Understanding IP Networks - Security Prevention and Detection

In the last article we looked at Firewalls and their place in a broadcast network. In this article we continue the theme of looking at a network from a broadcast engineers’ point of view so they can better communicate with the IT department, and look at how IT engineers use detection and prevention systems.

Compromise has to be reached between keeping a system secure and keeping it usable. Removing the network connection from a computer or camera is a very easy way of making the network highly secure, this results in the devices not being able to either communicate or send signals to the outside world.

Thousands of Protocols

The opposite extreme is to assign every device with a public IP address and connect them to the internet. Clearly this would be highly insecure and render the station useless in a matter of minutes as every hacker in the world launched their attacks.

Broadcast engineers have been spoilt as video and audio transfer their signals in well-ordered predictable point to point distribution systems and we generally know where a signal is going and if somebody else is trying to use our link.

Proactive Managers

In the IT world nothing could be further from the truth. There are thousands of different protocols using IP networks, bandwidth allocation is random, users come and go as their wifi devices come into range and it’s difficult to know who is accessing what, where and when.

IPS and IDS can be used to stop illegal copying of copyright material

Firewalls go some way to help IT network engineers understand what is going on in their systems but rely on managers being proactive and knowing which protocols to block and pass. Intrusion prevention (IPS) and detection (IDS) systems provide more visibility on what’s going on and the tools to control access.

Be Careful of Jitter and Delay

IPS is similar to a Firewall in that it sits in-line with a network segment such as an internet connection. A datagram is received by its network interface card (NIC) and compared to a list of rules as to whether it should be passed or rejected.

IPS systems tend to work at a higher data level and will construct many datagrams to form a complete data access before applying their rules check. For example, when a server sends a web page back to a browser the server will break the page into many datagrams for transfer over TCP. An IPS will construct the whole page before applying its rules for analysis to detect exploits such as embedded viruses or restricted links.

Viruses and Trojans

As the IPS is in-line it must be extremely well resourced as it cannot afford to drop packets or cause too much jitter and delay, doing so will have an adverse effect on the rest of the network especially if we are distributing real time video and audio streams.

IPS separates its functionality from the Firewall as it tends to be policy based. Employment legislation has advanced in recent years to protect employees from the perils of the internet in the work place. If an unscrupulous employee is viewing inappropriate material on a work computer and the screen can be seen by other users, the employer could find themselves liable as it has allowed other employees to be subject to unacceptable and often illegal material.

Monitoring

In the interest of enabling higher efficiency some employers may block their staff from using social media sites, especially as they can be a source of embedded viruses and Trojans. IPS can be distributed within a network so certain departments can be treated differently than others. A sales department may use Facebook as a key tool for its operation, IPS can allow sales access but block the rest of the company.

IPS can be used to allow Facebook access to one business unit and not another

IPS can be used to allow Facebook access to one business unit and not another

IDS differs from IPS and Firewalls as it is a monitoring system and effectively takes a da’ed feed of the segment of the network being monitored. Highly resourced computers must be used so packets are not dropped and meaningful data is recorded. It’s very useful for fault diagnosis as it can be configured to receive and analyze traffic anywhere in the network.

Alarm Thresholds

IPS is good at blocking known exploits across a network as the devices can be updated on the fly when an exploit is made known to the network manager without having to change firewall policies.

One of the major challenges with IPS and IDS is the amount of false alarms (sometimes referred to as false positives) and log data they create. Tuning these systems and analyzing the logs is a highly specialized job and can easily soak up many hours of effort.

If alarm thresholds are too high then they become useless as data that should be blocked is not being detected or dealt with. If they’re too low then many false positives are created generating work for the IT team.

Film Distributors Worry

IPS, IDS and Firewalls are all used together to help fine tune each other. IDS will show if one area of a network has problems and IPS and Firewalls are used as control devices to remove them. As IPS and Firewalls seem to complement each other there has been a move to unify these two devices into one design providing the Unified Threat Management (UTM).

Fundamentally the rules of IPS and Firewalls are very different, IPS works by denying everything and providing rules to opt in whereas Firewalls work the opposite way by assuming all datagrams are passed and the configuration provides deny and drop rules.

Copyright

Film distributors worry about employees illegally copying their material, especially when they have pre-released the latest blockbuster to a broadcaster ahead of transmission. IDS can be used to detect if somebody is trying to download the film from the media asset library, and IPS and Firewalls can be used to control where the files are downloaded to and by whom, potentially restricting access to just the playout servers.

Anybody who may need access to the film, for example an editor who has to create a bumper, will need to raise a recorded request with the IT department to access the media. This may all sound a bit draconian but recent high profile security breaches have meant film producers are on the ball more than ever as far as illegal copying is concerned.

You might also like...

Making Remote Mainstream: Part 1 - Understanding The Benefits

Recent international events have overtaken normality causing us to take an even closer look at how we make television. Physical isolation is greatly accelerating our interest in Remote Production, REMI and At-Home working, and this is more important now than…

RF Signals May Get Major Boost From MIT’s New “Smart Surface” Technology

MIT researchers have developed RFocus “smart surface” antenna technology that can work as both a mirror and a lens to increase the strength of WiFi signals or 5G cellular networks by ten times.

Essential Guide:  Practical SDI and IP

SDI has been and continues to be a mature and stable standard for the distribution of video, audio and metadata in broadcast facilities. From its inception in the 1989 to the modern quad-link 12G-SDI available today, it has stood the test…

Data Recording and Transmission: Error Correction II - Part 17

Here we look at one of the first practical error-correcting codes to find wide usage. Richard Hamming worked with early computers and became frustrated when errors made them crash. The rest is history.

The Sponsors Perspective: How 5GHz Boosts Digital Wireless Intercom In Broadcast Applications

Development of new technology and moving to the newly available 5GHz spectrum continue to expand the creative and technical possibilities for audio across live performance and broadcast productions.