IN FOCUS: AV SECURITY
<Wolfgang Haunschild, product marketing manager, at NEC Display Solutions Europe
“Often a breach in network security can be traced back to human error”
solutions are being connected to IT systems, it’s time to see additional checks to ensure content is encrypted and there is no risk of network folders being breached.” Rawden adds: “A widespread assumption is that it is OK to connect external devices such as user laptops to a network ad hoc. This is usually down to a lack of understanding to define and fully understand the implications of network connected devices. Without a thorough understanding of the OSI model, it can be extremely easy to compromise the security of a network in blind ignorance.” Securing an AV installation is, indeed, a multifaceted challenge. For Rawden, job one is to try to eliminate mistakes. “Often, a breach in network security can be traced back to human error,” he believes. “Forgetting to update security protocols, or adding a piece of equipment without thinking the implications through thoroughly. Too many users have systems that do not cater for auto updates, usually through an unfounded fear of the system suddenly stopping working. Then there are those who do not have regular maintenance and reviews scheduled. As an integrator, it’s our job to ensure that, where possible, clients are made fully aware of the benefits of regular or automatic updating of equipment security settings.” Jason Fitzgerald, product manager at Gefen, develops the theme. “This may sound cliché or obvious, but the weakest link when it comes to security is simply the lack of either education or diligence,” he says. “Each installation is faced with its own unique set of challenges, but as the convergence of AV/IT progresses, there must be an understanding on both the AV and IT side of the potential risks that are involved with the merging of these two.” “AV signal management has largely resided in a
physical realm where video and audio signals have traditionally enjoyed transport over proprietary and closed systems/devices,” he continues. “The IT world has had to deal with both physical and virtual forms of data that can exist in closed or externally-facing capacities. As these two forces meet, especially in the light of the AV over IP revolution taking place, all facets of how the physical aspects of AV interact with the IT world need to be understood with the appropriate level of security measures taken.” Operating systems That leads to the question of taking advantage of the security facilities available within the underlying operating system. Here, there is some variation in opinion. NEC’s Haunschild is a believer in the prevalent industry standards. “We recommend using the professional security features that are available for common operating systems,” he says. “Compared to proprietary operating systems that are also available on the market, common operating systems provide patches to prevent any breaches of security. For Windowsbased PCs or slot-in PCs for example, all companyowned equipment must be part of a company-wide safety structure with the company’s specific Windows IT client installed to get maximum control over all kinds of security, patches, rights management and software distribution.” “Similarly for Linux-based PCs or slot-in PCs,” he goes on. “Use Ubuntu for the Linux operating system. For the Raspberry Pi Compute Module, we recommend using Ubuntu for the NEC Edition of the Raspberry Pi to ensure maximum security.” BrightSign’s Hastings has an alternative position. “All too often, standard consumer operating systems such as Android, Mac OS, Windows and Chrome are used to drive signage networks,” he
KEY LEARNING POINTS
BEHIND THE WALL
n With the focus on preventing hacking or the insertion of viruses, many aspects of physical security are easily overlooked n Proprietary and industry standard operating systems both have their place, and have pros and cons depending on the application n Systems that prioritise security to the detriment of accessibility and ease of use will rapidly cause user discontent n BYOD is a challenge – especially when accommodating visitors n There is plenty of security expertise in the industry that can and should be leveraged
Spoof SIP dialling of video conferencing systems can occur when organisations place their VC unit on the public internet, and results in the VC unit receiving regular random VC calls. At best this is a real inconvenience to meeting room users, who then mistrust the whole AV environment in the room. At worst, depending on the infrastructure the VC unit is connected to, attackers can reroute international phone calls via the
third party’s infrastructure, racking up very expensive bills before it’s spotted. There is a large shift in the VC industry towards using cloud/ hosted/virtual rooms services, and many of the offerings out there rely on this open connectivity route to use their services. We encourage clients to place their VC equipment behind their secure firewall such that their VC systems remain secure with non-publicly accessible IP
30 www.avtechnologyeurope.com
28-32 AVTE04 SECURITY_V2.indd FINISHED.indd 3
21/03/2018 22:07