Maintaining Codec Network Security
Codecs connected to the internet can be accessed by anyone with knowledge of the codec’s public IP address. In addition, search engines are widely available which can discover and expose unsecured ‘internet connected devices’. Tieline has enabled a number of IP security measures in its latest codecs, which engineers are encouraged to use in securing their devices from nefarious characters. Following are a range of IP codec security measures and precautions that should be followed as a bare minimum, to ensure your codecs remain secure.
Codec Security Options
There are several layers of security available in Tieline codecs to maintain secure connections. These include:
- Immediately change the Toolbox HTML5 Web-GUI default password when you commission and install your codecs. Create a strong password which includes both capital and lower case letters, symbols and numbers. Password managers can be useful when managing multiple passwords within organizations, or when changing them according to a schedule.
- Ensure your codec is behind a firewall and only open the TCP and UDP ports required to transmit session and audio data between your codecs. Using non-standard ports instead of Tieline default ports can also ensure the codec is more difficult to discover by external parties.
- Ports 80 and 8080 are commonly used to access the Tieline codec web server. You can add an additional layer of security by translating these ports on the WAN side of your network into non-standard port numbers. Adjust ports using the Options panel in the Toolbox HTML5 Web-GUI.
- By default SIP interfaces are disabled to avoid unwanted traffic. The SIP Filter Lists panel in the Toolbox HTML5 Web-GUI allows filtering of SIP URIs and User Agents to provide greater security when using SIP. User documentation outlines how to configure SIP Allow and Block lists.
- An SSL security certificate can be installed on each codec in your network to ensure it is a trusted device within your network.
-
Firewall settings facilitate enabling or disabling a range of firewall-related network services, or limit ping to only work in a local subnet. Tieline also recommends SNMP is disabled if a codec is connected to a public network like the internet. Adjust settings using the Toolbox HTML5 Web-GUI Options panel in the Firewall tab.
- Implementation of CSRF protection (Cross-Site Request Forgery). Enable and disable this setting using the Options panel in the Toolbox HTML5 Web-GUI.
Be sure to document any codec port changes because this information will be required if you need to contact Tieline or other online support services at a future time.
Managing IP Security
A number of additional strategies may be employed, including VPNs, to ensure more secure codec connections. Tieline previously had an article on IP Network Security published in Radio World, explaining best practices in more detail. To read this article visit https://tieline.com/ip-security-for-radio-broadcasters/.
For more information on Tieline codecs visit www.tieline.com/products or contact Tieline sales:
- For USA, Canada & Latin America contact: sales@tieline.com
- For Australia and International: info@tieline.com
(Maintaining Codec Network Security was first published on September 13, 2021)