Tuesday, January 29, 2013

Digital Signage "How To": Securing Wireless ( WiFi ) Communications for LED Signs



- Scott Hofheins


An increasing number of  businesses, organizations, and public entities are seeing the value in LED and Digital Signage. The number of LED Signs on the streets has increased quite a bit over the last 10 years. With this growth, comes a greater need for manufacturers, dealers, and end users to make sure these signs are secure from outside parties who would use the sign in a manner not consistent with the owners intentions or local laws.

An overview of many of the communications options available can be found in my previous post. However, I would like to focus on Wireless communication because it is the most common option currently in use. I have purposely written this post using general terms to avoid anyone using it as guide on how to cause trouble.

There are three basic concepts to remember: Wireless Security, Software Security, Network Security.

Wireless Basics
Most signs are supplied with 2 wireless devices. One unit connects and resides at the sign, the other at the building connected to the users network or computer directly. (In some applications, only one radio is used)


These radios communicate to each other and create a “wireless cable” from the building to the sign, allowing end users to manage their sign without having to run an actual cable out to the sign. These radios can use a variety of frequencies and security methods to connect the sign to the end user.

Frequencies
  • 900 MHz: This has been used for many years in wireless communications between devices. Many traffic devices and networks use this frequency because of its range. However, it has a much smaller bandwidth capacity than the other options so most new LED signs do not use this anymore.
  • 2.4 GHz: This is the most common wireless frequency in use today. Most home networks use this frequency for their “WiFi” connections. Most laptops have a 2.4 Ghz WiFi card built in.
  • 5 GHz: This is gaining popularity, but is still much less common than 2.4 Ghz. This uses some of the same “WiFi” standards as 2.4 Ghz, but is inherently more secure because it is less common. In my opinion, this is the best frequency to use because it mixes the speed of 2.4 Ghz with the security of 900 Mhz.
Wireless Security
WiFi security has greatly improved over the years. Encryption and password based security is much better and easier to set up than ever before...but only if you actually use it. Here are some things to remember:

  • Factory Settings: A good manufacturer will change the factory settings on the wireless devices to it’s own secure settings. These should not be published in any public documentation, but only available to the end user and/or sign dealer supporting the signs. Part of the reason we saw those “Zombies Ahead” signs a couple of years ago was due to unchanged factory settings (See Deacons Post). As an extra precaution you can always set your own security settings for the radios, but remember to document these changes. You could get in a bad situation if your computer crashes and you have to re-enter the settings.
  • Quality Devices: Make sure your manufacturer uses established, well tested wireless products. You do not want your sign using a sub-par device with weak encryption and security options.

Software Security
A well designed LED sign system will also incorporate direct and indirect software security as an additional firewall to intruders.
  • Not Publicly Available: Avoid software that is available for public download. The only people who should have access to the sign software is the dealers and the end-users.
  • Secured Installations: Installations should be secured with an “Activation Code” or other security system to prohibit unauthorized parties from installing copies of the software. Avoid unsecured or generic software.
  • Cloud Based Options: This is a new concept in the LED Sign market, but there are options currently available. Internet based sign management can be another way to secure all your content because you can rely on enterprise level security and off-site hosting. This makes it much harder for anyone to do any real damage to the sign with local access.
Network Security
This is another key point to ensure protection. Your network should be reasonably secure and access restricted to your own personnel only.  
  • Secure your Computers: All of your computers should be password secured. Most windows based systems allow you to require a password to log into the system after the computer goes into the “Screen Saver” or “Sleep” mode.
  • Physical Access: Make sure you install the sign software only on the computers you have direct control over, and who’s users you trust. An extra security measure can be to have a dedicated laptop that is on it’s own network, connected directly to the sign using the wireless radios.
Wireless security is important for LED signs. Make sure your manufacturer is using quality hardware and unique wireless settings to avoid a “Zombie Warning” situation. Your own network should be secured with common sense security practices like passwords and restricted access. Your manufacturer or dealer should be well versed enough in the unique security needs for LED signs to help guide you in the best options for your specific installation. An LED sign is a large investment, make sure the security, options, and hardware quality reflect this.

-SH




I hope this post has been informative and helpful. As usual, I welcome ALL constructive comments. Please feel free to comment and add anything I’ve missed, or additional tips you may have regarding this topic. Please visit www.vantageled.com for many other resources, white papers, and of course: Great looking LED Signs!

**All posts/thoughts/writings are strictly the viewpoint of me and me alone and do not reflect nor speak for Vantage LED’s beliefs, attitudes, thoughts, etc. unless specifically stated.

No comments:

Post a Comment