Based on our previous posts relating to Security (Digital Signage: How secure is your digital signage solution? and Secure Your digital signage solution -here’s why!), we decided to put together a Security Checklist (something businesses implementing digital signage should consider). Here’s the list:

1. Avoid using the default ports for common application protocols such as FTP (port 21) or web (80). Change these to something unusual for example port 2122 or 8089. Basically make it harder for hackers to guess what ports you are using for certain applications.
2. Avoid using common passwords such as “password” and “test”. Increase your “password strength” by using at least 7 characters with at least 1 uppercase letter and 1 number. Case sensitive passwords are harder for Brute Force password software tools to break and hack.
3. Rename or disable common login accounts. For example, in the Windows environment rename the “administrator” and “guest” accounts. For Unix, rename the “root” account.
4. Enable or Install Firewall Software. Having some sort of protection (the built in Microsoft Windows Firewall suffice) is better than not having anything at all. When creating firewall rules, make sure you only allow IP addresses that require access to the device. Don’t get into a habit of just allowing everything through – only use this for testing or special circumstances. If you have a digital signage appliance and cannot install any firewall software, invest in purchasing a hardware Firewall.
5. Enable or Install Antivirus Software. This will prevent viruses and Trojans from getting into your digital signage network.
6. Ensure your Operating System, whether it’s Unix or Microsoft Windows has the latest software updates. There is a considerable amount of security vulnerabilities out there – just make sure that you backup your operating system before installing any new patches.
7. Physically locate your devices in a secure environment e.g. in a rack or a communications cabinet or use a kensigton lock if it’s in a public location.
8. For wireless connectivity to your network, disable the wireless SSID and use the latest encryption methods such as WPA.
9. Don’t just use HTTP to manage or transmit files – this is an unsecured protocol and the login and password is transmitted using clear text. Use HTTPS, with at least 128 bit encryption.
10. If you have to manage multiple sites, don’t purely connect the digital signage players to the Internet, but instead setup VPNs (Virtual Private Network). With the right equipment you can easily setup a VPN tunnel in no time.
11. If using the unit in standalone mode i.e not connected to the network, then disable the interface cards (wireless or physical)
12. If using a web based player or SaaS, ensure that the web browser is using 128 bit encryption and SSL (basically you will see HTTPS at the front of the URL). We cannot stress enough that using HTTP is not secure as the login and password is sent in clear text, meaning that someone can easily capture your login and password credentials.
13. Install the latest Operating System Service Packs ie. if using Windows XP, then install SP3.
14. Disable any SNMP services (Simple Network Management Protocols). By doing so you will avoid hackers using SNMP tools to remotely manage your devices. Also avoid using the standard community strings “public” and “private”. If you do intend to use SNMP then use at least SNMP v3 as it is more secure.
15. Disable any remote management tools (remote desktop, VNC, Dameware, PCAnywhere, telnet, SSH) unless it’s required for managing the network.
16. Disconnect keyboard or mouses from the digital signage device unless required.
17. Screen lock – make sure your software actually locks the player window so that the public is not able to access or change settings on the player without a password.

So there you go, thats our Security checklist. Have a look at your current digital signage solution and check to see whether it meets all or any of the above items. Now having worked for large corporate organisations, most of the above security requirements are mandatory in any IT department.  So if you’re serious about winning those large tenders or contracts then make sure you consider validating your digital signage equipment against this Security Checklist before you submit your next proposal.

Protect your investment and review your digital signage solution to see whether it passes items listed in the above Security Checklist.

Are there any other Security aspects that we’ve missed? Please let us know.

Feel free to submit your answer as a comment.

Tweet This Post

Category: Digital Signage Blog Info, Digital Signage Blog News, Digital Signage Techie

It’s the holidays so I decided to take the family out to Oceanworld Manly Australia so the kid could experience and see the tropical and temperature fishes, sharks, snakes, lizards and insects. I’ve been there before so I wasn’t excited as the kid, but when I entered the first section of the venue (Middle Level – Level 2) my excitement grew. Yes… I saw digital signage being used around the floor which wasn’t there the last time I visited.

I’m always on the lookout for digital signage so this was a great opportunity for me to understand how Oceanworld implemented their system and if any, recommend ways to improve their setup. At each of the tanks, there was a 15-17 inch LCD screen displaying information about the fish or animal inside the tanks. This was located above each of the tanks and it eliminated the need to have a static board with this information.

Here’s an image of the screen:

Digital Signage at Oceanworld Manly Australia

Digital Signage at Oceanworld Manly Australia

I noticed that some of the screens had one static slide (I’m assuming that the system was using powerpoint), however there were other screens which had pictures of each of the different types of fishes in the tank at the bottom of the screen. This however wasn’t initially obvious to me or to the people I asked as the time it took to rotate to the next slide was several minutes – I wasn’t going to stand around and wait for several minutes just to find out more information about each of the different types of fish in the tank. Overall, the solution was quite average and may need to be reviewed. Here is our recommendation of things that may need to be improved:

1. LCD screen location – to view the screen, one would need to step away from the tank and tilt your head slightly up.  I think the screens could have been strategically better located so the visitors would actually see the information whilst looking at the fishes in the tank. Just as a thought, maybe install a waterproof screen at the back wall of the tank??? We talked about strategically positioning your screens in one of our previous posts called “Location, location, location“.

You’re probably thinking “waterproof screens????”… yep here’s a video from youtube to prove it that it does exist.

For more Digital Signage videos visit the Digital Signage Portal.

2. Use touch screen technology to enable the visitors to interact with the fish tank. Currently, visitors like myself would not be standing around to wait for the next slide so why not get the visitor to initiate the slide change. Otherwise, decrease the time it takes for each slide to rotate and also place a reference on the screen stating that “The below fishes can be found in the tank”. Make the image of the fish at the bottom of the screen that the information is referring to more noticeable – either fade the other images or highlight the current image. We talked about touch screen technology in one of the previous posts called “To touch or not to touch – that is the question“.

3. I also found that the solution installed was using the Windows XP operating system. How did I know this? We that was easy because there was that typical windows notification balloon at the bottom right hand corner of the screen. Maybe disable all Windows XP notification messages.

Digital Signage Error Message

4. On another screen there was also a notification that it found the Wireless network. This is definitely a security issue as the SSID of the wireless network was clearly visible to the public. We talked about digital signage security issues in two of our previous posts called “How secure is your digital signage solution?” and “Secure your digital signage solution – here’s why“.

Well that’s my recommendation based on what I saw and I apologise in advance if I misrepresented the solution and setup but I hope our readers can learn something from this post.

Do you have any digital signage experiences you would like to share with us?
Send us an email to info@digitalsignageblog.com or feel free to comment here.

P.S: For those who are interested in going to visit Oceanworld, there is a 15% discount if you enter after 3:30pm. Overall, the kid had fun and we will most likely visit Oceanworld again in the near future.

Tweet This Post

Category: Digital Signage Blog News, Digital Signage Reviews

With the increasing popularity of digital signage and the Internet, the likelihood of your digital signage system being hacked or compromised is increasingly high.

To minimise and mitigate this risk, there are several technical security points to consider when implementing your digital signage solution:

• Avoid using the default ports for common application protocols such as FTP (port 21) or web (80).
• Don’t use common passwords such as “password” and “test”. Instead use passwords with numbers, and case sensitive characters which are harder for Brute Force password software tools to break and hack.
• Rename or disable common login accounts. For example, in the Windows environment rename the “administrator” and “guest” accounts. For Unix, rename the “root” account.
• Install Antivirus and Firewall software such as Trend Micro on your digital signage solution. This will prevent viruses and Trojans from getting into your digital signage network.
• Ensure your Operating System, whether it’s Unix or Microsoft Windows has the latest software updates. There is a considerable amount of security vulnerabilities out there.
• Physically locate your devices in a secure environment e.g. in a rack or a communications cabinet.
• For wireless connectivity to your network, disable the wireless SSID and use the latest encryption methods such as WPA.
• Don’t just use HTTP to manage or transmit files – this is an unsecured protocol and the login and password is transmitted using clear text. Use HTTPS, with at least 128 bit encryption.
• If you have to manage multiple sites, don’t purely connect the digital signage players to the Internet, but instead setup VPNs (Virtual Private Network).

As more businesses are connecting their digital signage players to the Internet, these units will eventually be faced with many security issues and it will be up to the IT department to control, monitor and ensure their clients investment is secure.
As a final note, just remember that any device that is networked is hackable to some extent or another.

We would love to hear whether your digital signage solution has ever been hacked into or what security measures you are implementing in your digital signage solution.

To discuss this topic further, visit our digital signage forum entry.

Tweet This Post

Category: Digital Signage Blog Info, Digital Signage Blog News