Best Practices: Product Security and AV Networks
When specifying and deploying networked AV systems, security is always a primary concern right alongside performance and reliability. The need to secure information continues to rise with the use of networked AV devices, wireless access, connection to building management systems, and BYOD.
The following resources provide insight on several concepts that are fundamental to both AV and IT.
Safeguarding Device Communication Using SSH
Two main considerations when deploying an AV system are your AV control options and the ways in which you intend to safeguard them. Extron AV products can be controlled through several methods, including our well-known SIS command protocol. These SIS commands may be sent using various, supported communication methods such as Telnet and Secure Shell – SSH.
Extron provides the ability to use secure communication methods for SIS control and provides many SSH-based resources to facilitate a layered security strategy and streamline the process of integrating and deploying secure networked AV systems.
Securing Networked AV Products
As organizations formulate their security strategies, they must evaluate the best methods to safeguard the network, systems, and data, while maintaining functionality and usability. While strategies vary among organizations, one of the shared elements is the expectation that all devices are inherently secure. Layering your security strategy is crucial to securing your networked AV systems. A cohesive approach encompasses physical security and device access, built-in product security features, compliance with established regulatory frameworks and standards, and enterprise-level policies.
One of the methods to ensuring the integrity of devices and the network is employing an effective password strategy. All Extron networked products provide password protection out of the box, with each having a password unique to that device. Extron helps to secure your AV systems by including features such as user accounts with multi-level password protection to restrict access to the device, flexibility to use complex passwords, secure communication methods, and several additional mechanisms that augment your security strategy.
Encryption and Certificates
Secure communication methods and encryption protocols such as SSL are top considerations for safeguarding networked AV equipment. The SSL – Secure Socket Layer protocol was developed for transmitting private documents via the Internet. SSL utilizes a cryptographic system that uses two keys to encrypt data – a public key known to everyone, and a private or secret key known only to the recipient of the message. Security certificates are commonly used for identity validation and encryption with protocols layered on top of SSL/TLS. The certificate can be used as a conventional certificate for digital signatures, and for encryption purposes.
Encryption and certificates provide many benefits including confidentiality to ensure only the sender and intended receiver can understand the message content. Ensuring message integrity and providing endpoint authentication by confirming the identity of the sender and receiver are additional benefits.
IEEE 802.1X is an international standard for connection-based device authentication. It enables organizations to regulate and control devices that can join a network, reducing the risk of unauthorized access to wired and wireless networks. 802.1X is used to confirm that all network-attached devices are authorized, while stopping unauthorized access at the port level. 802.1X uses Extensible Authentication Protocol to communicate between the Supplicant – the device requesting access, and the Authenticator – the entry point to the network, as well as between the Authenticator and the Authentication server.
Many Extron products support the 802.1X standard and allow users to upload digital certificates to support multiple authentication methods under 802.1X.
SNMP is the standard protocol for managing basic functions on a network. A component of the Internet Protocol Suite, SNMP is a way for devices on the network to share information. It allows network management tools utilized by IT departments to query for information such as device names, descriptions, MAC addresses, device locations, and system up time.
Many Extron products, including control products, support the SNMP standard and allow users to update basic information on these devices. Additionally, SNMP can be enabled and configured using Extron Toolbelt software.
Extron Multi-Network Control Processors
Multi-network control processors enable AV system designers to balance the need for access to network resources and network security. An Extron control processor with AV LAN ports resides between devices such as video codecs and presentation computers on the corporate LAN, and isolates AV devices that do not require network resources, such as an organization’s touchpanels. These AV devices are isolated on a secure AV LAN.
There are several networking strategies to consider for AV control systems and determining the approach that is most suitable for your organization is key. These strategies require planning, coordination, and buy-in by both the AV integrator and the client’s IT department. To facilitate goals of securing AV equipment on the network, Extron provides the flexibility to deploy control processors with AV LAN ports using Global Configurator Plus and Professional, Global Scripter, and Toolbelt.
AV LAN Best Practices
Extron control processors with AV LAN ports offer an increased level of network security and functionality. There are several basic principles to follow when setting them up which will speed integration, enhance security, and provide long-term success. These principles are associated with physical network setup, coordinating with the IT department when establishing the network addressing scheme, and DHCP server configuration.
Multicast for AV Streaming
The increasing amount of audio and video being transmitted over IP networks adds complexity to bandwidth requirements and data transmission quality. Multicast streaming provides the most efficient method for transporting real-time video and audio to multiple endpoints. Multicast is a group communication where a single stream of data is addressed to a group of destinations simultaneously rather than being sent to a single endpoint.
It does, however, require that all network devices support the required standards and protocols and are configured to efficiently transport that traffic. There are several best practices to consider for video streaming and AV-over-IP deployments to ensure successful implementation.