AV systems manufacturers have been offering networking capabilities for years, but in a somewhat limited manner: the devices are on a network, but one separate from the core infrastructure. While this approach lays the groundwork for ensuring both security and performance, it often requires tech managers to invest the time and money in building and managing, well, another network. As the line between AV and IT vanishes—prefer to operate that audio system with your iPad, anyone?—the need to have AV sitting on the primary network is, in many cases, mandatory. The question is: how do you keep your network safe while delivering the AV performance your organization requires?
|A look at the equipment racks of The Han Show in Wuhan, China. The extensive technology system of video, audio, IPTV, and intercom is, in part, supported by a Meyer Sound system.|
Toine Leerentveld, technology manager for control solutions at Crestron Electronics Inc., a control and collaboration systems manufacturer based in Rockleigh, N.J., acknowledges that good security practices begin with knowing what devices are on your network. If, for example, the organization is using DHCP, tech managers can identify all of the devices that have received an IP address. “Then, using the manufacturer’s MAC address, you can at least identify all products from a single manufacturer and starting figuring out where on the network they are,” he said.
|The Han Show’s system utilizes 359 Meyer Sound self-powered loudspeakers that are processed, distributed, & matrixed by the D-Mitri digital audio platform (comprising 53 frames). Used for surrounds and localized upstage sources are nine CAL loudspeakers by Meyer Sound.|
What gets trickier is authentication: who has access to what? And, how much can they mess around with a device once they’ve accessed it? “In the enterprise and educational market, Active Directory is probably the method that the IT department uses for assigning user names and passwords, so requesting that your vendor provides integration into Active Directory would be a great place to start,” Leerentveld said.
Bill O’Donnell, AV network design engineer at William Patterson University in Wayne, N.J., urges his counterparts at other organizations to take the time to change manufacturer-issued default passwords, especially since some companies use the same default password for all of their devices. “I know that’s an easy-across-the-board thing, but you have no idea how many folks don’t ever change the password,” he said. “If I was on a network and found a device, all I have to do is look up the manufacturer, find the user manual, and—boom!—I’m in,” he illustrated. “That’s something that the integrator as well as the client really need to be aware of. If it’s the integrator who’s installing it, they should change the password right off the bat, and they should tell the client, ‘here’s the [new] password because if we use defaults, then anyone can just hop on the device and off they go.”
These days, the most popular way to keep things together, yet somewhat separate, is through V-LANs. Leerentveld points out that in addition to security, V-LANs offer the benefit of improved performance because, for example, your control system is longer competing with other network traffic. He sums it up this way: while most people can accept email taking a few minutes to arrive, they’re less likely to put up with a three-second delay when they push a button on a touch panel to activate the mute function on a microphone—which is not only a performance issue, but also a security issue in confidential meeting environments.
However, Irish warns that V-LANs require a certain amount of vigilance: “You have to be careful of how the V-LANS are managed from your switch, and ultimately switch security is the big thing,” he said. After all, once a switch is compromised, an intruder can gain access to your system. “So even though you have traffic separated by V-LANs, you still have this very sensitive point, which, of course, has to be tightly managed and controlled to keep everything secure.” Once again, it all comes down to being on top of things: “Part of running networks is eternal vigilance. It just takes continual effort to monitor, manage, stay on top of trends, stay on top of equipment, [and] stay on top of users.”
Carolyn Heinze is a regular AV Technology contributor.
Crestron Electronics Inc.
Meyer Sound Laboratories Inc.
William Patterson University