IP security

Virus protection software properly installed and kept up to date is the first step in keeping a network safe. However, with almost all of a station's computers interconnected through IP networks, it's not that simple anymore.

Many people only think of protecting their own computer, while the network administrators must think on a larger scale. Making sure all the computer systems and network links are up and operational is their prime concern, and that starts with network security. Preventing viruses and other malware is the first line of defense.

Creating a security policy

A security policy is a list of priorities and rules that upper management has agreed upon as important to keep the station running. The policy should pinpoint what needs to be protected and what it would mean if those areas were compromised. It also outlines the ways in which these assets can be targeted, lists the most vulnerable areas and determines how they can be protected. Goals should be set to achieve the desired level of protection.

Back up your data

Backing up all important data and being sure it will really work if the need arises should be part of the policy. If all else fails, computers can be replaced, but data can't unless it's backed up. Off-site storage is best in case the building cannot be accessed, as a result of a fire or other natural disaster. For large backups, this means using data tapes or even Blu-ray Discs and then transporting them to a remote storage site.

The most current billing and chief engineer's files can be backed up with an online service that works in the background and continually updates as files change. Just make sure to have an off-site record of what online backup systems are in place.

Strategy follows policy

A strategy outlines how to meet the goals set out in the security policy. This includes defining the layout of the network, as well as who is responsible for adding new users and setting up their computers. One of the most important aspects is setting up the rules for any routers and other security software.

Because personnel that use the computer network play a major role in protecting it, an acceptable use statement should be created that outlines the need for security practices and the penalties for not following them.

A recent trend to gain access to a company's network is to leave a USB flash drive with the company's logo on it in the company parking lot for an employee to pick up. When he attempts to open a document on it, a malware program automatically runs.

Following through

One of the hardest things to do is to actually make sure all the policies are being carried out every day. Regular inspections and tests of the network are a necessity. It's also not a bad idea to have network security awareness reminders several times a year to help personnel keep in mind how important it is. (See Figure 1.)

Keeping it physically safe

Making sure the equipment is safe and secure is another aspect of network security. Are the doors to the network closets and front panels of the servers locked?

At one station, a wireless router that was kept in an unlocked room had its reset button pushed, which reverted it to its factory settings. This allowed anyone to log in and opened the station's network to anyone on the outside. There were no available rooms that locked, so the engineer moved the wireless router to another room and hid it under a plastic milk carton on the floor; he never had any more trouble with it.

Cutting it off

To ensure that critical data and systems are safe, cut off any mission-critical data from the Internet and isolate it from the rest of the network. This may not be possible in all cases, but reducing or limiting the avenues of access for viruses and other malware to reach valuable data and systems is always a good idea. Subnets can be used to allow some subnets to have Internet access and to block the same access to other subnets.

Conclusion

Network security is and will remain a hot topic for all businesses, and broadcast engineers need to learn these lessons, too. As broadcasting moves toward an all-IP infrastructure, keeping a station running will soon depend on ensuring its networks are up and its computer systems are free of malware.

Russell Brown is chief engineer at KMTP-TV in San Francisco and writer of Broadcast Engineering's “Transition to Digital” e-newsletter.

How tough is your password?

Recently more than 32 million passwords were stolen and posted on the Web, which allowed researchers to examine Web site users' password choices.

The findings were not good, because most people choose simple short words or numbers. Below is a list of the 20 most popular passwords in use.

Is your password on this list?

  1. 123456
  2. 12345
  3. 123456789
  4. password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
  11. nicole
  12. daniel
  13. babygirl
  14. monkey
  15. jessica
  16. lovey
  17. michael
  18. ashley
  19. 654321
  20. qwerty

Figure 1. Network users should be reminded to change their passwords multiple times a year.