BrightSign Player Security

the network settings of a brightsign player are highly flexible and configurable as a result, the integrity of a player is the direct result of the publishing and network configuration specified during the player setup process some configurations are best for networks where security is of little importance, while other configurations give the player a significant amount of resilience to outside attacks this page explains settings that affect the security of the player overview there are four optional features in the brightauthor classic brightsign unit setup window that affect the overall security of the player a the diagnostic web server the diagnostic web server (dws) responds to requests sent to the ip address of the player, allowing a user who meets the username and password requirements to retrieve information about the player and send system commands to it (reboot, enter recovery mode, test video resolution, etc ) as of bos 9 0 218 and bos 9 1 92, the local diagnostic web server (dws) is no longer enabled by default on new or factory reset players to enable it and set the password, perform the player setup process important brightsignos versions before 6 2 147 9 have a cross site scripting vulnerability and a permissions issue that allowed authorized users to view hidden storage directories (see docid\ agan xaaqi4cgzh3zdl0 for full details) these vulnerabilities are catalogued as cve 2017 17737, 17738, and 17739 we recommend updating to the current version of production firmware to patch these vulnerabilities b local web server the local web server responds to requests sent to the ip address of the player at port 8008 by default, this option also enables the device webpage at port 8008, which can optionally be disabled by navigating to file > presentation properties > variables the device webpage allows users on the local network to alter user variables, which are numerical values within the presentation that extend the interactive capabilities of a player c local file networking among the three networked methods for publishing content to a player, only local file networking can facilitate problems with network security a player configured to use simple file networking or the brightsign network will send content update requests to a remote server based on internal conditions and intervals that are specified during the setup process a player with one of these configurations will not respond to outside requests a player that uses local file networking, on the other hand, is configured to respond to connection and content update requests from local servers d simple file networking – basic authentication if you configure a player for simple file networking with username and password authentication parameters, the player will use digest access authentication by default this will prevent replay attacks and other attempts by third parties to read authentication packet data sent to the server if you check the enable basic authentication box, the player will send the username and password as plaintext data this option makes the player compatible with certain server authentication systems but also makes intercepted packets very easy to read other network settings that are configurable during the player setup process—such as proxy setup, wireless configuration, dhcp vs manual ip—do not negatively affect the security of a player for a full description of all the options in the unit setup window, please see the docid\ ponedyexzfyg0oaruillz section high security follow these steps during the brightauthor classic unit setup process to ensure the player has a high level of resilience to outside attacks disable the diagnostic web server the password authentication system for the diagnostic web server is vulnerable to brute force dictionary attacks access to the diagnostic web server allows an intruder to copy, rename, and delete contents from the local storage, as well as reboot the player or force it into recovery mode enable the local web server with password protection the authentication system for the local web server is just as vulnerable to brute force hacking as the diagnostic web server, but the local web server does not grant access to critical system processes do not use local file networking a player set up for local file networking will listen for scheduling and publishing commands from a pc running brightauthor classic on the local network it may be possible for an attacker to use this responsiveness to gain access to system processes on the player if you would like to publish presentations over the network, use the brightsign network or a simple file network instead do not enable basic authentication if you would like to securely publish content using simple file networking, make sure to use a server that is compatible with digest access authentication do not enable the chromium web inspector see the advanced topics section below for more details basic security follow these steps during the brightauthor classic unit setup process to ensure the player has basic level of protection against outside attacks enable the diagnostic web server with password protection access to the diagnostic web server allows you to copy, rename, and delete contents from the local storage, as well as reboot the player or force it into recovery mode enabling password protection for this feature gives the player at least a basic level of security do not use local file networking a player set up for local file networking will listen for scheduling and publishing commands from a pc running brightauthor classic on the local network it may be possible for an attacker to use this responsiveness to gain access to system processes on the player if you would like to publish presentations over the network, use the brightsign network or a simple file network instead do not enable basic authentication if you would like to securely publish content using simple file networking, make sure to use a server that is compatible with digest access authentication do not enable the chromium web inspector see the advanced topics section below for more details test environment low security follow these steps to create the most feature rich player setup possible we recommend this setup only if a player is in a test environment or if security is not a concern enable the diagnostic web server without password protection, the diagnostic web server will be accessible by anyone on the local network at the player ip address enable the local web server anyone on the local network will be able to access the device webpage at port 8008 use local file networking you will be able to use brightauthor classic to publish presentations and update schedules on a player connected to the local network enable basic authentication if you are using simple file networking, you can enable basic authentication to have the player send the username and password credentials to the server as plaintext data this makes simple file networking compatible with a greater range of server configurations enable chromium web inspector if you need to debug html applications on brightsign players, you can enable the web inspector in a presentation see the advanced topics section below for more details advanced topics chromium web inspector you can use the web inspector to debug webpages on the brightsign chromium instance (see the docid\ gxctvnw8g46evdxookuku page for more details) this tool does not require authentication, so any party on the network can access and alter content on the brightsign player; therefore, the web inspector should be disabled in production environments linux security though the brightsign application runs on a linux stack, it is unlikely that conventional linux malware will be able to infect brightsign players a brightsign player will only execute a firmware image that has been cryptographically signed by brightsign also, during normal operation, the filesystem used on the player is read only java runtime environment brightsign players support a java runtime environment (jre) developers can load java applications using the docid\ xqgfaor4ikbvwhjb2iucz brightscript object this functionality is not enabled by default and must be initialized by the autorun while network interfaces in brightscript are built to prioritize security, java code can generate any number of security vulnerabilities if you plan to load java applications on a brightsign player, we recommend testing the configuration thoroughly before deploying it in a production environment