Widgets Magazine

DDoS and AV Security

On Friday morning, like a number of you, I discovered a several of the websites I routinely visit were having some significant server issues. We use Delicious.com at AVNation to distribute our weekly stories. It was down. I use Twitter to see what is going on in the world of AV and #AVTweeps. Twitter was down. In fact, a number of websites were down or significantly slowed. All because of a little ole’ DDoS attack. 
If you’re not familiar with what a DDoS attack is, I will do my best to explain it simply. DDoS (distributed denial of service) is when an individual or organization points a number of devices they have control over at a specific website or server. Most servers can handle a certain amount of traffic. Not this many. Not on Friday.
Services were interrupted, people couldn’t get on Twitter, one of our AVWeek guests had to drop because they had significant Internet outages in their area, mass hysteria. Ok, maybe not hysteria, but it was close. Now, what does this have to do with the audiovisual industry? More than I’m comfortable admitting.
The thing is, this attack wasn’t made by a bunch of zombied PCs with malware. According to Brian Krebs of Krebs on Security, it was cameras and DVRs. Cameras. Internet connected cameras and DVRs. The beautiful bastion of IoT was a big part of this attack. And it wasn’t that the installers didn’t do a good job of installing the devices or set the password to “1-2-3-4”. It was the manufacturer of one of the components.
What this means is we need to be even more vigilant and smart about how we, in the AV industry, deploy our systems. We have talked about VLANs, VPNs, and separate networks. We have interviewed and talked with other companies who have had security breakdowns in the audio visual space. It is time I put in writing what I have said on several of our podcasts. We, as an industry, need to take this more seriously than we have to this point. The AV industry needs to have a version of “security Tuesday.”  In the IT market, Tuesdays are typically a day set aside for security patches and updates. Manufacturers of AV equipment need to adopt this same practice. We need to stop bundling security patches into firmware updates and be quicker to react to known issues. Integrators need to start conversations with their clients about the importance of keeping their system as secure as possible.
IoT is not going anywhere. Not now, even after this latest attack. The IT industry will search their souls and their security logs and find out the “how” and the “how to stop this.” We will need to pay attention and follow suit. But we will also need to tighten our belts and our networks.
Thank you for taking the time to read my blog. Have a great week.
 

About Author

Tim Albright

Tim Albright is the founder of AVNation and is the driving force behind the AVNation network. He carries the InfoComm CTS, a B.S. from Greenville College and is pursuing an M.S. in Mass Communications from Southern Illinois University at Edwardsville. When not steering the AVNation ship, Tim has spent his career designing systems for churches both large and small, Fortune 500 companies, and education facilities.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.