We’ve all heard enough horror stories about security breaches to understand that it’s important to keep an eye on security settings. But when you’re actually setting up and maintaining your equipment, it can be hard to remember the urgency. Who would bother messing with your server?
The truth is, you don’t have to be high-profile to be a target. Some people scan the internet looking for servers to mess around with, just for fun. Protecting yourself is easy, so why take chances? Here are some quick safeguards to take to keep your equipment secure:
Update your firmware
Seriously! The most important thing you can do to maintain the security of your equipment is to keep your firmware up to date. We sound like a broken record on this one, but it comes from a very real place – we talk to people everyday who run firmware that’s over 5 years old. We’re constantly working to develop updates to make our products run better, and outdo ourselves. Trust us, the difference between today’s firmware and the firmware from 2012 is night and day. Your equipment is only as old as its most recent firmware update.
Not only are you missing out on the best possible performance, you’re also missing out on all the security updates we’ve introduced in firmware upgrades since you last updated. If you don’t absolutely need to run older firmware, make sure you’ve got the latest installed!
Set a good password
And write it down! The default passwords for ACCESS, BRIC-Link, and LiveShot are listed in our manuals, so if you don’t change the default password, pretty much anyone who happens to stumble across your server can log into your equipment with some brief googling. (The default password is, in most cases, “comrex”. It doesn’t take a super sleuth to crack that one!)
A good way to set a strong but memorable password: think of three to four arbitrary words that have no relation to each other, and smush them together in a single word. (Some examples: ElephantTapePolka, TissueBottleFortune, LipstickPaperclipChevronBirch.) This kind of password is incredibly difficult for software to decode, but easy for human brains to remember. Plus, they’re kind of fun to make up!
Really worried? Fiddle with some defaults, and take notes about what you’ve done.
Generally speaking, keeping your firmware up-to-date and setting a password should be enough. However, if you feel like you’re at more of a risk than most for hacking (e.g. someone has threatened you, it’s happened before, you’re working with a very high profile organization), here are some steps you can take to close any gaps:
- Using non-standard ports will make Comrex IP equipment harder to find through casual scanning. The downside of this, however, is messing with your standard ports can complicate support calls when you don’t make your techie aware of these changes. Take notes about any port changes you make, and if you have to make a support call, tell us what edits you’ve made.
- For the ACCESS Portable units, disabling Remote Control entirely would help protect customers who only use the touchscreen interface. (A good password and a non-standard Web Server Port should offer sufficient protection while still allowing authorized remote control, but this is an extra step you can take.)
- Something to keep in mind – if you disable Remote Control on the LiveShot Rack unit, it can create all kinds of difficulties and we don’t recommend it.
- Disabling the “Accept incoming connections” setting for any unused connection methods (like SIP, HTTP, RTP, POTS, TCP) will reduce potential for attack. This is another thing that could turn into a support issue if you try to use that connection method without re-enabling connections, so take notes!
Have additional security concerns? Need help with your settings? Write to us at techies@comrex.com – we’re happy to help!