There’s no time like the present to protect your broadcast system components from unwanted access. TelVue would like to offer some tips to consider to further secure your HyperCaster, InfoVue, and TeleCast 2 systems.
TelVue highly recommends that customers:
- Change ALL default passwords and use strong passwords.
- Place the HyperCaster and all servers and systems behind a firewall device to avoid Denial of Service (DoS)-type attacks or brute force login attempts on the various services.
- Use secure https:// port 443 access to the HyperCaster interface where possible to keep usernames and passwords secure.
- Use a dedicated port for the Website Program Guide, preferably secure https:// port 50001.
- Never enable Samba for external access.
- You should generally never enable FTP for external access. If it is required for your workflow, limit access to known IP addresses.
Consider locking down all remote access to service ports to known IP addresses. For example, if you would like to access your HyperCaster from home, you could limit remote access via your router firewall to IP sources coming only from that location.
For TelVue Support purposes, you can lock down remote access via SSH (port 22), HTTP (port 80), and HTTPS (port 443) to originate from TelVue’s network operations center at IP address 8.39.99.1.
Consult your IT department for standard networking security practices including establishing a firewall and remote access.
HyperCaster
- The HyperCaster includes a basic, user-configurable, internal firewall that will help you restrict access to the HyperCaster. The basic, internal firewall should not be considered a security firewall. The internal firewall is very useful in controlling HyperCaster access within your local network.
- Please place the HyperCaster and all TelVue products behind a strong firewall device to avoid unauthorized access, Denial of Service (DoS)-type attacks or other dangerous actions or activities launched from within your network or from the public Internet.
- Consult your IT department for standard networking security practices including establishing an external firewall, remote access policies, or isolating your TelVue equipment from other network devices.
- Change the default passwords for the psgadmin and psguser accounts by logging in to an admin-level user profile and going to Config>Users and click on the user names to edit (psgadmin, psguser). Enter the new password in the “Password” field and then in the “Password Again” field. Click “Save.”
- After changing the default password, you’ll need to re-map the vol1 directory to each device.
InfoVue
- InfoVue Players are locked-down digital signage appliances and are not general purpose computers. End users do not have typical desktop access directly. End users do not have the ability to install programs, or change the file system contents.
- The InfoVue players run dedicated signage software, and communicate directly to the InfoVue cloud over secure HTTPS.
- The version of the OS is also locked down for appliance stability and to avoid variations that could impact the core functions.
- You should always run your InfoVue player behind a firewall that only allows the player to make web and streaming requests.
- You should keep your InfoVue Players isolated from general purpose computers on your internal network as well.
- InfoVue Players should be able to network to HyperCasters when used in conjunction for purposes of displaying the schedule XML feed.
TeleCast 2
- If you currently have the TeleCast 2 exposed to the Internet, meaning you can access the user interface from outside the local network in order to start/stop streams to Facebook and YouTube, you may want to consider port obfuscation.
- By forwarding a non-standard HTTP port externally to port 80 (HTTP) internally on the TeleCast 2 will help to protect your system from potential malicious activity.
- Change the default password by logging in and clicking on “admin” in the top right corner. Enter the new password in the “Password” field, and confirm by retyping in the “Confirm Password” field. Enter the old password in the “Current Password” field. Click “Save.”