Ⅰ.Network Security Solutions for Network Television Stations (New Media)
Network TV (new media) is a new media operation platform built under the trend of three-network convergence, the construction goal is to provide media communication based on IPTV, mobile TV, Internet TV, portal and other terminals through unified video content integration and management capabilities, to achieve support for cross-terminal business linkage and service integration, and establish a new model of media industrialization operation.
The overall business of network television station(new media) is to bring together programs and materials transmitted from IPTV collection, upload, partner line access, network upload and other channels, and process edited and processed to form a program form suitable for new media business, which is released by IPTV, mobile TV, Internet TV and portal broadcast platform.
The business system includes the primary activity of program and material collection, editing, broadcasting, management and storage, which is the most significant difference between the production system of the network TV station. The need to connect to the external network raises the network security to the strategic level.
Challenges and security needs
The four essential requirements of Network TV station (new media) network security system :
1.Establish a secure interconnection network for content production service platform and broadcast control area, establish a network channel for safe and efficient material exchange with partners, establish access network and material exchange with partners from the Internet, and establish a secure network channel with OA network and media-related system interconnection.
2.Plan and build a network security domain, based on the primary network system, sort out the business boundaries of downloading, uploading, indexing, editing, content management, and publishing.
3. It is necessary to build network security and risk prevention, comprehensive security monitoring and management system, and realize the four dimensions management functions of monitoring, auditing, risk and operation of information system security.
4.It is necessary to realize the security access and unified authentication of the equipment in the business terminal area, single sign-in, decentralized authorization, to ensure the smooth running of the program's fast-edited, refined, downloaded and operational management business, and to realize the two-factor authentication function of the operation and maintenance management personnel to ensure the uniqueness of each login access.
Divide security domains, sort out network boundaries and strengthen inter-domain access control.
There are many channels for obtaining media resources , and the security of these channels can not be fully guaranteed, attacks and viruses and other malicious code can go through media access channels to infect the database of the network broadcast television system, resulting in a severe impact.
Therefore, such boundaries must be strongly isolated, focusing on two types of protection: First, access control, to avoid unauthorized access and possible cyber-attacks; On the other hand it is necessary to check the obtained media assets for malicious code such as viruses to avoid the invasion of viruses. UTM products can be deployed (with firewalls, anti-virus walls, intrusion detection, and other perimeter protection features).
1. The the key security measures of network external boundary include: firewall in the access management zone, access VPN gateway, UTM for security zone intersection, firewall for portal to IDC room, IPTV broadcast control area to operator room firewall.
2. Key security measures for internal area boundaries include: UTM for access management zone isolation, OA and UTM for production area isolation, firewall for mobile work area isolation, and for content production and broadcast control isolation firewall.
Compliance audit of system authentication and operation
There are many critical applications in the content production system, broadcast control platform and other systems, which directly affect the safe production and broadcast. Users of these application systems must carry out strict identification, relying only on the username/password is weak, once the password is leaked or sniffed in the network may cause unauthorized internal and external personnel to access the core application system for illegal operation. Therefore, it may be considered to use the two-factor authentication to strengthen the identity authentication for the users of the application system. All applications should strictly limit the permissions of each account.
Comprehensive security monitoring and management platform
1.Integrated security monitoring and management platform: from the four dimensions of monitoring, auditing, risk and operation conducts the availability and performance monitoring of information systems,, analyzes,audits and early warns the configuration and the events,conducts risk and situation assessment, event centralized collection, correlation analysis and automated management, through the processing and analysis of the platform, valuable, dangerous and useful data can be mined.
Integrated security monitoring and management platform: from the four dimensions of monitoring, auditing, risk and operation of information systems for availability and performance monitoring, configuration and event analysis and audit warning, risk and situation assessment, event centralized collection, correlation analysis and automated management, through the processing and analysis of the platform, valuable, dangerous and useful data can be mined.
Comprehensive monitoring of various events occurring on network devices and hosts helps to understand the use of the security environment of network security devices, etc. and enables unified monitoring analysis and early warning processing of security risks through in-depth analysis of security incidents and rapid intelligent response.
The risk factor is calculated by using several indicators, and the current risk status of the asset is obtained according to the change of the indicator.
To grasp the confidentiality, availability, integrity and vulnerability information of the assets names, IP and CIA attributes, and to manage and monitor the equipment, host and application systems in the network is conducive to the realization of the comprehensive security management of the network environment.
2. Intrusion detection system components: Intrusion detection system is deployed in the core of the content production area, the portal broadcast control aggregation, the IPTV broadcast control core, and the access management area core, and interfaces with the integrated security monitoring management platform.
3. Vulnerability scanning and management: deploying a network-wide vulnerability scanning system to achieve vulnerability scanning of the whole network and to realize full lifecycle management such as discovery, verification and repair of vulnerabilities, and interfacing with comprehensive security monitoring management platform.
4. Terminal and server security: for the mobile terminal, the necessary software is installed by the station and the administrator account is closed to prevent the user from freely uninstalling and installing the software. Security software needs to be installed: anti-virus, patch management, network access, media management (fixed terminal). Key servers and critical terminal data are connected to the integrated security monitoring management platform as needed.
Ⅱ. Cable TV front-end interactive system security audit solution
The digitalization, networking and two-way network transformation of cable digital TV system networks has developed rapidly, especially the development of cable digital TV front-end systems that embody the characteristics of human-computer interaction and interactive functions.
Cable digital TV front-end system IT assets and business application systems are important infrastructure for cable digital TV network operators to operate normally under the background of Internet wave and triple-play. The management of these IT infrastructures and the operation of cable digital TV networks are the mission that each cable digital TV network operator must complete.
Various security incidents are growing exponentially, the intrusion from outside is frequent, and increasingly shows the characteristics of "organizational", "targeted" and "purposeful", the experience of emergency response of security incidents tells us that once the invasion occurs, the log analysis is the crucial means to find the clues of intrusion attack.
Misoperations or intentional, unintentional leaks of internal personnel also occur from time to time. Log analysis is also an essential means of troubleshooting, and it can also assist us in identifying responsibility. In such an increasingly difficult situation, how to ensure the security of the cable digital TV front-end system, mainly how to better prevent and audit the internal management personnel access and operation behaviour of the front-end system, has become a vital link to ensure data security.
Challenges and security needs
The challenge and requirement of cable digital TV front-end system in log management is to realize comprehensive audit employing "log retention", "trace retention" and "operational audit", including log life cycle management, accurate management authorization, network and database management system operation audit.
1.Log life cycle management. Log is a record of events that occur during the operation of an IT system. Through the logs, IT managers can understand the health of the system, learn about the security status of the information system, identify attacks and intrusions against information systems, as well as internal violations and information leakage incidents, and provide the necessary information for problem analysis and investigation and forensics after the fact.
The network security log management and auditing system can continuously collect the massive log information generated by various vendors' security devices, network devices, hosts, operating systems, database management systems and various application systems in the digital cable TV front-end system network in real-time. Implements the normalisation, correlation analysis, and log-based auditing of log information to help administrators effectively troubleshoot and facilitate event tracking and accountability.
2. Precise management authorization.. Firstly, based on the centralized management of the identity of natural persons, resources and resource accounts, the corresponding relationship of “natural person-resource-resource account” is established to realize the unified authorization of natural persons to resources. Secondly, for the assignment and management of the operation and maintenance personnel according to their responsibilities, the operation and maintenance personnel can only access resources and daily operation and maintenance within the scope of authority, and cannot access unauthorized resources. Then, a granular access policy can be set according to the user, the user group, the access host, the target system account, and the access mode, and the host and the accessible resources are automatically displayed according to the access authorization list, so that the mapping between operation and maintenance user and the background resource account are realized. Correspondence, it limits the unauthorized use of the account.
3. Operation audit of network and database management system. It is necessary to carry out granular audit management of network-based operation behaviour under the environment of cable digital television front-end system.
Through resolution, analyzing, recording and reporting the operation behaviour of operation and maintenance personnel accessing network system and database management system, the internal and external operation and maintenance personnel can strengthen the supervision of operation behaviour of network and database management system.
The system can parse the network operation and maintenance protocol to audit the operation and access of network equipment and database management system. Typical operation and maintenance protocols include remote login through character protocol Telnet, Rlogin and SSH, operation through graphic protocol RDP, VNC, X11 and database operation protocols such as PLSQL and SQLPlus.
Cable digital TV front-end system generally includes CA conditional reception system, EPG electronic program guide, SMS user management system, data broadcast system and VOD/NVOD.
Each business application is relatively independent in the network structure, to ensure that the existing security zone does not be changed fundamentally.The security policy changes between regions is minimized. The log collectors are connected to the convergence switches of the various business systems, based on the following considerations:
1.Log collector can easily reach the equipment of the front-end business system of digital cable TV through the aggregation switch. The firewall or ACL strategy between the logger and the equipment is the simplest, and the strategy change of the internal firewall is the minimum, so as to ensure that the impact on the existing system is minimized.
The log collector is connected to the switch that aggregates the service systems of the cable digital TV front end. The communication path between the log collector and each resource is the shortest at the network routing level. When collecting logs on each device, the non-service traffic on the network can be reduced,which plays a role in optimizing the content of the network transmission.
2. The business flow between the log collector and the security audit centre server is apparent, the security administrator of the operations area can easily design the network access policy between the log collector and the audit centre.
As shown in the figure below, the deployment model of separation between the security audit centre and the log collector is used based on the network structure and division of business areas of the cable digital TV front-end system.
Each front-end business application deploys a log collector locally, which is responsible for collecting the log data of the business application equipments in its area, obtaining the log of operation and maintenance operations, and transferring the data to the server of the Security Audit Center for centralized storage and correlation analysis, so as to realize the log life cycle management and log-based security audit function.
As the front-end user interface and control centre of the comprehensive audit platform, the security audit centre realizes the core functions of operation audit, account management, access control management and authentication.