Non internet connected edit systems

Posted by Andrew Kines 
Non internet connected edit systems
January 04, 2014 10:32AM
A comment in another thread reminded be of a situation I have been running into recently. That is, edit suites that are totally silo'd from the internet for security reasons (worries about footage leaking out, malware, viruses and such). Usually there is a internet drop or wifi in the room for basic downloading on producers laptops and such.

One set up I was working at was a well endowed suite of a fully tricked out MacPro with all the RAM (64GB) and storage (4TB over PCIe) you could want for cutting tons of promos.
FCP7 and AdobeCS5.5. Flanders Scientific monitor, small VO booth in the room etc.

Nice systems but they were spending what I thought was an inordinate amount of time sneakernetting files to the "Upload Laptop". All the delivery was via file upload.

Another place had a multi seat system of FCP and AVID networked to an EditShare down the hall but an assistant spent a lot of time moving exports to the upload station via USB sticks.

How common is this outside of my little world? What are people's thoughts about the relative security of edit systems (malware, theft, piracy) versus the costs in time of not using a network to move files around the building and out?

ak
Sleeplings, AWAKE!
Re: Non internet connected edit systems
January 04, 2014 10:35AM
Hey, if they're ready to shell out the bucks for the added work time, no problem from me. It's the producer's right to be as secretive as s/he wants. It's when they ask for everything in 20 minutes that the problem gets sticky. But then it's our job to say, "It'll take two hours because of the system in place."


www.derekmok.com
Re: Non internet connected edit systems
January 04, 2014 11:42AM
In my experience these sorts of policies are enacted by people who know nothing at all about security. If they're worried about viruses, why are they using a USB stick to transmit the potential virus back from the upload station to the main edit bay?

Also, a rogue employee is a more likely source of a footage leak than an outside hacker.

My software:
Pro Maintenance Tools - Tools to keep Final Cut Studio, Final Cut Pro X, Avid Media Composer and Adobe Premiere Pro running smoothly and fix problems when they arise
Pro Media Tools - Edit QuickTime chapters and metadata, detect gamma shifts, edit markers, watch renders and more
More tools...
Re: Non internet connected edit systems
January 04, 2014 12:53PM
In one place where I was brought in as a workflow/media management consultant, I made those same arguments, Jon. Although in that case the network IT guy was a high end IT consultant who did know lots about security but I think underestimating the employees (or hiring creatives with no tech skills (zilch,nada, bupkis) whatsoever) was the cause of the high security paranoia.

My proposal (that didn't get approved) was to run the edit suite with Little Snitch enabled to only allow connections to the required FTP and software upgrade servers. No email or web browsing.
The current "virus demon" story out there is the ransomware one where an outside hacker encrypts your data via a malware exploit and only unlocks it when paid off. I don't know if there are real world examples of this happening to a Mac or if it's still an apocryphal tale but it was enough to make the suits choose USB sticks being swapped between Windows7 upload stations (all virus protection enabled) and unprotected Macs.

Little Snitch needs to make their site more authoritative looking and less Mac-y so that the network jocks think it's a serious package and not all user-friendly.

ak
Sleeplings, AWAKE!
Re: Non internet connected edit systems
January 04, 2014 06:36PM
In all my years with all my clients there's only one guy I know who isn't connected to the net on his edit suite, and it's because I told him a million years ago not to, when FCP first came out and we were on tight weekly deadlines. Now I can't convince him that it's OK. No idea what I said all those years ago, but it must have been scary.

Most of the TV stations I work for have very paranoid IT departments, and probably rightly so given the number of windows computers hooked up in all the admin sections, but they still all have internet access.

Re: Non internet connected edit systems
January 04, 2014 07:16PM
> No idea what I said all those years ago, but it must have been scary.

It did use to be an issue. But the internet-conflict thing has disappeared a long time ago. It used to be a problem having more than four real-time audio tracks, using JPEGs instead of TIFFs, and using subclips. As far as I can remember all these issues disappeared by the time FCP4 was out.


www.derekmok.com
Re: Non internet connected edit systems
January 05, 2014 05:58AM
I'm not doing much editing any more.
But end of last year I cut a movie for R&D. Was for one of the big car manufactures.

And they are really crazy about security. But as mentioned they also still don't see what other options you have to intrude the system.
I did send the cuts to a private account of one of the people I was working with. His wife did download the files to a "company certified laptop with a special Windows version".
The she took the laptop and brought it to the local development subsidiary. Her husband copied those files to the "worldwide secure server" so that other people worldwide could do their tests with AE and some special high tech things.

So if I would be a dangerous guy there would have been a lot of options.

-Andreas

Some workflow tools for FCP [www.spherico.com]
TitleExchange -- juggle titles within FCS, FCPX and many other apps.
[www.spherico.com]
Re: Non internet connected edit systems
January 19, 2014 12:59PM
I have this situation at two of my clients. In both cases it has to do with corporate networks. Many secure corporate networks do not allow computers to have administrative privileges. Running a MAC with a non-admin account is a real pain. No software installs, updates etc. Further corporate networks insist on antivirus software, and that can cause slow downs and stalls when capturing.

In both cases the edit systems are on a common, isolated network. On that network is a dual-NIC server. You can copy a file to a disk on the server, then reach into that same disk from the corporate network.

-V
Sorry, only registered users may post in this forum.

Click here to login

 


Google
  Web lafcpug.org

Web Hosting by HermosawaveHermosawave Internet


Recycle computers and electronics