By Jaisica Lapsiwala
More devices connected to the network, increased wireless access, and a steep increase in the volume of content and data can leave room for temptation from outside attackers. Security, however, is not just about hacks and stolen data, it's important to fix internal flaws and embed best security practice to avoid accidental errors and protect yourself from both insider and outsider threats.
With so much going on, knowing where to start and what you should secure can be confusing.
AVIXA™ spoke to a panel of experts about the need for secure systems when planning and executing a live event and how to mitigate the risk.
What does managing networked security risks look like in practice?
Bart van Moorsel, European Solutions Design Specialist, Tech Data, Amsterdam, recommends: “Often devices don’t have the option of installing antivirus tools, so isolate devices from the rest of your network. We call that network segmentation. You can then create security policies that allow you to say who can access what, using what Protocol, etc. – this gives you the opportunity to really monitor specifically what's happening and tweaking what you want. The longer- term approach is that you include your AV devices in your security management system. Most organizations are already starting to see the value of this.”
“Do not forget to have a plan for if an incident happens because incidents will happen.”
Bart van Moorsel
European Solutions Design Specialist, Tech Data, Amsterdam
Van Moorsel added, “You need to understand what other risks come with these devices. What are the vulnerabilities and what is the impact of things happening to you and what is the occurrence? And if you put everything together, you're able to prioritize how you create your defense layers.”
“Please do not forget to have a plan for if an incident happens because incidents will happen. You cannot prevent everything in this world, but you can predict how to respond and how you will recover.”
John Pescatore, Director, Emerging Security Trends, SANS Institute, USA, agreed on the importance of not only having a plan but planning, “The biggest failing I've seen over the years in plans is that the plan tends to be the deliverable, whereas the important part is the planning and doing things versus delivering an A3 Ring Binder or a giant PDF file with a big plan that some auditor signs off on.”
Paul Zielie, CTS®-D, CTS-I, IT and AV Systems Engineer, AVCoIP, USA, also referred people to the AVIXA® recommended best practices for security networked AV (available to AVIXA members for free), which is a good place to start and lays out a process and framework.
How can we avoid unwanted outside attacks?
“Stop using default passwords and stop sharing passwords.”
Paul Zielie, CTS®-D, CTS-I
IT and AV Systems Engineer, AVCoIP, USA
Zielie’s advice to the AV industry is to “stop using default passwords and stop sharing passwords.”
Pescatore concurred that one of the Holy Grails of security is strong authentication, so you know who's an insider, who's an outsider. “We need to make an improvement and move away from simply relying on reusable passwords to know when somebody is an insider versus an outsider.”
Matt Harvey, VP of Specialty Services, PSAV, USA, added, “A TACACS (Terminal Access Controller Access Control System) infrastructure is a great example of how the AV industry can learn from best practices, which have existed for a long time.” He agreed with Pescatore that user authentication is important but also added that machine authentication is going to be important as well. For example, when you have a sound desk that you're trying to plug into a network, there's no web browser you can type a password into to get a sound desk onto a network temporarily. The network has to recognize the machine itself, and there's very good frameworks for that in terms of machine to machine authentication. I think we just have to do a better job of encouraging the manufacturers to do that well.”
Watch the full roundtable discussion on Best Practice Security Measures for AV in Live Events.