Understanding IP Networks - Security Prevention and Detection

In the last article we looked at Firewalls and their place in a broadcast network. In this article we continue the theme of looking at a network from a broadcast engineers’ point of view so they can better communicate with the IT department, and look at how IT engineers use detection and prevention systems.

Compromise has to be reached between keeping a system secure and keeping it usable. Removing the network connection from a computer or camera is a very easy way of making the network highly secure, this results in the devices not being able to either communicate or send signals to the outside world.

Thousands of Protocols

The opposite extreme is to assign every device with a public IP address and connect them to the internet. Clearly this would be highly insecure and render the station useless in a matter of minutes as every hacker in the world launched their attacks.

Broadcast engineers have been spoilt as video and audio transfer their signals in well-ordered predictable point to point distribution systems and we generally know where a signal is going and if somebody else is trying to use our link.

Proactive Managers

In the IT world nothing could be further from the truth. There are thousands of different protocols using IP networks, bandwidth allocation is random, users come and go as their wifi devices come into range and it’s difficult to know who is accessing what, where and when.

IPS and IDS can be used to stop illegal copying of copyright material

Firewalls go some way to help IT network engineers understand what is going on in their systems but rely on managers being proactive and knowing which protocols to block and pass. Intrusion prevention (IPS) and detection (IDS) systems provide more visibility on what’s going on and the tools to control access.

Be Careful of Jitter and Delay

IPS is similar to a Firewall in that it sits in-line with a network segment such as an internet connection. A datagram is received by its network interface card (NIC) and compared to a list of rules as to whether it should be passed or rejected.

IPS systems tend to work at a higher data level and will construct many datagrams to form a complete data access before applying their rules check. For example, when a server sends a web page back to a browser the server will break the page into many datagrams for transfer over TCP. An IPS will construct the whole page before applying its rules for analysis to detect exploits such as embedded viruses or restricted links.

Viruses and Trojans

As the IPS is in-line it must be extremely well resourced as it cannot afford to drop packets or cause too much jitter and delay, doing so will have an adverse effect on the rest of the network especially if we are distributing real time video and audio streams.

IPS separates its functionality from the Firewall as it tends to be policy based. Employment legislation has advanced in recent years to protect employees from the perils of the internet in the work place. If an unscrupulous employee is viewing inappropriate material on a work computer and the screen can be seen by other users, the employer could find themselves liable as it has allowed other employees to be subject to unacceptable and often illegal material.

Monitoring

In the interest of enabling higher efficiency some employers may block their staff from using social media sites, especially as they can be a source of embedded viruses and Trojans. IPS can be distributed within a network so certain departments can be treated differently than others. A sales department may use Facebook as a key tool for its operation, IPS can allow sales access but block the rest of the company.

IPS can be used to allow Facebook access to one business unit and not another

IPS can be used to allow Facebook access to one business unit and not another

IDS differs from IPS and Firewalls as it is a monitoring system and effectively takes a da’ed feed of the segment of the network being monitored. Highly resourced computers must be used so packets are not dropped and meaningful data is recorded. It’s very useful for fault diagnosis as it can be configured to receive and analyze traffic anywhere in the network.

Alarm Thresholds

IPS is good at blocking known exploits across a network as the devices can be updated on the fly when an exploit is made known to the network manager without having to change firewall policies.

One of the major challenges with IPS and IDS is the amount of false alarms (sometimes referred to as false positives) and log data they create. Tuning these systems and analyzing the logs is a highly specialized job and can easily soak up many hours of effort.

If alarm thresholds are too high then they become useless as data that should be blocked is not being detected or dealt with. If they’re too low then many false positives are created generating work for the IT team.

Film Distributors Worry

IPS, IDS and Firewalls are all used together to help fine tune each other. IDS will show if one area of a network has problems and IPS and Firewalls are used as control devices to remove them. As IPS and Firewalls seem to complement each other there has been a move to unify these two devices into one design providing the Unified Threat Management (UTM).

Fundamentally the rules of IPS and Firewalls are very different, IPS works by denying everything and providing rules to opt in whereas Firewalls work the opposite way by assuming all datagrams are passed and the configuration provides deny and drop rules.

Copyright

Film distributors worry about employees illegally copying their material, especially when they have pre-released the latest blockbuster to a broadcaster ahead of transmission. IDS can be used to detect if somebody is trying to download the film from the media asset library, and IPS and Firewalls can be used to control where the files are downloaded to and by whom, potentially restricting access to just the playout servers.

Anybody who may need access to the film, for example an editor who has to create a bumper, will need to raise a recorded request with the IT department to access the media. This may all sound a bit draconian but recent high profile security breaches have meant film producers are on the ball more than ever as far as illegal copying is concerned.

You might also like...

BT Sport’s Live VR 360 Coverage Of Premier League Brings Fans Closer To The Action

While the merits of 8K delivery is being debated by broadcasters around the world, some are moving forward with plans to deploy the high resolution quality in creative ways that engage viewers and encourage them to interact with a live…

PTP V2.1 – New Security & Monitoring For IP Broadcast Infrastructures - Part 2

In the last article in this series, we looked at how PTP V2.1 has improved security. In this part, we investigate how robustness and monitoring is further improved to provide resilient and accurate network timing.

Field Report: NewTek Spark Plus 4K

NDI (Network Device Interface) is a free protocol for Video over IP, developed by NewTek. The key word is “free.”

NAB 2021 Cancelled

NAB have announced the show scheduled for October 2021 has been cancelled.

PTP V2.1 – New Security & Monitoring For IP Broadcast Infrastructures - Part 1

Timing accuracy has been a fundamental component of broadcast infrastructures for as long as we’ve transmitted television pictures and sound. The time invariant nature of frame sampling still requires us to provide timing references with sub microsecond accuracy.