Tieline Technology Forums

Main Topics => Feedback Portal => Topic started by: larslengberg on October 24, 2014, 10:44:19 pm

Title: Better network security features
Post by: larslengberg on October 24, 2014, 10:44:19 pm
Hi! We are running an STL using two Merlins, and so far it all seems very smooth.

After consulting your sales rep, I hooked them up straight onto our DSL lines, using static public IPs. The codes are said to be "secure enough".

However, I still feel a bit worried that some day in the future, someone will attempt some kind of attack against a codec. Trying toi hack it, or just a (D)DoS attack.

In the current firmware, I miss these options (please let me know if they exist and I just haven't found them!) :

* The option to change admin port. Today I can config an "alternate" port, but the box still answers on port 80. I guess port 80 is the prime port being scanned on the Internet, so just changing to a random port like 8394 lowers the possibility that someone finds you.

* Disable ping reply. Many scanning tools will first attempt a ping, and will only "deep scan" IPs that responds to ping.

* Possibility to whitelist IP ranges that are allowed admin access.

* Maybe also the possibility to install your own SSL server certificate in the codec, and require a matching SSL client certificate to gain admin access? (Don't think we would use it though.. But would give a very high security level.)

Thanks,

Lars Lengberg
Radio Sydväst, Stockholm, Sweden
Title: Re: Better network security features
Post by: Glenn on October 28, 2014, 09:58:21 am
Hi Lars,

Thanks for your post.

Regarding your questions, if you are concerned about security, we would recommend you place the codecs behind a firewall if possible and port forward to the relevant ports you configure.

If you are behind a firewall you can block port 80 and use your preferred port. This can also block any pings from unwanted sources and allow you to create whitelist access for admin purposes.

I will mention your SSL server certificate idea to our engineers for consideration in future development.

Thank you for the suggestion and for your interest in securing your codecs.

Best regards,

Glenn




Title: Re: Better network security features
Post by: larslengberg on October 29, 2014, 12:35:39 am
Thanks for your response! And yes, perhaps I should consider some firewalls. But each new box is a box that can freeze/crash... So if you are anyway sending that SSL suggestion to the developers, you may as well throw in "disable port 80", "disable ping" and "IP range whitelisting" as well. Those are probably even easier to implement than any SSL certificate handling.

(Anyone reading this have any suggestions on a cheap, simple and rock-solid firewall?)
Title: Re: Better network security features
Post by: iXgamesXi on October 30, 2014, 07:06:15 pm
Firewalls mate ;)

Fifa 15 Coin Generator No Survey (http://www.igamiing.com/fifa-15-coin-generator/)