[EAS] ALERT: EAS Device passwords

David Turnmire eassbelist at cableone.net
Mon Feb 11 21:37:58 CST 2013 

Tom
There is obviously some truth to what you say, but it doesn't change the 
reality that one needs basic network security.  You can leave out the 
word "NAT", as you will have a hard time finding a consumer router that 
isn't one.  And I venture to say that even most 40+ engineers (says this 
55+ engineer) know a bit about that now, as they probably have one on 
their home network.  Most likely they had one in the case under 
discussion, but someone enabled "port forwarding" (or whatever that 
vendor calls it) so that they could access the router from offsite.  But 
in doing so they left it open to the universe.

So what we are really talking here isn't likely about money but about 
some combination of security awareness and the skills to configure their 
system for better security.  Of course, the "simple" way to achieve 
security in that case is to forgo the convenience of off-site access and 
thus make it largely inaccessible to hackers as well.  But giving up 
that convenience may have its "costs" as well.

But the bottom line remains the same... if you don't address network 
security, you are vulnerable.  The rest is just the same challenges we 
engineers always have... figuring out how to accomplish our tasks 
without enough money or time and sometimes without enough training/skill.

As for passwords... long ago it became apparent to me that there was no 
practical way to keep track of all the username/passwords in my head.  
So I got a password protected password utility and now I only have to 
remember its password and it remembers the rest.  I'm sure there are 
some free ones out there, but I chose to invest a little ($12?) for one 
that provides some additional features I like such as being able to 
easily synchronize its database between my office and home computers.  
It has a "big brother" for a bit more that allows you to categorize the 
passwords so that you can separately maintain "personal" passwords vs 
"engineering" passwords vs "IT" passwords, etc..  That way co-workers 
can share the relevant databases without compromising their personal 
passwords.

Dave

On 2/11/2013 7:11 PM, Tom Taggart wrote:
> All very nice....but many small stations were just able to
> scrape enough together to buy the CAP device.  They don't
> have IT guys on staff--they got some kid to get it talking
> to the internet.  And most of the staff is 40+ (young folks
> aren't getting into this business) and wouldn't know a NAT
> router if it flew in and bit them. (A nat router--ya mean a
> bug zapper? I have a router in the shop--didn't know you
> were a wood worker?)
>
> Plus my pet peeve: PASSWORDS! Have you every sat down and
> counted the number of devices, web sites, etc. that demand
> passwords?  I tried to order some paper topos from USGS
> on-line--and it wouldn't let me until I dredged up what I
> might have used for a password the last time I bought
> something from their site.  Which would have been about 5
> years ago. Any wonder that most rational people over the age
> of 30 use Fluffy123 instead of QX456www_pS.44-zxy for a
> password?
>
> __________________________________________________________
> The EAS Forum Discussion List is hosted by the BWWG (Broadcast Warning Working Group). http://eas.radiolists.net
> Please invite your friends to join our Forum! The sign up is at: http://lists.radiolists.net/mailman/listinfo/eas
> ___________________________________________________________
>

More information about the EAS mailing list