Recently a station contacted me (the call letters shall remain anonymous) and said they wanted to replace their automation and streaming computers. I thought “No problem.”
Only one provision: They want everything running on Windows 7. Oh, and they would need internet browsing access on these machines.
This is a giant stop sign! The person in their engineering role stipulated that he does not trust the new versions.
I walked out of the meeting rather than get into an argument on how you keep out-of-date, unsupported systems protected when they are browsing the internet.
It is a no-brainer that the encoder will have to go on the internet. There should be no reason for any station to run a non-supported operating system. Current operating systems offer compatibility with the current protection software. Many music services deliver music to the automation via the “net.” Why would anyone want their systems running unprotected?
Yes, there are many posts and blogs complaining that various operating systems are buggy and subject to attack. But they are supported! If an unsupported system is attacked, the manufacturer will be the first to tell you it is unsupported. The security software usually says what they support and what OS their updates are for. A good firewall system and security system only go so far!
Over the past two years many large companies, including broadcasters, have been hit with ransomware attacks that were disruptive to operations. The older operating systems will not give you a upper hand in protecting your systems.
Current systems may not be successful in thwarting attacks either but at least their protection updates may help. Some of the features like cloud management and deep scanning help.
[Check Out More of Radio World’s Tech Tips]
Remember that most security suites are reactive not proactive. This means that the software coders are reacting to the issues that are out there; they cannot prevent what has not been invented yet. I do not believe that they are also going back to extinct operating systems and checking them too. Many issues were in Windows 2000 or earlier, I do not know of any security suite saying it is safe.
Besides a good up-to-date security suite — hopefully throughout your entire enterprise — you should have a good, up-to-date firewall. Yes a firewall is the bane of every 21st century broadcast engineer’s existence. But this is essential. Most equipment needs ports opened. You need to know if the equipment is communicating UDP or TCP. You must know what the path of communication is. Try to keep a list or map of these ports.
The big Solarwinds attack of a few years ago may have traveled through SNMP. What is SNMP, you ask? Simple Network Management Protocol is how much of the broadcast equipment today communicates and gives status back. Yes, SNMP is something you should know about … but that is a different topic.
The other must-have is a good backup system. This should need no explanation. But remember to check your backup. Many people never check what they are backing up, and the results are not pretty. Your backup system is your cheapest insurance policy to have a fast recovery.
I always recommend that a client keep all software installation disks and licenses in a locked safe or file cabinet. This will come in very handy if you have to rebuild systems. Image disks are also very useful.
As a follow-up, the station that wanted Windows 7 went with another consultant. Two weeks later, they got hit with a ransomware attack. They lost the entire music library and all the billing records. They never checked their backup. They were screwed! The installer disappeared with the installation disks. Not cool. Not only was the software installed on a non-supported OS, but the hardware did not meet the minimum requirements.
I was very nice and did not say “I told you so.” I hope they have learned this expensive lesson.
