Technology: Securing your house of worship’s AV network
Technology: Securing your house of worship’s AV network
As today's digital AV systems integrate more with facility and campus information infrastructures, HOWs must learn to manage IP network and information security, says Audinate’s audio engineering and software expert, Brad Price
Like most institutions today, HOWs have become increasingly digital, networked and web-connected. From business and operations information to parishioner records, places of worship must now maintain and protect sensitive and often personal data. Additionally, HOWs must also deal with a perpetually changing set of users and devices. This constant changeover can create issues of both scale and constantly morphing threat protection.
Unfortunately, poorly designed AV systems contribute to these problems. As more and more audiovisual installations are connected using IP technology, the people working in AV and IT now have common cause in maintaining the security and functionality of these critical networked systems. In HOWs of all types and sizes, IT administrators and AV assistants are looking for the tools and methods they need to maintain a balance between security and access.
The AV world is experiencing huge change, with IT technology rapidly replacing earlier analogue and digital means of connectivity. Audio networks are now ever-present, and video is quickly catching up. In addition to being easy to manage with software, network audio transport is functionally superior to nearly all predecessors.
It is important to note here that AV networks are not special at all. From an IT perspective, these are just networks employing standards-based time synchronisation, using the same hardware as any other system of linked computers.
The most significant change brought by networking is the end of point-to-point connections. Point-to-point means that a cable connects one device to another, defining pathways. In networks, all channels of all devices are exposed and available for instant connectivity without moving a single wire. This saves set up time while delivering maximum flexibility to configure the system as needed, on the fly.
Networked AV lowers costs by employing commodity, off-the-shelf gear for network infrastructure, eliminating the need for expensive matrix switchers and converters. Gone are the days of special cables with special connectors; on a network, everything goes through inexpensive Cat-5e Ethernet cables and RJ45 connectors.
For AV, this means that equipment for networking devices is plentiful, cost-effective and works terrifically well. For IT, this means more endpoints on the system that must somehow be managed.
Houses of worship today have integrated networking and internet communications within their infrastructure. However, networked AV means that every AV device on a network can be accessed and used by many different people, rather than having a fixed set of connections. Networked AV also means that the security concerns of IT now extend to management of those AV devices.
Where the danger lies
Because networked AV is just another type of computer network, it is susceptible to the same risks. Unwanted users may gain access to a system, hoping to wreak havoc, and hackers may attempt to locate open doors to the internet through unsecured AV endpoints.
In a 2016 example, hackers took control of a Barix Streaming Client device and were able to change the audio content for several US radio stations in Texas and Colorado, replacing the regular programme material with an explicit podcast. The hackers found access through a weak password on the device, and then set their own strong password to slow any attempted repairs.
Danger can also arise from within if the AV network is left open to anonymous users. Routes may be changed, and devices reconfigured without easy recourse if such access is permitted. Churches are faced with multiple concerns and constraints. Budgets tend to be tight and staff tend to be spread thin, with end-users often being volunteers and perhaps not very technical.
Fortunately, there are well-known, time-tested techniques used to secure networks for your HOW. Robust usernames and passwords keep unwanted visitors out of certain areas and applications; networks can be segregated so that a failure in one area doesn’t affect another, and areas of networks can be hidden from an unauthorised visitor’s view. Separately, users must be vigilant not to fall for any of the myriad phishing schemes used to trick people into revealing passwords and codes.
The methods used for regular networks are equally applicable to networked AV systems. It’s unfortunate that networked AV gear frequently lacks any provision for management or security, leaving these devices exposed as potential targets. If a networked AV system has no way to distinguish between different users, then anyone with access – and that’s everyone – can make changes, even while the system is in use.
Managing the risk
AV management platforms have been developed specifically to address the issue of user and device manageability, closely following the model of IT-focused tools used in enterprise. IT standards-based audio network platforms allow only authorised users to see or change audio networks and will enable managers to segregate audio devices into functional zones (domains) that are independent of one another. Like IT security platforms, these AV network platforms prevent unknown users from making changes and unknown devices from being connected.
HOW administrators benefit greatly by allowing broad access to AV and other resources for their staff, parishioners and visitors. And the security risks involved in granting this access can be greatly reduced and simplified when all of the AV devices on the network are managed by trusted systems that can provide authentication and activity logging.
The risks mentioned here are not slowing down the advancement of AV networking. Security and manageability are sure to become as essential in AV deployments as in any other computer network, with accompanying tools and common methods evolving with the industry. The IT community brings many years of experience to this problem, so it does not need to be reimagined for AV, but it must be extended to embrace new devices and operational requirements for worship venues that could potentially be at risk.
This article was first published in the March-April 2019 edition of Worship AVL. Subscribe at www.proavl-central.com/subscribe/worship