As I take a mental overview of all the IP-based equipment we utilize in the broadcast industry, it is a wonder that we haven’t been compromised in some way by hackers looking to make our lives miserable.
With our automation systems, remote controls, IP-based remote broadcast equipment and even transmitters, we have to be cautious in the manner in which we attach our equipment to the World Wide Web.
There are thousands of Internet users out there just looking for a way into your equipment to install trojans, malicious viruses and worms. Once these attacks are released, their destruction can cause thousands of dollars in lost revenue, not to mention the time it takes to clean up after an attack.
Protecting our equipment from these malicious invaders is not rocket science. There are excellent programs out there that will protect your system from intruders and provide immediate updates to ward off a possible attack.
I’ll give you some tips on how to keep your system and network safe.
The worm turns
Let’s take a look at some of the techniques employed in the past to avoid detection and deceive security tools.
- • Armored viruses and worms: Armored viruses attempt to prevent analysts from examining their code by using various methods to make tracing, disassembling and reverse detection of their code more difficult.
- • Stealth viruses and worms: As the name suggests, these attempt to conceal their presence from antivirus software in many ways. They gain access to your system by finding a known vulnerability and plant themselves in the root of the system. Once there, these viruses could almost completely obscure their existence.
Most stealth viruses intercept disk-access requests so when an antivirus application tries to read files or boot sectors to locate the virus, they present an uninfected image of the requested item, therefore making their presence almost invisible to the anti-virus software.
One other way stealth viruses work is to hide the actual size of the infected file and display the file size information before the infection incurred.
- • Polymorphic viruses and worms: Similar to most kinds of self-encrypted viruses, polymorphic viruses mutate, creating varied but fully functional copies of themselves as a way to avoid detection by using different encryption schemes, a variety of instruction sequences and even inserting random blocks into the virus code. By doing this they modify their signature with every new infection. Each new mutation or variant of the original polymorphic viruses can look like a completely different program to virus scanners and other security tools.
- • Self-encrypting viruses and worms: Self-encrypting viruses try to conceal themselves from detection by encoding themselves differently each time they infect a new computer. Most antivirus software finds viruses by looking for certain patterns of code, known as signatures, which are unique to each virus. A self-encrypted virus utilizes a decryption algorithm at the beginning of its code, followed by encrypted code that changes with each new infection. By doing this, it fakes out the antivirus software that is looking for the signature.
Explore security tools such as Chkrootkit, Tripwire and other intrusion detection systems. Those are but a few of the ways hackers can gain access to your network or computer.
A lot of the programs now being written by hackers are targeting the antivirus software itself in an attempt to avoid detection and enhance virus longevity. They do this by attempting to delete files that are associated with antivirus and firewall programs and shutting down scheduled security processes, such as updates and patch installations. What can you do to protect your network and personal computers?
The safest thing you can do is to lock down your network. Before a worm or virus can do any damage to your system, it must be able to find a way to get in. After several failed attempts to get in, most hackers will move on to easier pickings.
Here are suggestions to help protect your computer or network from unwanted guests:
- • Install and maintain an antivirus program on each computer or network gateway. Regularly check with the software provider for updates and security patches. Most will query for updates on their own if programmed to do so. Never turn off the auto check for updates function of the antivirus program.
- • Work with the least possible system privileges. Only use the root or administrator privileges when absolutely necessary.
- • Turn off all unnecessary services and programs.
- • Never open an e-mail from an unknown source or one that has an attachment that looks suspicious. This is the easiest way for an attacker to unleash a virus or worm into your system. Most will compromise your address book and send the virus out to every e-mail address contained in your mail address box.
- • Apply and enforce strict password policies to each of your computer users. Never use simple words or plain text as a password. Use a combination of letters/numbers in your password, and to make it even harder for a hacker to decipher your password, use random capital letters along with lower case letters.
- • For critical systems, such as servers or streaming encoders, install and run the antivirus software from a disk so that no executable code from the machine can be run.
- • Utilize additional security tools such as Tripwire or Chkrootkit for Linux systems and other intrusion detection systems (IDS).
- • Periodically check your antivirus software to ensure that no changes have been made to disable or remove automatic updates to the software.
Following these procedures and tips will help ensure a healthy and safe environment for all your broadcast data and programs.
There is so much more involved with protecting your networks and computer systems from intrusion, and space limitations prevent me from going into further detail on site security, but installing and maintaining a good antivirus software program is the first step in prevention of the possibility of an attack.
Send your radio IT tech tips firstname.lastname@example.org.
Brian Cunningham, CBRE, is a chief engineer for Crawford Broadcasting and is based in western New York. This is a version of an article that appeared in the company’s Local Oscillator newsletter.