John Merli /
08.04.2006 12:00 AM
Serving Up Cyber-Security
As digital technology advancements affecting all levels of a broadcast operation's infrastructure allow greater storage and faster, more sophisticated manipulation of proprietary content, so, too, do the consequences increase for any possible intrusion or corruption in the system. As servers become more malleable to software upgrades instead of replacement hardware, security, remote accessibility and other issues require constant scrutiny.
For broadcast shops, there is no realistic way to connect a server even indirectly to the outside world without at least some security concerns, according to analyst/author Wes Simpson, president of Telecom Product Consulting.
"There are many methods that offer very high security, but these methods depend on proper design and implementation," Simpson said.
"People, either users or administrators, are often the weakest links in any security system, so it is important to make sure that proper security policies are in place and that everyone adheres to them."
Simpson points to the number of recent identity theft cases outside broadcasting caused by people violating company policies by bringing laptops home containing masses of personal, sensitive data that were lost or stolen.
"Don't attach your server to a public network connection unless you absolutely have to," Simpson added. "And make sure you know about all the connections to your server -- such as if another PC on the same LAN as the server is connected to the public Internet. If so, then there is a potential connection between the server and the Internet. This is why some smart companies supply their employees with one PC for e-mail, Web browsing and so on, and another workstation that is used exclusively for video editing and production."
Tab Butler, director of broadcast sales for the Northeast Region at SeaChange International in Maynard, Mass., said broadcasters should make certain their server is highly scalable to support large amounts of SD and HD content, as well as to allow for future technical schemes that will continue to develop.
"It's important to employ servers that can support increased compression technology and that come with software-based architecture [for encoders and decoders] with an open system for storage," Butler said.
COMPRESSION FORMATS PROLIFERATE
One lingering issue between server vendors and clients continues to be content compatibility of files, according to Tim Slate, vice president of strategic marketing for Leitch Nexio Servers at Harris Corp. in Burbank, Calif.
"MXF is starting to make this possible, but there are still subtle issues to resolve, both with compression formats and metadata support," Slate said. "And not everyone is supporting the [MXF] standard yet."
Slate said vendors also are keeping an eye on the proliferation of new video compression formats such as MPEG-4, VC-1, JPEG 2000, HDCAM-SR, DVCPRO HD and DNX-HD.
"Server vendors are really forced to support all these standards in order to be viable suppliers; one positive aspect to this dilemma is that Harris is moving to software codecs in our Nexio XS server, which enables new formats to be added as they are formalized," Slate said, again underscoring the need for built-in flexibility that is more easily enabled by updating software, not replacing hardware.
Yet broadcasters have to be careful that all parties are speaking the same language, said James Frantzreb, senior manager of product marketing for at Avid. He cautions that the term "server" can describe a broad range of devices.
"For servers providing storage and I/O services for production, the ability to scale much higher in terms of storage and number-of-clients-served has made high availability and fault-tolerance even more important," Frantzreb said.
Servers for play-to-air systems, too, are better at meeting broadcasters' needs by moving rapidly from "box" to "integrated systems" solutions, Frantzreb said. Such systems can easily interface with production workflow involving other servers, as well as editors, graphics, archives and automation systems as integration becomes increasingly complex.
"It is increasingly important for vendors to provide solutions where information can flow seamlessly between applications, and do it securely," Frantzreb said.
Remote monitoring is a popular server-centric activity that also requires highly reliable security. According to Geoff Stedman, vice president of worldwide marketing at Omneon in Sunnyvale, Calif., remote monitoring by clients can be done safely with appropriate IT measures such as Firewalls and Virtual Private Networking. These techniques, he said, have been widely deployed to secure wide area networks and to connect enterprises of all sizes to the Internet.
"To allow remote administrators to monitor a server from the 'outside world,' a VPN should be used which encrypts all communications between the user outside the facility and the server inside the facility, to ensure no malicious third-party can intercept communications," Stedman said. "A VPN will also authenticate a remote user to ensure that only someone authorized to access a server inside a facility is allowed in."
One of Simpson's favorite remote-access tools is the RSA SecureID system, which gives the user a mobile hardware "token" that automatically generates a six-digit code that changes every few minutes.
"For users to gain access, they need to have both their own secret 'PIN' number and the number that is currently displayed on the token they carry with them. This is a hard system to break," said Simpson, who also likes some of the new biometric scanners (such as fingerprint readers) to verify user identity.
Microsoft, which owns the dominant Windows operating system, issued its newest server in June. According to a Microsoft spokesperson, the firm's ISA Server 2006 more aggressively addresses the growing prevalence of Web-based threats by providing Web access protection with a new "hybrid proxy-firewall architecture" -- along with deep content inspection, granular policies, and comprehensive alerting and monitoring capabilities. (Neither Apple nor Linux had responded yet to inquiries at our deadline.)
Omneon's Stedman suggests broadcasters make certain that any new server supports the standard IT network protocols (FTP, CIFS, AFP, NFS, etc.) and provides an open file system that can be mounted as a network drive to applications that need access to video-audio clips within the server. Also, he said look for servers that use industry standard "media wrapper" technology such as MXF or QuickTime to ensure that multiple applications can access clips without unnecessary transcoding.
"There is no security technology that is completely foolproof and that does not need to evolve over time as new threats emerge," Simpson concluded. "Make certain you have a plan to manage your security system -- and a budget to install and maintain it."