Converged Video Network Security
Compared to traditional voice/data networks or cable TV infrastructures, threats to an IPTV environment are far more severe. IPTV allows carriers to manage valuable content that must be protected from unauthorized access and modification. Carriers also need to ensure that quality of service is protected to comply with customer's expectations and Service Level Agreements (SLA).
For years the satellite TV industry has been fighting access fraud. Recently, satellite TV companies have been taking legal action against defendants for unauthorized access to TV content.
The experience of the satellite TV industry shows that fraudsters go to great lengths to break their security measures. This includes cracking the smart card protection used for the set top boxes and distributing cloned "free access" cards. Even though the satellite TV providers have modified the cards, fraudsters have managed to find alternative ways to break the safeguards incorporated in the new releases. Now that video technology has entered the IP world, the level of threats has escalated vulnerabilities that have been solved in other, more mature technologies are still part of the new IPTV systems.
IPTV is not only transferred to set top boxes, but also to computers and handheld devices which facilitates hacker access. Simple software modifications introduced by hackers allow them to break the encryption system and other security measures, or even capture and redistribute the contents using peer-to-peer networks.
A major impact on the satellite TV industry has been fraudsters selling modified "all access" smart cards. As a result, the IPTV industry faces an entirely new threat with broadcasting stations residing on every home PC, hackers are able to redistribute the broadcast stream to other computers all over the world.
Senior Manager, Security Consulting & Integration Global Practice,
David Ramirez has been involved with Information Security for the past twelve years. He began his career as a networking specialist. Subsequently, he joined a consulting company managing the Information Risk Management practice implementation where he was involved in risk assessments for more than 80 companies. In 2002, David transitioned to a UK Risk Management company as part of their new Information Security division. In that role, David was responsible for developing the methodologies for the practice, covering Penetration testing and ISO 17799 compliance including disaster recovery. In this period he was involved in security projects for several banks in Latin America, Middle East, Europe and the Far East, and other financial institutions in South Africa, Italy, Malaysia, the US and central banks in Italy, Turkey and Colombia, most projects in the areas of security awareness, disaster recovery & business continuity, security policies, security architecture, managed security services and compliance with international standards.
- 20 Aug 2008
- 01 Apr 2007
- 20 Page(s)
- White Paper