[BC] Security of products connected to the Internet.

Johannes G. Rietschel jr
Fri Mar 23 11:07:41 CDT 2007 

In regards to Chuck Dube's question:

a) the Barix specific answer: the Devices are not using an OS in the 
classical sense, they use an embedded
protocol stack, and there are no known attacks or viruses which can 
compromit them. There is no linux
commandline prompt somewhere hidden ... And the Barix stack implementation 
does not assign memory 
to prepare for an incoming connection, but it has a fixed number of 
"slots" and "buffers" - so no danger of 
memory congestion (a DoS attack, denial of service, of course may work if 
the unit is flooded with web server
connection requests, for example).
So i think it is quite safe to use the devices on the Internet. BUT:

b) the non-Barix specific answer:

In general, if you put devices on the Internet, i would try to close as 
many as possible doors. I would ALWAYS put a firewall
or at least a NAT router in front of them. That does not cost much (a 
typical "cable router" type product can be as low as US$50), 
and always adds a good layer of security.
Whatever manufacturer you pick, the focus of people building IP devices is 
typically more on their "application" than on making a device
1000% hack-proof. So, a firewall/router manufacturer, who knows that 
exactly this is the function of the device - preventing attacks 
from outside (at least one of the major functions) will, in contrast, make 
sure the devices work reliably and are immune to attacks.

If you have a dedicated DSL line for just one function, STL, for example, 
and you use a single-function product like the Exstreamer
or Instreamer, I think you are quite safe if you have the UI password 
protected. But consider the extra layer of security a cable router, 
for example, the Linksys BEFSR41 can give you (for $50). The most 
unreliable thing on these is the power connection (known to be
sometimes shakey). By using a cable router or firewall, you can also share 
the connection and connect multipe devices/applications
behind the router (I guess I'm not telling to much news to many of you).

At my private home - i even "stack" the NAT routers. I use the functioin 
in the DSL router, and have added a second (Linksys as described above)
router behind that, so that if the first wall breaks there is a second one 
(with different password, different manufacturer etc). Costs
practically nothing, but can be a saver ...

Johannes

More information about the Broadcast mailing list