Years before, once virus protection software in computers updates, you always feel secured. However, with almost all computers interconnected through IP networks, you are not so confident anymore.
Many people think that protection against viruses is very essential, but they don’t realize that it is like the tip of an iceberg. IP network security covers a vast array of measures to guard ranges of threats, internally and externally, and each station needs to set up a security policy so as to protect against them.
Policy on Security
A security policy is a guideline of rules and priorities that upper management has agreed upon as important for keeping the station running. While more and more station’s assets are included in network-connected storage systems, having all that data safe is becomes so important. Developing a security policy is primarily essential in keeping your programs, spots, and financial records secured.
With the upper management signing off on a security policy, more authority to its enforcement is earned, mainly when the security policy stands against a manager who can see no problem with surfing certain sites or downloading doubtful software or employees who whine about network restrictions.
To Start With
The strategy is a channel pointing out what needs protection and what it would mean once those areas were compromised. It also outlines the ways in which these assets can be targeted and what the most vulnerable areas are and how they can be protected. Goals should be set to achieve the desired level of protection.
TV Station- the policy here might cover several areas such are financial records, which include billing and traffic file access, nonlinear edit systems; on-air playout and archive storage; graphic systems; IP network segments carrying the feeds from remote locations; or an IP network that connects the studio to the transmitter. Once any of these systems is lost, and/or network segments as well, they would disrupt the workflow of the station and may probably result in loss of income and trust from creditors, the upper management and worse scenarios will follow. At any angle, the loss of any part of the IT infrastructure that you have will be costly, so you really need to be protected.
A computer system that is infected usually slows down, stop working or even corrupts data. However, how can a network segment is corrupted without it being unplugged? It is common for a spambot program to ruin a computer and send out spam e-mail at a very fast pace, it consequently occupies almost all available bandwidth of the network, thinking to be leading to the Internet. An employee may play as a new first-person shooter game who uses large bandwidth of online graphics, just imagine several employees playing games at the same time. This is among the examples and as everything becomes IP-based, it will be essential to improve communications between machines and systems as well as staying informed of what is happening in your network. It will all start with a security policy.
Storing up the data
Once essential part of a security policy is the commitment to back up all important data and being sure that necessary files are stored over time. Once something fails to function, computers should be replaced, but the date should be carefully backed up. Off-site storage will be thebest cases where your building cannot be accessed like fire or other unmanageable disasters. For large backups, you will need tapes or even Blue-ray Discs, and the transportation of data to a remote storage site is way more complicated. It will not include self-storage facilities where the temperature and humidity are uncontrollable.
Smaller data like weekly billing files and the chief engineer’s files, can be backed up with an online service working in the background and continually updating as files change. Always make sure you keep an off-site record of what online backup systems are in place. You need to know how to access them so make sure you keep the passwords unforgotten and safe. Using local hard drives for automatic backup will be a good, nonetheless, do not depend on them too much because there is the threat for catastrophic loss.
Strategy
The strategy to achieve goals is important; this outlines how you are going to meet the goals that are set out in the security policy. This includes defining the actual layout of the network(s) and how they are interconnected and the responsible entities for adding new users and setting up computers. Some of the most important aspects considered is assigning who is responsible for setting up any routers and other security software.
Since the personnel using the computer network plays a major role in protecting it, you may want your staff to sign an satisfactory use statement that is outlining the need for security practices and the penalties once the station policies are broken. It may include rules like installing any outside programs no matter how helpful they might appear to be and another is connecting any USB drives to the company computers especially those that may contain malware that can damage or spy on the network. Once trend in gaining illegal access to a company’s network is to leave a UBS flash drive with the company’s logo on it in the company parking lot, it will then be picked up by an employee, and when they attempt to open a document on it, a malware program starts up.
Though standard template-style suitable use statements are seen on the Internet, it is best to write your own since you can tailor it to your company’s specific requirements. Once the statement is too broad and complicated, your personnel may not understand it. Clear and simple steps should outline the statement, so it is easy to follow and easy to point out if it is violated.
Follow through
One of the hardest things to do is actually make sure all the policies are being carried out. Like the transmitter readings, a regular inspection of the network and updates to the employees can be good for SOP. Letting your employees know that you are aware of their submission to the rules will let them know that you take network security seriously. Apparently, running regular virus scans and keeping your antivirus software up to date are both important steps that any network administrator should consider. It’s also not a bad idea to have network security awareness reminders even for as regular as yearly.
Physical security
Your network equipment should be always safe as for your network security. Are you keeping the doors to the network closets locked all the time? Do you see front panels of the servers locked as well? Who maintain them and keep the access to such keys?
At one station, a wireless router installed on the second floor to allow wireless Internet access. Once router is set up properly with a unique password to gain access, it seemed like that was all they needed. The engineer discovered that the settings and the network name are not working at all router and it disturbed him for the settings were reset. He tried to set the router again and a week later, the trouble happened. The router had been left in an unlocked storage room on a table, it has turned out that someone who wanted access but don’t have the password had pressed the reset button. A quick search on the Internet has provided factory default password and allowed the person to access the network. It has opened up the entire network to the outside world. In its factory default settings, the router can allow access to users around company network and computers. The engineer moved the wireless router to a room and hid it under a plastic milk carton on the floor. No trouble has ever recorded since then.
This is an example of why physical security is also necessary to protect your network. Asode fro, location, one trouble that you should keep an eye on is is theft. With personnel in the broadcast facility 24/7, you can lose your equipment unexpectedly. Not like professional video equipment, a high-powered computer server could work just as well as a high-powered gaming system.
Cutting it off
Another method in use today is to take any mission-critical data and just cut it off from the Internet, isolating it from the rest of the network. Though it may not be possible in all cases, it will limit the avenues of access for viruses and other malware to reach valuable data and systems. It is another instance that could call for the use of subnets, which will allow parts of a network to have Internet access, and also blocking the same access to other parts.
There are times that a single computer is outfitted with two or more network interface cards, that is, they are connected to more than one network at a time. Though it seems to be isolating the two networks, and it actually links them. Once one side is connected to the Internet, malware can automatically install on that computer and infect others on both networks. Better way is with two computers and a KVM switch that will keep the two networks isolated.
Conclusion
Network security remains a controversial topic for broadcast engineers as broadcasting moves on with an all-IP infrastructure. Maintaining the station will depend on keeping your networks clear and your computers free from malware.
Comments