Tue01232018

Last updateThu, 21 Dec 2017 2pm

 

Introducing – Tools for Cinema Quality Assurance

cat_pr1_sm_jpg

Cinema Test Tools for the non-Technical Manager – Post Installation Quality Assurance Has Begun

Cinema Test Tools is a free resource for the cinema industry, tuned most particularly for the non-technical manager. The tools include several DCPs, all with interesting means of testing the sound and picture quality for the interested by lightly trained staff. The lessons on sound and light are written to provide a foundation to communicate with the technician who must respond quickly and well to the information that they discover.

The key is a free Managers Walk Through Checklist that correlates with the many DCPs. It helps bring an understanding of the many nuances of the auditorium's situation in a straightforward way. 

Don't Be A Target – Do The TightenUp™

They came in through the bathroom window… [YouTube]

Life lessons come in all flavors and it seems that today's is: Don't be a Target.

Everyone knows by now that there was a data intrusion into Target's customer data, but it is only clear today how it happened…and how it can relate to you. See: Target Hackers Broke in Via HVAC Company — Krebs on Security

It seems that a service company – in this case an HVAC service company – had access to a sliver of the corporate giant's elaborate back-end, probably for the purposes of monitoring store temperatures. Many companies have this capability in their equipment where the fans and compressors and their delivery are monitored via SNMP messages.

Alas.

Someone figured out how to get a Trojan into that system – so the conjecture goes. Working its way from the air conditioner through to the billing system was then only a matter of the diligence and technique of the hackers.

It isn't only Target. See a probably much more gruesome story that is yet to reach the public eye:  Hotel Franchise Firm White Lodging Investigates Breach — Krebs on Security. White Lodging is the hotel franchise group that we all know under the brands that include Hilton, Marriott, Sheraton and Westin.

From the Kreb's Target article: Avivah Litan, a fraud analyst with Gartner, said that although the current PCI standard (PDF) does not require organizations to maintain separate networks for payment and non-payment operations (page 7), it does require merchants to incorporate two-factor authentication for remote network access originating from outside the network by personnel and all third parties — including vendor access for support or maintenance (see section 8.3).

The comments list other PCI violations. How familiar are you with this standard…or how secure is the structure of your internal walls.

Putting on my other hat as an equipment manufacturer, this conversation came up just a few days ago. It is typical for a company (you) to allow data into your system, but not so typical to let it out. It is up to you to make certain that all connections to your equipment and data server are necessary, vetted, secure, and monitored. The best way seems to be "on request" services, for example, a RESTful service with certificate authentication.

But don't take our word for it; read up so that you can ask intelligent questions of your security personnel…and ironically, your service group.

Security setup for RESTful web services - IBM

Securing RESTful Web Services - 12c Release 1 (12.1.1) – Oracle

And, good luck to us all.