Security Protocol for New Z/IP ONE Users | Telos Alliance
By The Telos Alliance Team on Jun 15, 2016 1:26:00 PM
Security Protocol for New Z/IP ONE Users
We've made a little change to the way we configure Z/IP ONEs before they leave the factory. Even if you're not in the market for an IP codec now—heck, even if you're not a Telos customer—this change is something you should contemplate.
In recent months, the last thing our technicians do before boxing up a new Z/IP ONE will be to change the password needed to access the web page. Each new codec will receive a unique password, based on characteristics that cannot be discovered from the network side, but which are easily seen by the user. An instruction card accompanying each new device will describe how to access the web page.
Why is this important? There is a new category of "Internet of Things" search engines specifically designed to locate and catalog standalone devices placed on the internet. Bot nets scan the entire IPv4 address space, every day, looking for open and commonly used ports. Port 80, used by http, is one of the most commonly used ports. A neglected web server, such as the one hosted on almost all network-enabled broadcast equipment, with a default or easily discoverable password, will likely eventually draw the sort of attention you'd rather avoid.
Why else is this important? It represents what a small step one can take in order to increase security.
What else can you do?
- Always place your Z/IP ONE behind a firewalled NAT, forwarding only the ports you need to the Z/IP ONE and other equipment.
- Translate forwarded ports to be nonstandard on the WAN side - that is, forward a strange external port like 12808 to internal port 80 to access the web server.
- Bookmark your equipment's web pages so that you don't have to remember a bevy of strange numbers.
- Change the default password from the one we provide to a truly unique one.
- Use password managers, many of which have provisions for sharing some passwords with individuals or within an organization. This will allow you to use very strong, truly unique passwords on all your equipment and accounts.
- Restrict physical access to the device so that an unauthorized user cannot see or change passwords (or other settings).
Security is hard. Risk management always is. The above list is hardly exhaustive, yet each step adds another layer of safety to help ensure that you stay on the air and uninterrupted.
About the author
Jason Wisnieski has been a member of the Telos Alliance engineering team since 1999. As a developer, he has contributed primarily to telephony and codec products. Jason presently serves as Engineering Manager for Codecs, managing the Z/IP ONE codec and Nx series telephony products.
Telos Alliance has led the audio industry’s innovation in Broadcast Audio, Digital Mixing & Mastering, Audio Processors & Compression, Broadcast Mixing Consoles, Audio Interfaces, AoIP & VoIP for over three decades. The Telos Alliance family of products include Telos® Systems, Omnia® Audio, Axia® Audio, Linear Acoustic®, 25-Seven® Systems, Minnetonka™ Audio and Jünger Audio. Covering all ranges of Audio Applications for Radio & Television from Telos Infinity IP Intercom Systems, Jünger Audio AIXpressor Audio Processor, Omnia 11 Radio Processors, Axia Networked Quasar Broadcast Mixing Consoles and Linear Acoustic AMS Audio Quality Loudness Monitoring and 25-Seven TVC-15 Watermark Analyzer & Monitor. Telos Alliance offers audio solutions for any and every Radio, Television, Live Events, Podcast & Live Streaming Studio With Telos Alliance “Broadcast Without Limits.”
Topics: Security
Recent Posts
Subscribe
If you love broadcast audio, you'll love Telos Alliance's newsletter. Get it delivered to your inbox by subscribing below!