[Marius]

HI Chris,


We've touched this before, but I can't find it anymore: Please let me ask you to rethink the security aspects of the BDP.


Without compromising my own security too much, (thus refraining from specific details) I can see a rather obvious security breach with the NAS shares, open (non secured) passwords for these shares, certainly in combination with the service-mode. The latter opens up the BDP to external security measures Bryston uses/implements (or not) and is possibly an even bigger security issue.


Might also openup the BDP for other hackers reading along on this AC.  It at leasts establishes a confidentiality between the user and Bryston which nowhere is described or bound to criteria.


Those NAS's are often used for more than only Music files (backup) and I for one certainly wouldn't advise users to backup critical or private files on a NAS, shared through this topology using a BDP, which has the secret credentials bryston bryston...


Changing that login ought to be personified. It would be an improvement if one could password protect the shared folders, and not the root of the NAS. I believe this is not an option currently. At least cloaking the networkshare's Password should be implemented for basic security.


Please share your thoughts on this,


Thanks,
Marius

[unincognito]

Hi Marius,

I understand why you would worry, especially over such a large library that you have likely spent years ripping, tagging and sorting.  Adding to much security to product makes it more difficult to use, so the BDP was designed with just enough.  As far as I am aware the only way to get into a BDP is to be on its local network, your routers firewall and NAT should shield the BDP and all other devices on your home network for that matter from external threats.  As to why yours isn't asking for a password, my guess is you may have told your mac to remember the username and password in its keychain.  Otherwise I havn't had any other reports of this type of behaviour, nor am I able to replicate it.  Inregards to service mode, no BDP can talk to any other BDP, BDP's in service mode can only be accessed from our server, BDP's arn't exposed to the internet as they are still protected by your router and the security of our server.  I'm not saying we implement state of the art security on our server, but it is limited to how it could be attacked, nor will I go into any further detail and expose it any further.

We don't bother "cloaking" passwords for ease of use, a customer isn't wondering if its not working because the password is wrong.  When setting up a NAS, its only visible during the setup of the share.  If you really wanted to be secure about it you would have setup read only credentials on the NAS for just the Music files for the BDP to use.

Cheers,
Chris

[Marius]

Wow Chris,
Thanks for this, this must be one of your best posts thus far


The thing is, I might not have been able to put forward my biggest worry: not as much securing the BDP, but securing the NAS is the center of my concern for now.


To put is bluntly: If one is in the BDP (with a NAS Share), one is in the NAS. Password is open and saved in the user files...


Of course my settings are secure and none can enter without authorization. I've even went as far as to secure my wireless and wired network with a VPN


Bryston is authorized when in servicemode. For all i know, you could have copied my complete NAS drives .... (just kidding of course) let alone deleted or destroyed it, or password protected it to claim your bonus freeing it up again . Things happen.


I have to reread your post, but am looking for your instructions as how to secure things best.


whats your strategy for securing the BDP, the NAS and connections between them?

About the keychain: not sure what you're on about here, my BDP has the password of the NAS installed, my mac's have the password of the BDP, thats about it. I don't see how i could prevent outside visitors with those stored passwords?

Cheers, and thanks again!

Marius

Hi Marius,

I understand why you would worry, especially over such a large library that you have likely spent years ripping, tagging and sorting.  Adding to much security to product makes it more difficult to use, so the BDP was designed with just enough.  As far as I am aware the only way to get into a BDP is to be on its local network, your routers firewall and NAT should shield the BDP and all other devices on your home network for that matter from external threats.  As to why yours isn't asking for a password, my guess is you may have told your mac to remember the username and password in its keychain.  Otherwise I havn't had any other reports of this type of behaviour, nor am I able to replicate it.  Inregards to service mode, no BDP can talk to any other BDP, BDP's in service mode can only be accessed from our server, BDP's arn't exposed to the internet as they are still protected by your router and the security of our server.  I'm not saying we implement state of the art security on our server, but it is limited to how it could be attacked, nor will I go into any further detail and expose it any further.

We don't bother "cloaking" passwords for ease of use, a customer isn't wondering if its not working because the password is wrong.  When setting up a NAS, its only visible during the setup of the share.  If you really wanted to be secure about it you would have setup read only credentials on the NAS for just the Music files for the BDP to use.

Cheers,
Chris

[unincognito]

You have to understand all decisions in regards to security come down to how two areas that are assessed, risk and ease of use.

Risk: is measured in two ways, how likley something is to occur and if it does occur how bad is it.  If a risk is low and I consider the BDP behind a NAT to be a low risk from external attack, then there is little need to put in protection.  Your BDP being broken in remotely, not likely, in the off chance it is there are way to protecting your data(by limiting permissions as outlined previously).  Attack locally, well then you have bigger issues then your music being at risk.  If something is at risk an attacker is more likely to mine network traffic for banking and other financial data or something to black mail you with.  Or it's someone you live with, if that's the case what's stopping them from just smashing your hard drives, nothing.

Any additional security would just potentially make the system more difficult to use.

In regards to our lack of encrypting passwords stored on the BDP, as a former security consultant, it's a bit of a waste of time.  The software needed to decrypt the encrypted password must be stored on the same system in order to use the encrypted password.  If the system is compromised they already have avert thing they need to decrypt it anyways.  What's the point?  The only way to protect those passwords is to not store them in the BDP at all, this would result in the user would have to enter the password each time the BDP was turned on or lost connection.

Because of this, this is why you would create credential that only allow access to the files needed and would limit there access.  In. Your case you would create a user, with password on your NAS and give it read only access to the files.  You would then use these login credentials with the BDP to access your music share.  Again the risk of this ever occurring is incredibly low, that you would consider the consequences before proceeding.

Why we don't lock down the BDP's firmware, we don't want to.  We want the firmware to be open and available to all, it's that simple.  Besides even closed systems are broken into, so what's the point?  Look at apples iphone, apple employs thousands of engineers and the first iphone hacks were release within months.

....
Written on an iphone while on a treadmill

[Marius]

Wonderful Chris,
I think this is state of the art. 


Please add some of this to the BDP documentation in the NAS section, maybe add Security Considerations.


Especially adding an dedicated User account for the NAS shares used by the BDP, of course with a different pw than the admin 


question:
Ive done as advised and even dug a bit further: changed some user id's and pw in the Nas Share interface of MM, clicking next to save and end the procedure. Nothing visually happens though in MM, and checking my BDP, apparently it had rebooted? Is this expected behavior? The MM interface not responding or giving feedback is a bit awkward, maybe you could implement some feedback there?




BDP is still in the N fase after the reboot, and MPD is not yet responding. starting MPB in the settings page gives:


 


Ive checked /user/Nas, and the new shares , id's and pw's are stored correctly.
Cheers, and kudos to you,
Marius

You have to understand all decisions in regards to security come down to how two areas that are assessed, risk and ease of use.

Risk: is measured in two ways, how likley something is to occur and if it does occur how bad is it.  If a risk is low and I consider the BDP behind a NAT to be a low risk from external attack, then there is little need to put in protection.  Your BDP being broken in remotely, not likely, in the off chance it is there are way to protecting your data(by limiting permissions as outlined previously).  Attack locally, well then you have bigger issues then your music being at risk.  If something is at risk an attacker is more likely to mine network traffic for banking and other financial data or something to black mail you with.  Or it's someone you live with, if that's the case what's stopping them from just smashing your hard drives, nothing.

Any additional security would just potentially make the system more difficult to use.

In regards to our lack of encrypting passwords stored on the BDP, as a former security consultant, it's a bit of a waste of time.  The software needed to decrypt the encrypted password must be stored on the same system in order to use the encrypted password.  If the system is compromised they already have avert thing they need to decrypt it anyways.  What's the point?  The only way to protect those passwords is to not store them in the BDP at all, this would result in the user would have to enter the password each time the BDP was turned on or lost connection.

Because of this, this is why you would create credential that only allow access to the files needed and would limit there access.  In. Your case you would create a user, with password on your NAS and give it read only access to the files.  You would then use these login credentials with the BDP to access your music share.  Again the risk of this ever occurring is incredibly low, that you would consider the consequences before proceeding.

Why we don't lock down the BDP's firmware, we don't want to.  We want the firmware to be open and available to all, it's that simple.  Besides even closed systems are broken into, so what's the point?  Look at apples iphone, apple employs thousands of engineers and the first iphone hacks were release within months.

....
Written on an iphone while on a treadmill

[unincognito]

I think you misunderstand, you would store the files on a dedicated NAS and limit the BDP's access to the NAS.  If the BDP is compromised then the attacker would have limited access to the files.  If the files are stored on drives attached to the BDP and the BDP was compromised, it wouldn't matter what those limitations are as the attacker is in direct control of the drives.

[Marius]

No i didn't misunderstand. I think you answers were perfect and needed to be added to the manual, in an extra security section: Some of your considerations as top why and why not implement measures. But in any case offer suggested best practice of creating a dedicated user-account on the NAS for the BDP, and give that only read-only authorization. Once you get it, it might seem obvious, but it closes the circle and is a very useful extra tip for those that didn't think about it yet.


A dedicated NAS of course is even better, (especially when one morphs it into a multimedia NAS, and use one with a bit more processor power for streaming and decoding movies. )


No need to clutter this MMedia library with your private and vulnerable other files with.


Cheers,
Marius


 

I think you misunderstand, you would store the files on a dedicated NAS and limit the BDP's access to the NAS.  If the BDP is compromised then the attacker would have limited access to the files.  If the files are stored on drives attached to the BDP and the BDP was compromised, it wouldn't matter what those limitations are as the attacker is in direct control of the drives.