Cybersecurity and AV devices
Now that AV is consistently placed on the network, it is paramount that installers, integrators, and end users take extra care to ensure these devices don’t create vulnerabilities in enterprises’ security. With AV innovations and confidential information on the same network, how do we ensure the performance of the former doesn’t compromise the integrity of the latter?
First and foremost, AV professionals need to remember that network security is a large concern that should be considered at the earliest stages of system design. Private data—think employee social security numbers—is held on corporate servers, right alongside AV on the network. Not in an office? Those with technical skills and malicious intentions can create embarrassing situations for integrators and installers. Remember that time someone hacked a large touchscreen at Washington, DC’s Union Station and visitors were exposed to several minutes of adult videos in the middle of rush hour?
John Pescatore, director of emerging security trends at the SANS Institute, thinks AV pros should remember the basics: ensuring information AV systems are continuously updated and security controls are only accessible by authorized users. For sensitive systems, he cautioned, “authorized users should be required to use strong authentication, and not just reusable passwords.”
“Quite often, phishing attacks target system administrators and obtain their passwords—and the attackers are off to the races,” said Pescatore. “Strong authentication can be as simple as requiring receipt and entry of a text message in addition to a password, or require the use of a hardware token, like a USB key.”
A vital aspect of security is communication. All stakeholders should sit down together to discuss the goals of the AV systems, potential implications for security, and how the AV devices will be managed. Once devices are chosen, Pescatore says to “ensure manufacturers have a documented process for providing software updates, and make sure you have a process for rapidly installing the updates; generally, these should be installed in one week or less.”
Another workaround for AVoIP is to keep the products on an isolated network; Pescatore recommends using a firewall to provide only minimum access and to log all connections.
When it comes down to it, there’s no one-size-fits-all for network security. Integrators, IT professionals, and end users need to work together to determine what is the best solution for every single installation.