IP For Broadcast Engineers

1. IP for Broadcast Engineers Basic Security and IPv6 Kit Peters KMOS Channel 6 / KTBG 90.9 FM University of Central Missouri [email_address]

2. Why Security? - It's all computers nowadays <ul><ul><li>More and more, broadcast equipment is moving toward specialized software on commodity PC hardware </li></ul></ul><ul><ul><ul><li>These computers are running standard operating systems (Windows XP, Linux) </li></ul></ul></ul><ul><ul><ul><li>The vendor may not have "locked down" the OS appropriately </li></ul></ul></ul><ul><ul><ul><li>A particular piece of essential broadcast equipment might just be a PC running something like Winamp, or Burk's AutoPilot software </li></ul></ul></ul>

3. Why Security? - Protect vital equipment <ul><ul><li>Keep your equipment from going down at an inappropriate time </li></ul></ul><ul><ul><ul><li>Example: CE from KPLU in Tacoma, WA reports that he had a student put a Win2K box on the network for web stream encoding. There was no firewall in place protecting the box from the outside world. Within half an hour, the machine was running very slowly, and turned out to be “infected with half a dozen kinds of malware”. </li></ul></ul></ul><ul><ul><ul><li>Another station had its ContentDepot (NPR) storage receiver hacked within minutes of putting it on the campus network </li></ul></ul></ul>

4. Why Security? - Keep IT off your back! <ul><ul><li>We have enough to deal with during the work day (however long that might be) </li></ul></ul><ul><ul><li>If malware (i.e. software you don't want on your network for whatever reason) or viruses are on your network - or IT think that's the case - they will start to breathe down your neck quite heavily. </li></ul></ul><ul><ul><li>They might even decide to "fix" things their way, which could cause more problems with your equipment </li></ul></ul>

5. Why Security? - Keep control of your signal <ul><ul><li>Keep unauthorized people from messing with the settings of your equipment </li></ul></ul><ul><ul><ul><li>Your web stream goes from 128 kbps to 16 kbps </li></ul></ul></ul><ul><ul><ul><li>Your audio processor switches from "Rock" to "Talk" </li></ul></ul></ul><ul><ul><li>Keep people from stealing your bandwidth </li></ul></ul><ul><ul><ul><li>If you're using IP for an STL solution, and someone is hogging your bandwidth, your broadcast signal quality could rapidly drop </li></ul></ul></ul>

6. Where do attacks come from? <ul><ul><li>An attack could come from outside or inside your network </li></ul></ul><ul><ul><ul><li>A compromised computer - say someone who opened an email they ought not to have done </li></ul></ul></ul><ul><ul><ul><li>Someone looking to show off their cracking skills </li></ul></ul></ul><ul><ul><ul><li>Someone with a grudge against your station </li></ul></ul></ul><ul><ul><ul><li>Someone who is simply bored </li></ul></ul></ul>

7. Background: the OSI Model <ul><ul><li>Models networks from bare wire up to application </li></ul></ul><ul><ul><li>A series of layers, where each layer is a higher abstraction of what's going on </li></ul></ul><ul><ul><li>Each layer serves the one above it </li></ul></ul><ul><ul><li>"It's only a model" </li></ul></ul>

8. Background: OSI model layers <ul><ul><li>Physical: physical connection of hardware to the network. A cable in an Ethernet jack </li></ul></ul><ul><ul><li>Data Link: transferring data between devices connected to the network. A LAN. </li></ul></ul><ul><ul><li>Network: transferring data between networks. Two LANs connected via a router. IP. </li></ul></ul><ul><ul><li>Transport: Transferring data between end users. TCP, UDP. </li></ul></ul><ul><ul><li>Session: manages connections between applications. TCP fits in here as well. </li></ul></ul><ul><ul><li>Presentation: takes data from one application and presents it in a format the other understands </li></ul></ul><ul><ul><li>Application: the end user </li></ul></ul><ul><li>We're mostly concerned with Layer 3 </li></ul>

9. Background: IP packets <ul><ul><li>Packet </li></ul></ul><ul><ul><ul><li>A package full of data </li></ul></ul></ul><ul><ul><ul><li>Contents: </li></ul></ul></ul><ul><ul><ul><ul><li>Source address </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Destination address </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Other useful stuff (checksums and the like) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Data </li></ul></ul></ul></ul><ul><ul><ul><li>Small - the size varies, but tends to be between 576 and 1500 bytes </li></ul></ul></ul>

10. Background: IP addresses <ul><ul><li>An IP address uniquely identifies a device connected to an IP network </li></ul></ul><ul><ul><li>IP address must be unique on that network </li></ul></ul><ul><ul><li>If routeable (more on this later), should be globally unique </li></ul></ul><ul><ul><li>An integer </li></ul></ul><ul><ul><li>Formats: </li></ul></ul><ul><ul><ul><li>IPv4: 0-255.0-255.0-255.0-255 </li></ul></ul></ul><ul><ul><ul><ul><li>corresponds to a 32-bit integer from 0 - (2 32 - 1) </li></ul></ul></ul></ul><ul><ul><ul><li>IPv6: 8 groups of hexadecimal integers, 0 - FFFF, separated by colons </li></ul></ul></ul><ul><ul><ul><ul><li>corresponds to a 128-bit integer from 0 - (2 128 - 1) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Written, can be compressed a bit - two or more consecutive groups of zeroes may be represented by "::", and leading zeroes in a group may be omitted </li></ul></ul></ul></ul>

11. Background: IP Networks <ul><ul><li>A network is a collection of devices that share a logical wire </li></ul></ul><ul><ul><li>Identified by an IP address and subnet mask </li></ul></ul><ul><ul><li>The subnet mask defines how many IP addresses are on the network </li></ul></ul><ul><ul><li>A special type of address, the "broadcast" address, is used by a device to call out to all devices on the network at once. This is used to translate IP addresses (Layer 3) to physical (Layer 2, e.g. an Ethernet MAC address) addresses </li></ul></ul><ul><ul><li>Two networks can be connected by means of routing </li></ul></ul>

12. Background: IP routing <ul><ul><li>Routing is the process of allowing two distinct IP networks to talk to each other without putting them on the same logical wire. </li></ul></ul><ul><ul><li>A router is a device that is connected to multiple networks and knows which IP addresses are on each (by the IP / subnet mask combination) </li></ul></ul><ul><ul><li>Certain predefined ranges of IP addresses are "non-routeable". If a router sees a packet bound for an IP address in one of those ranges, it will drop that packet. This makes them useful for local networks that don’t need to be accessed from outside (the router ignores local traffic). </li></ul></ul>

13. Background: Protocols running on top of IP <ul><li>You may have heard of these... </li></ul><ul><ul><li>TCP </li></ul></ul><ul><ul><ul><li>Transmission Control Protocol </li></ul></ul></ul><ul><ul><ul><li>"Connected" - makes sure that a given packet reaches its destination </li></ul></ul></ul><ul><ul><li>UDP </li></ul></ul><ul><ul><ul><li>User Datagram Protocol </li></ul></ul></ul><ul><ul><ul><li>"Connectionless" - makes a "best effort" attempt to deliver packets, but doesn't confirm receipt </li></ul></ul></ul><ul><ul><li>Real-time broadcast IP protocols (e.g. RTP (audio over IP), SIP (Skype, Internet telephony)) run over UDP </li></ul></ul>

14. Background: Protocols running on top of IP (continued) <ul><ul><li>One thing TCP and UDP have in common: ports </li></ul></ul><ul><ul><ul><li>A port number is an integer from 0 - 65535 (2 16 - 1) </li></ul></ul></ul><ul><ul><ul><li>Allows several applications to "listen" to different ports on the same IP address </li></ul></ul></ul><ul><ul><ul><li>Without ports, each IP service would need its own IP address </li></ul></ul></ul>

15. Security best practices for IP based devices <ul><ul><li>For PC's, these are in addition to the stuff IT is always telling you to do </li></ul></ul><ul><ul><ul><li>Keep your virus scanner updated </li></ul></ul></ul><ul><ul><ul><li>Install security updates to your operating system as soon as they're released </li></ul></ul></ul><ul><ul><ul><li>Don't open attachments you're not expecting </li></ul></ul></ul><ul><ul><ul><li>Stay away from sketchy websites </li></ul></ul></ul><ul><ul><li>For specialized broadcast equipment, install software updates from the manufacturer as soon as practical </li></ul></ul><ul><ul><li>Maintain a "healthy paranoia" </li></ul></ul><ul><ul><li>Isolate networks where practical </li></ul></ul><ul><ul><li>Make liberal use of firewalls </li></ul></ul>

16. Security best practices: "Healthy Paranoia" <ul><ul><li>"An ounce of prevention is worth a pound of cure" </li></ul></ul><ul><ul><li>If you work under the assumption that someone, somewhere, is going to try and crack your network if they can, you won't get caught unawares when they do </li></ul></ul><ul><ul><li>Don't trust the vendor to make their device secure </li></ul></ul><ul><ul><li>Find a healthy balance between security and your business needs! </li></ul></ul>

17. Security best practices: isolated networks <ul><ul><li>Why isolate your network(s)? If a cracker can't get to your device, they can't mess with it </li></ul></ul><ul><ul><li>Use non-routeable IP addresses </li></ul></ul><ul><ul><li>Keep networks as small as practical - remember that you can have more than 16 million IP's (and that's IPv4) if you use non-routeable IP ranges </li></ul></ul><ul><ul><li>Don't connect two networks - physically or logically - unless you need to </li></ul></ul>

18. Security best practices: Firewalls <ul><ul><li>A firewall is a device that blocks access to devices behind it </li></ul></ul><ul><ul><li>If a device must be connected to the public Internet, put it behind a firewall </li></ul></ul><ul><ul><li>Only open those ports on the firewall that are strictly necessary </li></ul></ul><ul><ul><li>Use software firewalls (i.e. Windows Firewall, iptables) for individual computers </li></ul></ul><ul><ul><li>Use dedicated firewalls for networks </li></ul></ul>

19. IPv6: Threat or Menace? <ul><ul><li>It's not that bad! </li></ul></ul><ul><ul><li>IPv6 is the next version of IP </li></ul></ul><ul><ul><li>Provides for ~3.4 x 10 38 possible addresses vs 4.3 billion in IPv4 </li></ul></ul><ul><ul><li>Might actually happen soon </li></ul></ul><ul><ul><ul><li>The last blocks of IPv4 addresses were handed out in February </li></ul></ul></ul>

20. IPv6: Do I need to convert? <ul><ul><li>Do I need to convert? </li></ul></ul><ul><ul><ul><li>Only devices connected to the public Internet will need to convert </li></ul></ul></ul><ul><ul><ul><li>Until the conversion is complete, mechanisms will be in place to allow IPv4 hosts and IPv6 hosts to interconnect </li></ul></ul></ul><ul><ul><li>Is this somebody else's problem? </li></ul></ul><ul><ul><ul><li>This can probably be handled by your IT staff, but you should be aware of it in case this falls in your lap. </li></ul></ul></ul><ul><ul><ul><li>If you don’t have an IT staff, you can always hire a contractor. </li></ul></ul></ul>

IP For Broadcast Engineers

Esté a ler uma amostra.

Confira estes a seguir

IP For Broadcast Engineers

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Semelhante a IP For Broadcast Engineers (20)

Mais recentes (20)

IP For Broadcast Engineers