Networked Audio Endpoint Security

[Cormorant]

All the new networked "endpoint" audio products coming out now are pretty cool and have the promise of providing more fun and better sound.

 

After reading the following "Krebs on Security" blog post that came out today I started thinking of the security aspects of these devices which if not secured might end up being not so much fun.

 

http://krebsonsecurity.com/2016/02/iot-reality-smart-devices-dumb-defaults/

 

There are two aspects of networked audio device security that come to mind. The first is setting up our networks such that a rogue device can't wreak havoc. The comments in the Krebs article are good - for example, the idea to have three routers to segregate devices in the network.

 

The second aspect is having some confidence that the networked audio devices we purchase are going to be secure now and in the future. Do we trust that they will be patched on a regular basis? How long will there be support? Does the organization we purchase the device from have a good grasp of the issues? And so on.

 

These issues apply to other "Internet of Things" devices we have on our networks too.

 

I'd like to hear what others have to say about this topic so we can all learn from each other.

[Paul R]

Interesting take on things. Depending on end user devices to protect your network is usually a less than optimal idea. You should design your network to protect the devices.

 

Single most vulnerable point for most home networks is the wireless capability. Protecting that buys much more than worrying about the OS on a streaming audio player.

 

How do you protect that?

 

You can start with simple things, like not publishing the SSID for your wireless network. Use a password protected guest network with no access to other devices on your networks for friends and guests. Use the MAC address protection and limits offered by home class firewalls. Use a VPN for remote access. Check the firewall logs on a regular basis.

 

If you are paranoid like me,you can pick up high end wireless LAN controllers, access points, and switches able to support them on the used market for cheap. Put a set of those behind a firewall, and you can improve the wireless security in your home by several orders of magnitude. If you have any hair left after configuring them, that is.

 

There is of course, far more. And this is definitely overkill for the guy with a laptop, Apple TV, and a streamer on his stereo rig.

 

At least until someone's Aeires starts stealing their credit card numbers when instructed to by one's infected Andriod phone, after it has been infected by a rouge USB stick device...