« "Shovel-Ready" | Main | Is this thing on? »
May 01, 2009
Security
When starting any IT project, one of the first topics of discussion - and the one that gets the most traction with management - is security. Any old boring server is a target, but shiny networked public displays, intentionally placed in the highest-traffic areas on campus, are up there among the most attractive possible targets.
From the very beginning we've tried to ensure that the "attack surface" of this system remained as small as possible. I even feel a little conflicted writing about it, in fact, as though I'm suspicious of you who might be reading this. There were some guys I knew in college that would have stayed up late poking at a system like this. Not that any Michigan CS students are that way - not that it'd only be accessible to Michigan CS students. Hence my ambivalence about writing this.
To stay secure you have to assume the worst, that some "entrepreneur" in some remote country is going to try to display his Viagra spam on your digital signs, and that someone in the residence halls thinks the signage network would be a great way to get the word out about their ex.
The University employs a great group of professionals whose job it is to think about this problem all day long, so we consulted with them first. They gave us a 42-page spreadsheet of things to check to make sure our player computers were secure, and conducted a battery of tests that poked and prodded our server. But the closer we get to a big deployment of these devices, the more nervous we got - every device you put in the field is another potential battlefield.
It's tempting to cut corners and do dumb things to save time, but keeping in mind the potential nuclear disaster you're avoiding helps ease the pain of doing repetitive work that you hope won't ever become necessary. No shared accounts, permissions that are as granular as possible, turn off every service and device you're not using.
Posted by dchase at May 1, 2009 07:07 PM