Based on our previous posts relating to Security (Digital Signage: How secure is your digital signage solution? and Secure Your digital signage solution -here’s why!), we decided to put together a Security Checklist (something businesses implementing digital signage should consider). Here’s the list:

1. Avoid using the default ports for common application protocols such as FTP (port 21) or web (80). Change these to something unusual for example port 2122 or 8089. Basically make it harder for hackers to guess what ports you are using for certain applications.
2. Avoid using common passwords such as “password” and “test”. Increase your “password strength” by using at least 7 characters with at least 1 uppercase letter and 1 number. Case sensitive passwords are harder for Brute Force password software tools to break and hack.
3. Rename or disable common login accounts. For example, in the Windows environment rename the “administrator” and “guest” accounts. For Unix, rename the “root” account.
4. Enable or Install Firewall Software. Having some sort of protection (the built in Microsoft Windows Firewall suffice) is better than not having anything at all. When creating firewall rules, make sure you only allow IP addresses that require access to the device. Don’t get into a habit of just allowing everything through – only use this for testing or special circumstances. If you have a digital signage appliance and cannot install any firewall software, invest in purchasing a hardware Firewall.
5. Enable or Install Antivirus Software. This will prevent viruses and Trojans from getting into your digital signage network.
6. Ensure your Operating System, whether it’s Unix or Microsoft Windows has the latest software updates. There is a considerable amount of security vulnerabilities out there – just make sure that you backup your operating system before installing any new patches.
7. Physically locate your devices in a secure environment e.g. in a rack or a communications cabinet or use a kensigton lock if it’s in a public location.
8. For wireless connectivity to your network, disable the wireless SSID and use the latest encryption methods such as WPA.
9. Don’t just use HTTP to manage or transmit files – this is an unsecured protocol and the login and password is transmitted using clear text. Use HTTPS, with at least 128 bit encryption.
10. If you have to manage multiple sites, don’t purely connect the digital signage players to the Internet, but instead setup VPNs (Virtual Private Network). With the right equipment you can easily setup a VPN tunnel in no time.
11. If using the unit in standalone mode i.e not connected to the network, then disable the interface cards (wireless or physical)
12. If using a web based player or SaaS, ensure that the web browser is using 128 bit encryption and SSL (basically you will see HTTPS at the front of the URL). We cannot stress enough that using HTTP is not secure as the login and password is sent in clear text, meaning that someone can easily capture your login and password credentials.
13. Install the latest Operating System Service Packs ie. if using Windows XP, then install SP3.
14. Disable any SNMP services (Simple Network Management Protocols). By doing so you will avoid hackers using SNMP tools to remotely manage your devices. Also avoid using the standard community strings “public” and “private”. If you do intend to use SNMP then use at least SNMP v3 as it is more secure.
15. Disable any remote management tools (remote desktop, VNC, Dameware, PCAnywhere, telnet, SSH) unless it’s required for managing the network.
16. Disconnect keyboard or mouses from the digital signage device unless required.
17. Screen lock – make sure your software actually locks the player window so that the public is not able to access or change settings on the player without a password.

So there you go, thats our Security checklist. Have a look at your current digital signage solution and check to see whether it meets all or any of the above items. Now having worked for large corporate organisations, most of the above security requirements are mandatory in any IT department.  So if you’re serious about winning those large tenders or contracts then make sure you consider validating your digital signage equipment against this Security Checklist before you submit your next proposal.

Protect your investment and review your digital signage solution to see whether it passes items listed in the above Security Checklist.

Are there any other Security aspects that we’ve missed? Please let us know.

Feel free to submit your answer as a comment.

Tweet This Post

Category: Digital Signage Blog Info, Digital Signage Blog News, Digital Signage Techie

Today, we came across a news article titled “Porn shock for tourists”  – just from reading the title of the article you’re thinking – “what has this got to do with digital signage?”. There is a lesson to learn from this article so here is a copy of the article:

Computer pranksters in Croatia hacked into tourism board computers and downloaded blue movies onto a town centre information screen.

Red faced officials in Slavonski Brod managed to shut down the link but only after a cheering crowd had gathered around the screen, which normally gives cultural tips to visitors.

Police called in special IT crime experts to help track down the hackers.

Meanwhile the local council have pledged to splash out on a computer security upgrade to make sure nothing similar happens again.

Deputy mayor Zeljka Kristof said: “This is something we take very seriously because we have worked hard to give our town an image among tourists and visitors that we do not want sullied in any way.

“This incident shocked a lot of people and made our visitors feel very uncomfortable. It just proves our computer systems need to be made more secure.”

Source: http://www.ananova.com/news/story/sm_3074964.html

Like any other IT solution, digital signage needs to be secure – it needs to protect the solution from hackers and unauthorised access. In this case, the screen was hijacked and the tourist information was replaced with a porn video. We might have giggled when reading the article but it’s a serious issue if it happened to us *Not many parents would have been impressed if their children were there*. The consequences could have been more devastating – the screen could have been used to display sensitive information.

Like the Internet, digital signage solutions have many vulnerabilities and security holes and it is the responsibility of the network operators to ensure the solution is secure.

We also previously talked about ways to mitigate various security issues in our previous post called “How Secure Is Your Digital Signage Solution?“. Here’s the link if you’re interested to read further.

Lesson learnt: make sure your digital signage solution is secure before you have the public looking at your screen!!!

Tweet This Post

Category: Digital Signage Blog Info, Digital Signage Blog News