[EAS] Cybersecurity for broadcast stations
Tim Stoffel
tim at knpb.org
Fri Apr 8 17:49:12 CDT 2016
I'm going to disagree on this default password stuff.
I believe it is the engineer's job to properly install equipment, including using an appropriate amount of security consummate with the application. BTW, I do read manuals, although rarely from cover to cover. (I wish manuals were still on paper, not on CD-ROM or on line :( )
Default passwords are important because sometimes, you need to 'start over'. A means should always exist to reset a piece of equipment to take its default password, and it's OK if this involves opening the cabinet. It's not the manufacturer's job to ensure good security, but rather to provide the tools to do it. Putting an individualized, cryptic password on each unit they make is cou8nterproductive unless that password is indelibly recorded somewhere on the equipment. Requiring a password change during configuration is a good compromise between no security guidance and in-your-face security (which also inflates egos, BTW).
There's also usually more than one way to do security in a facility. Relying on one form of security is just bad practice. Having several medium grade security features is better IMHO, than having one or two draconian security features. Also, things like good network design, etc. should come before security like passwords.
On a completely different subject: Is any kind of an NAB meetup among us planned?
Tim Stoffel, KNPB
More information about the EAS
mailing list