Security for Professional Media Over Managed IP …...Presentation Title Security for Professional...
Transcript of Security for Professional Media Over Managed IP …...Presentation Title Security for Professional...
Presentation Title
Security for Professional Media Over Managed IP Networks
Thomas Bause Mason (SMPTE)Director of Standards Development
Presentation Title
The Threat
Presentation Title
The Threat
“According to Microsoft, the potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.”
Presentation Title
The Threat
Break it Steal it Alter it
Presentation Title
Threat Agents
Sophistication
Individual Group
Corporation
State
Presentation Title
Threat Agents
“Malware, which includes viruses and other software intended to disrupt computer users, is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” wrote the analysts, who scoured dozens of sites on the dark web over the past eight months.”
Presentation Title
Threat Vectors
• Backdoor• Denial-of-service attacks (DOS)• Direct-access attacks• Eavesdropping• Multivector, polymorphic attacks• Phishing• Privilege escalation• Social engineering• Spoofing (Email, IP address, MAC, Biometric)• Tampering
Presentation Title
Media Security Efforts
MPAA Content ProtectionGuidelines
Presentation Title
Follow IT Best Practices
• Implement a Formal IS Governance Approach• Stop Data Loss• Detect Insider Threat• Back Up Data• Beware of Social Engineering• Educate and Train Your Users• Outline Clear Use Policies for New Employees and 3rd Parties• Update Software and Systems• Create an Incident Response Playbook• Maintain Compliance
Presentation Title
Vulnerability Exploit (Sony)
2 to 12 months of unauthorized access
47,000 unique Social Security numbers leaked
Employees medical information leaked
30,000 documents leaked on Wikileaks
Vulnerability exploit with worm (100 TB)
$15 Millions in costs
Presentation Title
API Exploit (USPS)
60 Million Users impacted
Client
Client
Client
API USPS.com UserData
Weak Access Control
Client
Presentation Title
Why Security in Broadcast?
SpecializedHardware
SDI
Commercial off the Shelf
(COTS)
IPAgility Flexibility
Scalability
Live Broadcast Infrastructure
Cost Savings
Presentation Title
Security Concerns in Media over IP?
Serial Digital Interface
Specialized System
Walled Garden
IP Networks
Commodity Hardware
Open Architecture
Separate Networks Separate Networks
SDI IP
Presentation Title
Security Challenge
Off-PremiseData Center
(Shared Resources)
Fiber (e.g. 40/100GigE)
TV Studio A(East Coast)
On-PremiseData Center
TV Studio B(East Coast)
TV Studio C(West Coast)
TV Studio D(West Coast)
On-PremiseData Center
3rd Party
Presentation Title
SMPTE’s IP Efforts
SMPTE ST 2022: Contribution Link
SMPTE ST 2110: TV Studio
SMPTE ST 2059: Synchronization (PTP)
Presentation Title
PTP Overview
GrandMaster
Slave
Slave
Slave
Ordinary Clock Ordinary ClockBoundary Clock
Switch
Presentation Title
SMPTE ST 2110
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
Presentation Title
SMPTE ST 2110 (GM Disabled)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
Presentation Title
SMPTE ST 2110 (Rough Grand Master)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
GM*
Presentation Title
SMPTE ST 2110 (Router Overload)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
GM
Presentation Title
EBU Security Efforts
https://tech.ebu.ch/docs/r/r148.pdf
Media Cyber Security
Group
Presentation Title
Joint Taskforce on Networked Media (JT-NM)
Help manage IP transition
Collect user requirements
Identify gaps in technology
Recommend best practices
JT-NM
EBU
SMPTE
AMWA
VSF
NABA
AES
IABM
AIMS
JT-NM
EBU
SMPTE
AMWA
VSF
Coordinate Industry Activities
Presentation Title
JT-NM Security Recommendations
Keep it simple
Focus on low hanging fruit
Call to JT-NM members for API Security
Call to JT-NM members for PTP Security
Recommendation on Vulnerability Scanning
Presentation Title
JT-NM Vulnerability Scanning
IBC IP Showcase Network(50 IP Systems)
OpenVASClient
Methodology Tools
Overall Approach
http://vsf.tv/events_archive/2018-09_IBC2018.shtml
Presentation Title
SMPTE Study Group on Security in SMPTE ST 2059
Harden PTP infrastructure
Harden network against PTP attacks
Prevent overloading router ports
Prevent power down and power up
Network design recommendations
Test and detection methods
Presentation Title