The AV-focused Halloween Duke Digital Media Community (DDMC) session on networking and security highlighted just how complex the AV ecosystem has become. As mentioned in the session, ten years ago, networking and security weren’t a primary consideration when commissioning an AV system. Most systems of that era either lacked basic networking connectivity or were isolated to local area network that was usually disconnected from the larger University network and Internet. An AV system was installed, tested and replaced 6-12 years later with little worry about networking or security.
My, how times have changed. It isn’t uncommon for a modern AV system to have multiple network connections. Touch panels, control processors, and switchers are routinely connected to the network to leverage the enterprise backbone and to provide monitoring opportunities. But, with that connectivity comes additional considerations, especially when considering that audio and video of a sensitive nature may be transmitted over the network.
Now that your device is connected to Duke’s network, some thought must be put into the location of the AV system on the network, as not all locations are created equally. Obviously, you wouldn’t want your AV system sitting on a publically accessible segment of the network. This would open the device up to constant attack and almost certainly ensure that your device would eventually be compromised. So, you should place the equipment on an internal virtual local area network (VLAN). But, the hardware shouldn’t be placed on just any internal VLAN. It’s best to isolate all of your AV to a unique “AV VLAN” to ensure that your devices aren’t receiving communication from non-AV hardware (other computers, printers, curious students, etc.). If your head is starting to spin, don’t worry. The good folks at Duke OIT Networking are available to help. https://oit.duke.edu/what-we-do/services/wired-connectivity
Security, with regards to AV systems, is a bit more complicated. First, as mentioned above, it’s important to place an AV device in a “safer” area of the network. This will reduce the number of individuals capable of connecting to your device from billions to thousands. Second, it’s important to ensure your device is running the latest firmware and all non-essential services are disabled (FTP, Telnet, etc.). Third, as the device is being installed, scan the devices for open services, weak passwords, and known vulnerabilities. Fortunately, Duke has a tool specifically designed for this task (and can be made available to Duke AV technicians and managers).
So, where to start?
It would be impossible to write a DDMC article about all of the different facets of AV networking and security, so we are working on a Knowledge Base article (coming soon!) to help AV technicians, engineers, and managers with the above-mentioned topics. The Knowledge Base is sure to grow, and we look forward to collaborating with the various groups on campus.