Firewall

[Goombot]

Random topic but does anyone who is mixing at home use a Firewall for extra security?

[Darryl Ramm]

Does anybody who has an Internet connection at home not use a firewall? The firewall built into their cable router? The default firewall built into their computer?

Is there a question here about specific firewalls? Specific security requirements? Operation of firewalls/port forwarding etc?

[JFreak]

Darryl got it right. When you open a door without rules, it is you to blame when unexpected things happen

[Goombot]

Just wondering if there was any additional security that people are using to protect projects while working on them at home

[JFreak]

Additional security?

Dodn't take thois wrong as I try to be polite and on point.

There is no additional security, at least no more than additional helth by eating something.

You need to understand that you have 100% security (and health in this analogy) and bit by bit you are giving those percentages away.

I am, and ptobably Darryl as well, more than happy to guide you in keeping those percentages on your pocket. But there is no store that can sell extra.

[Darryl Ramm]

Quote:

Originally Posted by Goombot

Just wondering if there was any additional security that people are using to protect projects while working on them at home

I would not operate a computer without a firewall, in my case the primary one is on the Mac itself. Start by turning on the computer internal firewall and the one on your internet router. But firewalls are just one part of any good security posture and would not be at the top of my list. It might be useful to hear from folks who have thought about security specifically for Pro Tools and remote project use.

I work on audio stuff as a hobby, my day job is more enterprise tech/startups but there are mostly general things that you probably want to consider... (in no particular order)...

Use a password manager, and use it properly, starting with only using generated long passwords, with no password reuse. Uninstall Avid Link (is a bloated mess and has a huge attack surface) any any other unneeded bloatware from your computer. Try to harden the network behind the router firewall, so if a WiFi run that as securely as possible or use wired Ethernet. At least do things like turn on as high a level of encryption as you can, turn on new device notification, etc. Try to harden your computer, make sure the login password/PIN is secure enough, turn on 2FA, turn off all but essential cloud sharing (i.e. needed for the client), turn off guest accounts, turn off file sharing/serving/web serving etc. Do not allow users to share accounts. Keep your OS up to date (can be a conflict with Avid glacial OS qualifications and a bad idea if that also would require updating Pro Tools mid-session) but at least take the minor security releases for an OS. Check firewall/computer logs for connection and login attempts (Not actually checking logs/notifications is a huge hole in many real security environments, right behind not having or not saving logs to start with... so work out if additional logs need to be turned on/saved/where they are). Make sure the computer or network/WiFi name does not give away private/personal info (shout out to the folks running the "FBI Van" SSID WiFi near one of my favorite coffee shops). Be very careful with personal information and what you do/click on in Emails and similar messages. Get personal apps, email, messages etc. off of work computers, don't access websites you don't need to from work computers (including private email etc). Keep backups/archives under sufficient security (not in the top drawer of your desk), and keep them removed from/isolated from/ideally offsite to protect against theft, and maybe data encryption ransom attacks. Minimize web browsing from work computers, but keep web browsers up to date, and turn up web browser security settings, removed unneeded web browsers, install EFF Privacy badger and uBlock Origin (I run Firefox and not Chrome because I value privacy). Maybe don't access DUC from your work computer :-(. etc., etc.

(I do much of the above on my computers regardless of their use)

There is an enormous spectrum out there of what can be done to improve security. I've worked in enough tighter security environments with SOC2 or stricter compliance needs, with mandatory SSO, private corporate VPNs tunneled to your computer, RSA authentication cards, FIFO/YubiKey/Titan authentication dongles. Corporate locked down and monitored Chromebooks, Tailscale's lovely VPN solution (a fancy, very well done wrapper for WireGuard VPN tunnel), etc., etc., etc. It's a never ending spectrum of stuff but many of those are not things a single person can just pick up and make a decision to use, and sadly in the cases of many poorly run security teams often won't deliver what many folks expect it to. But great to see done well when it is... also while realizing that there is no perfect protection, but most folks/companies are doing well if they just mitigate the more obvious risks.

As with making backups, the best plans start with what are you trying to protect against and then looking at ways of tightening security to help with that. As an example is it protecting client content? How does that content get onto and off of the computer? What else could possibly access it? Is it encrypted at rest (what happens if somebody steals the disk or the computer), how are encryption passwords and keys managed, etc. (and yes some of this might conflict with ease of use or maybe Pro Tools performance). Management of passwords and keys is a universal question that should always come up.

I hope that good larger companies (media companies/labels) have some useful sensible requirements here for remote workers if they allow them at all. But no they likely don't want to and should not discuss them publicly.

[EGS]

Quote:

Originally Posted by Goombot

Random topic but does anyone who is mixing at home use a Firewall for extra security?

Of course. I use all the standard router & Windows firewalls. I also keep my OS updated, run security scans pretty often, and keep a few recent known-working boot drive images too. Having said that, I run Chrome browser and Pro Tools at the same time all the time.

[EddieJones]

Make sure you keep the router firmware updated. Most breaches are though you accidentally giving up your security details.