AV over IP is a compelling topic as organizations increasingly consider distributing audio and video content over their networks — and manufacturers churn out solutions. As compelling as AV over IP may be, however, AV over IP security is just as vital.
IT directors may turn to AV over IP systems to eliminate the cost and complexity of electronic video distribution cost, but hackers may try to penetrate IP networks to steal video content or disrupt operations. That means system planners must properly secure AV over IP implementations to avoid exposure.
In a new whitepaper, “ZeeVee Security Features and Best Practices,” the AV distribution solutions provider — with product platforms based in AV over IP, coax, fiber, you name it — looks at how these solutions are “designed to ensure the security and integrity of IP-based video.”
Related: What is the Difference Between HDBaseT-Ip and SDVoE?
ZeeVee’s ZyPer AV over IP product family “supports an extensive set of standards-based AV over IP security mechanisms,” according to the ZeeVee whitepaper, including access controls, media and management stream encryption and high-bandwidth digital content protection “to help companies safeguard content and mitigate risks.”
Let’s scratch the surface of three tips from ZeeVee on how to address AV over IP security:
Mitigating AV over IP Security Risks
More businesses today are introducing IP-based AV distribution solutions “to improve performance, reduce expenses and simplify operations,” according to the ZeeVee whitepaper. AV over IP systems use standards-based Ethernet switches to increase flexibility and save money over traditional AV matrix switches.
Switches also “simplify system management, reduce latency and eliminate the distance limitations and connectivity constraints imposed by conventional circuit-switched AV systems,” according to the ZeeVee whitepaper.
And, while flexibility and cost savings are appealing, system designers must consider some of the security implications of AV over IP solutions.
Download ZeeVee’s entire whitepaper here.
Some businesses may transmit AV traffic alongside other data on a converged IP network, while others may connect AV over IP systems to a corporate network or the public internet for remote management.
If you remember nothing else from the ZeeVee whitepaper, remember this: designers must segregate AV over IP traffic and restrict access to AV over IP implementations to safeguard digital content and prevent abuse. If not properly isolated and secured, IP-based AV systems can expose businesses to potential legal and financial risks.
Defense-in-Depth Security
The U.S. National Security Agency promotes a layered “defense-in-depth” approach to IP security to protect against a wide range of threats. Strong security controls across a network can help organizations mitigate risks.
AV over IP encryption “prevents eavesdropping and hijacking in the highly unlikely event an intruder is able to gain access to a dedicated IP network or an isolated VLAN segment,” according to the ZeeVee whitepaper.
ZeeVee supports an extended set of AV over IP security capabilities, including IP video stream encryption, management communications stream encryption, management system access controls and end-to-end digital rights protection.
Related: 14 AV over IP Solutions at InfoComm 2018
Some ZeeVee customers construct independent networks to transport AV over IP traffic. Other customers have engineered their primary networks to support video and transport AV traffic alongside other application traffic over a shared IP network.
ZeeVee recommends using VLANs to segregate shared networks and reduce vulnerabilities.
Its ZyPer4K family of encoders and decoders support standards-based encryption for increased security across both dedicated and shared IP networks using the AES128 algorithm, which is approved by the U.S. government to protect secret-level classified information.
AV over IP encryption “prevents eavesdropping and hijacking in the highly unlikely event an intruder is able to gain access to a dedicated IP network or an isolated VLAN segment,” according to the ZeeVee whitepaper.
AV over IP Security Best Practice Guidelines
For ultimate security, system integrators and implementers should:
- Deploy the system on a dedicated IP network or distinct VLAN segment to isolate traffic and restrict network access.
- In shared network environments force VLAN tagging on AV switch ports to prevent rogue devices and unauthorized users from accessing other network segments.
- Disable USB and Ethernet utility ports on encoders and decoders deployed in public spaces to prevent rogue devices from connecting to the network.
- Ensure encoders and decoders are always running the latest firmware releases.
- Protect the integrity of Ethernet switching equipment. Install Ethernet switches in a physically secure location. Implement strong user authentication and authorization controls for the Ethernet switch management console. Lock down unused UDP/TCP ports. Disable unused network services. Ensure the switch is always running the latest firmware/software updates. Follow any additional security guidelines recommended by the Ethernet switch manufacturer.
- Work closely with the corporate IT or networking organization if connecting devices to the corporate IP network or the public internet. The corporate IT team can ensure the management platform is deployed and secured in accordance with company policies.
Download ZeeVee’s entire whitepaper here.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
[…] Related: 3 AV-over-IP Security Tips […]