good IBSS-capable wireless network adapter is needed, which many of the newer ones are. Several of the software programs have lists of WLAN adapters that work with their software. Open Garden is a free App for Windows, Mac OSX, and Android, and they are working on an iOS version. This leaves out certain devices like tablets and iPhones for now.

Since existing wireless adapter drivers do not yet support mesh networking, usually an additional piece of software is needed. There are several interesting ones, including HSMM-MESH, which was developed by Amateur Radio operators. Open-source programs for Linux, Free BSD and other are available as well as commercial versions for Windows.

I was thinking that this might be useful for broadcast applications. For obvious reasons, this type of system would work best in densely populated urban and suburban areas, which is exactly the type of area in which LPFM licenses might be hard to come by. For those who do not have the time or wherewithal to apply for an LPFM license, or for those that simply don’t get a license due to scarcity of available channels, this could be a great way to cover a neighborhood or section of a city. The more people participate in the mesh network, the stronger the network becomes. Additionally, by using FCC type accepted part 15 FM and AM transmitters as broadcast nodes, carrier current transmitters, and leaky coax systems, the presence of the mesh network can be advertized to potential listeners, including directions on how to take part.

Wireless mesh network example, courtesy of Meraka Institute

Wireless LAN bridges or broadband internet connections can act as a backbone between distant nodes.

For bandwidth efficiency sake, AOIP services should be limited to multicast addresses.

A good site with more wireless mesh network information is http://wirelessafrica.meraka.org.za/

Two subreddits on the subject: /r/meshnet and /r/darknetplan

Then there is project meshnet and the project meshnet wiki

Oh, by the way, go ahead and ask me what I have been learning about in school these days…

Cost of Starting a LPFM vs Cost of Internet Streaming

I have been watching the LPFM proceedings with some interest. The FCC has not exactly promised to have a filing window by the end of 2012 but indicates that it might try to do that. In comparison to such evolutions in the past, this is moving pretty fast. Those that want an LPFM station need to start planning now. As in previous LPFM windows, the availability is for non-profit organizations only. This does not mean all hope is lost; NPR stations are all non-profits and most of them are very successful.

One of the biggest questions is: How much will it cost? Like all things, it varies greatly. If I were to put an LPFM or internet radio station on the air, there would be certain minimums, such as the use of professional audio equipment, a new antenna, and some type of redundancy.

Generally speaking, radio stations and internet stations both need some type of office/studio space. This can range from large and opulent to a closet. The costs for these would depend on the type and quantity of equipment installed, whether the equipment is new or used, the building, the area, etc. Those facilities also have monthly reoccurring costs such as rent, electricity, telephone service, internet service, etc.

Since internet radio stations and traditional terrestrial over-the-air radio would use the same type of studio equipment, those costs will be similar. Here is a breakdown of the studio equipment:

Nomenclature	Cost new (USD)	Cost used (USD)	Comments
12 Channel professional audio console	$6,000.00	$2,500.00	Used for call-in/on air
Studio Furniture	$5,500.00	$1,000.00	Can also be fabricated locally
Microphones, RE-20 or SM-7B	$250-350	$100-150	Per unit, several required
Monitor Amp	$250.00	$100.00	Can also use consumer version
Monitor speakers	$500.00	$200.00	Can also use consumer version
CD Player	$500.00	$200.00	Professional unit with balanced outs
Computer w/ professional sound card	$1,500.00	$500.00	For automation and sound file storage
Computer, general use	$700.00	$300.00	General information web browsing
Computer, Streaming w/sound card	$900.00	$400.00	Sound card should be good quality
Studio Telephone system	$1,900.00	$300.00	Used for call in/on air
Barix remote box	$240.00 (x2)	N/A	Used for IP remote broadcasts
Comrex Matrix POTS codec	$3,200.00	$700.00	Used for telephone line remote broadcasts
Misc wiring, hardware, ect	$1,000.00	$800.00	Connectors, mic booms, wire, etc
Total	$21,780.00	$7,930.00

Some equipment is not available used such as Barix boxes. Of course, not all of this is required for a radio station, however, most local radio stations would want the capability to do remote broadcasts, take phone callers on the air, have multiple guests in the studio, etc.

For a traditional LPFM station, the transmitting equipment would entail:

Nomenclature	Cost New (USD)	Cost Used (USD)	Comments
300 watt transmitter and exciter	4,400.00	2,000.00	Smaller transmitters with higher gain antennas can also be used
2 Bay ½ wave spaced antenna	$1,900.00	$700.00
125 feet ½ inch coax	$350.00	N/A
100 foot guyed tower and installation	$4,000.00	$3,500.00	Not needed if station is on tall building or leased site
STL; IP radio w/ barix boxes	$850.00		In lieu of standard 950 MHz STL
STL standard 950 MHZ	$6,500.00	$3,500.00	Used in lieu of IP STL
STL antennas, transmission line	$2,500.00	$1,500.00
FM Processor	$10,000.00	$1,200.00	Can also use software such as Breakaway Broadcast
Misc connectors, grounding kits, etc	$1,100.00	N/A
EAS unit	$1,900.00	N/A	Fully operational CAP compliant
Processing software, Breakway broadcast	$200.00	N/A	In lieu of standard FM processor
Total	$12-24K	$8-12K

This is a generic station, most will be somewhat different due to antenna supporting structures, transmitter powers and antenna types. For the best possible signal, a circularly polarized antenna should be used. A two bay, 1/2 wave spaced antenna will give the maximum signal density, while minimizing downward and upward radiation. The upward radiation is simply wasted energy, as no one in space is listening to FM radio. The downward radiation reduction is key if located in congested areas.

For internet radio station, the following would be required:

Nomenclature	Cost New IUSD)	Cost Used (USD)	Comments
Streaming Server	2,100.00	1,100.00	Includes professional sound card
Audio processing software	200.00	N/A	Recommend software such as Breakaway Broadcast
Audio Processing, outboard hardware	650.00	400.00	In lieu of software
Audio Streaming aggregator	1,200 to 2,400	N/A	Annually

While LPFM’s are much more expensive than internet only stations, LPFM’s have the advantage of built in marketing, which is the on air signal. If it is broadcasting on the air, word will get out. On the internet, some other type of marketing will be needed to spread the word. Also, LPFM’s should also be streaming, which would incur the same costs above.

The long and short of it is, to put a technically viable LPFM on the air is not an inexpensive proposition. It is worth the effort, however, because the advantages of an LPFM over an internet only station are great.