IPTV Security Assessment

IPTV Security Assessment

IPTV is an emerging technology that enables IP-based digital TV, video-on-demand, and other services over Ethernet. With Fiber to the Home (FTTx) and Local Loop Unbundling (LLU) improvements service providers are now offering triple play services (Data, Voice and IPTV) to the home over a single broadband transmission link. IPTV services is now a reality across many parts of the world and providing value added services such as Video-on-Demand, ability to playback, rewind and pause video on demand, user profile based dynamic advertisement are all a key components for service providers to generate additional revenue from the conventional IPTV service.

But as IPTV technology grows, threats multiply. Vulnerabilities include spamming, spoofing, content theft, and other hacking attacks. Oceanic Technologies can provide a complete IPTV Security Assessment and provide recommendations to protect against these threats and ensures that IPTV technology is secured according to industry best practices.

Oceanic Technologies Strategic Consulting arm provides IPTV assessment using the following methodology;

Content Provider Security

  • Review of Content Provider Perimeter Security – advertising and video content is uploaded by content providers
  • Extranet and IPSEC Site-to-Site security review
  • Remote Access Policy Review for Content Provider Managed Service – SSL VPN, AAA an Endpoint Security
  • Logging, Monitoring and Access Control for Content Provider Administrators to manage content

Service Layer Security

  • IPTV Security for Service Layer
  • Set Top Box authentication and encryption mechanism review
  • GPON architecture review and security risks review
  • VLAN security risks on HIS (High Speed Internet), Voice and IPTV
  • IGMPv2/v3 security issues
  • Head End presentation and middleware server security assessment – EPC, HMS, VoD
  • RTP and RTSP buffer overflow assessment
  • Management and Control Plane security
  • WebTV security issues

Transport Layer Security

  • Multicast Security and review of using IGMPv3
  • Intrusion Detection and Prevention security at PoP sites review
  • Security zone and security domain separation
  • RTP and RTSP traffic flow analysis