security for professional media over managed ip …...presentation title security for professional...
TRANSCRIPT
![Page 1: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/1.jpg)
Presentation Title
Security for Professional Media Over Managed IP Networks
Thomas Bause Mason (SMPTE)Director of Standards Development
![Page 2: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/2.jpg)
Presentation Title
The Threat
![Page 3: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/3.jpg)
Presentation Title
The Threat
“According to Microsoft, the potential cost of cyber-crime to the global community is a mind-boggling $500 billion, and a data breach will cost the average company about $3.8 million.”
![Page 4: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/4.jpg)
Presentation Title
The Threat
Break it Steal it Alter it
![Page 5: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/5.jpg)
Presentation Title
Threat Agents
Sophistication
Individual Group
Corporation
State
![Page 6: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/6.jpg)
Presentation Title
Threat Agents
“Malware, which includes viruses and other software intended to disrupt computer users, is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” wrote the analysts, who scoured dozens of sites on the dark web over the past eight months.”
![Page 7: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/7.jpg)
Presentation Title
Threat Vectors
• Backdoor• Denial-of-service attacks (DOS)• Direct-access attacks• Eavesdropping• Multivector, polymorphic attacks• Phishing• Privilege escalation• Social engineering• Spoofing (Email, IP address, MAC, Biometric)• Tampering
![Page 8: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/8.jpg)
Presentation Title
Media Security Efforts
MPAA Content ProtectionGuidelines
![Page 9: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/9.jpg)
Presentation Title
Follow IT Best Practices
• Implement a Formal IS Governance Approach• Stop Data Loss• Detect Insider Threat• Back Up Data• Beware of Social Engineering• Educate and Train Your Users• Outline Clear Use Policies for New Employees and 3rd Parties• Update Software and Systems• Create an Incident Response Playbook• Maintain Compliance
![Page 10: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/10.jpg)
Presentation Title
Vulnerability Exploit (Sony)
2 to 12 months of unauthorized access
47,000 unique Social Security numbers leaked
Employees medical information leaked
30,000 documents leaked on Wikileaks
Vulnerability exploit with worm (100 TB)
$15 Millions in costs
![Page 11: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/11.jpg)
Presentation Title
API Exploit (USPS)
60 Million Users impacted
Client
Client
Client
API USPS.com UserData
Weak Access Control
Client
![Page 12: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/12.jpg)
Presentation Title
Why Security in Broadcast?
SpecializedHardware
SDI
Commercial off the Shelf
(COTS)
IPAgility Flexibility
Scalability
Live Broadcast Infrastructure
Cost Savings
![Page 13: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/13.jpg)
Presentation Title
Security Concerns in Media over IP?
Serial Digital Interface
Specialized System
Walled Garden
IP Networks
Commodity Hardware
Open Architecture
Separate Networks Separate Networks
SDI IP
![Page 14: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/14.jpg)
Presentation Title
Security Challenge
Off-PremiseData Center
(Shared Resources)
Fiber (e.g. 40/100GigE)
TV Studio A(East Coast)
On-PremiseData Center
TV Studio B(East Coast)
TV Studio C(West Coast)
TV Studio D(West Coast)
On-PremiseData Center
3rd Party
![Page 15: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/15.jpg)
Presentation Title
SMPTE’s IP Efforts
SMPTE ST 2022: Contribution Link
SMPTE ST 2110: TV Studio
SMPTE ST 2059: Synchronization (PTP)
![Page 16: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/16.jpg)
Presentation Title
PTP Overview
GrandMaster
Slave
Slave
Slave
Ordinary Clock Ordinary ClockBoundary Clock
Switch
![Page 17: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/17.jpg)
Presentation Title
SMPTE ST 2110
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
![Page 18: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/18.jpg)
Presentation Title
SMPTE ST 2110 (GM Disabled)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
![Page 19: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/19.jpg)
Presentation Title
SMPTE ST 2110 (Rough Grand Master)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
GM*
![Page 20: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/20.jpg)
Presentation Title
SMPTE ST 2110 (Router Overload)
IP Connection
Tx
Rx
* SMPTE ST2059-2 PTP Profile Data Packet PTP Packet
Media
Audio Packet
Video Packet
Rx
Rx
Grand Master*
Switch
GM
![Page 21: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/21.jpg)
Presentation Title
EBU Security Efforts
https://tech.ebu.ch/docs/r/r148.pdf
Media Cyber Security
Group
![Page 22: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/22.jpg)
Presentation Title
Joint Taskforce on Networked Media (JT-NM)
Help manage IP transition
Collect user requirements
Identify gaps in technology
Recommend best practices
JT-NM
EBU
SMPTE
AMWA
VSF
NABA
AES
IABM
AIMS
JT-NM
EBU
SMPTE
AMWA
VSF
Coordinate Industry Activities
![Page 23: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/23.jpg)
Presentation Title
JT-NM Security Recommendations
Keep it simple
Focus on low hanging fruit
Call to JT-NM members for API Security
Call to JT-NM members for PTP Security
Recommendation on Vulnerability Scanning
![Page 24: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/24.jpg)
Presentation Title
JT-NM Vulnerability Scanning
IBC IP Showcase Network(50 IP Systems)
OpenVASClient
Methodology Tools
Overall Approach
http://vsf.tv/events_archive/2018-09_IBC2018.shtml
![Page 25: Security for Professional Media Over Managed IP …...Presentation Title Security for Professional Media Over Managed IP Networks Thomas Bause Mason (SMPTE) Director of Standards Development](https://reader033.vdocuments.net/reader033/viewer/2022042403/5f177149ff506f501e5d0a2c/html5/thumbnails/25.jpg)
Presentation Title
SMPTE Study Group on Security in SMPTE ST 2059
Harden PTP infrastructure
Harden network against PTP attacks
Prevent overloading router ports
Prevent power down and power up
Network design recommendations
Test and detection methods