Sure, but none of these are use-cases where the (infection vector) office machine would need read/write access to the *audio* files in /var/snd on a Rivendell box, or the ability to *write* to the Rivendell DB, or access to home dirs & SSH keys on a Rivendell machine, or access to the backups. Maybe you wouldn't use VLANs in this case, but there are certainly robust access controls for SSH, NFS, Samba, etc. that can be used to stop your average "smash and grab" style data vandal from c99'ing or maliciously keying your Rivendell machines. If you view your systems through the lense of PoLP (https://en.wikipedia.org/wiki/Principle_of_least_privilege), you end up light years ahead of many broadcast facilities, unfortunately.
On Tue, Dec 14, 2021 at 1:11 PM Rob Landry <41001...@interpring.com> wrote: > On Fri, 10 Dec 2021, Jake Tremper wrote: > > > 2) Network segregation. An infection on the business side is awful and > > hard to recover from. An infection on the business side that jumps and > > wipes out the on-air machines is catastrophic. Isolated VLANs, when > > implemented properly, help greatly in this area. > > The problem, unfortunately, is that a traffic machine has to be able to > write a log file to the automation, and read aired log files from it for > electronic reconciliation. > > Traffic machines are typically on the office network, and are used for > things like email. > > Music scheduling software typically also runs on an office machine. > Programming people are forever getting songs and syndicated shows off the > Internet to add to the audio library. > > Both of these are potential malware vectors into an automation systems. > > The question is: even if someone exploits Samba to drop something onto a > Rivendell machine, it goes into a Samba-writable folder, not /var/snd. How > did they leverage that into access to other folders? > > > Rob > > -- > Не думай что всё пропели, > Что бури все отгремели; > Готовься к великой цели, > А слава тебя найдёт. > > > > and, not directly related to this one, but a good concept: > > > > 3) Untested backups are not backups. Test your backups periodically and > > verify that you can actually recover from them. > > > > On Fri, Dec 10, 2021 at 12:42 PM Tim Camp <t...@dotcom1.net> wrote: > > Greetings, > > This past Sunday morning our four station had a cyber attack. > > They gained access through a windows server that we use for traffic > > and bookkeeping. > > Through this connection they exploited samba to place ssh keys on many > > of our linux machines and erased all files on the control room pc's > > and erased /var/snd on our nfs server. > > > > They encrypted the windows server for ransome and just erased the > > linux machines they got access to. > > > > Trying to rebuild four radio stations from the ground up. > > We had backup on several drives but they were on the network so they > > got them as well. > > > > One issue if someone can help me with. > > I have recompiled rivendell on two control rooms and everything works > > except no audio and no meters, Carts act like they are playing but no > > output. I'm sure I have overlooked something, I've been up for days. > > > > Warning to all that Samba is a weak spot. > > > > Tim Camp > > WZEW-FM > > Mobile, Al. > > > > > > > > > > > > _______________________________________________ > > Rivendell-dev mailing list > > Rivendell-dev@lists.rivendellaudio.org > > http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev > > > > > >_______________________________________________ > Rivendell-dev mailing list > Rivendell-dev@lists.rivendellaudio.org > http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev >
_______________________________________________ Rivendell-dev mailing list Rivendell-dev@lists.rivendellaudio.org http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
