Making the Path of Egress the Path of Least Resistance in Healthcare Facilities
A consultant shares the lessons they learned after informing an architect that their newly designed hospital would require an ...
In 2018, nearly every audiovisual device that gets installed has some form of network connectivity, from systems that transmit high definition video and low latency audio over IP to simple IR blasters. Even speakers, the dumbest of dumb AV devices, have become network connected, with new PoE-capable models available on the market. For some of these devices, networking is fundamental to the operation of the device.
For others, the network connection is merely used for convenient remote management.The trouble is that any network-connected system capable of running code is at risk of being infiltrated through that same network connection and used for malicious purposes. And no manufacturer has a perfect record when it comes to securing their devices. More and more, a network security breach is a question of “when,” not “if.” That said, there are several steps to take that will help mitigate the risk of a network security breach and limit the damage when it happens. None of these steps is sufficient on its own; each should be incorporated into a larger network security plan.
Change the default passwords! Don’t reuse passwords! This is Computer Security 101: preventing unauthorized access to audiovisual devices through the normal user interface is the easiest step to make these devices more secure. Is it a logistics challenge to make sure all devices have unique passwords and access to those passwords is appropriately managed and logged? Yes, but security is fundamentally at odds with convenience. In general, the more secure a device or service, the less convenient it will be to use or manage.
There’s no reason for the majority of audiovisual devices to be accepting inbound traffic from the open Internet. Everything should be behind a firewall that prevents inbound traffic from reaching the devices in the first place. This will keep out the vast majority of automated attacks that come from malware-infected computers across the Internet.Internally, separating AV devices onto their own VLAN can help reduce the possibility of a breach by reducing the number of devices that are actually able to connect to the AV network.
Devices should be grouped by function or location and those groups should each be kept on separate subnets. Layer 3 connectivity across subnets should be highly restricted so that one compromised device can’t reach out, discover all the other networked devices, and spread the infection.For extra credit, using network-based authentication like 802.1x can add even more security by preventing unauthorized devices from connecting to the network in the first place. Unfortunately 802.1x is one area where audiovisual devices are still playing catch-up to IT systems, and you may be limited to using MAC-based authentication, which isn’t super secure.Back to that firewall you’ve installed to block inbound traffic: It also needs to limit outbound traffic to an absolute minimum.
In fact, in most cases it’s unlikely that your audio processor or the control system that drives it would need access to the Internet at all. Preventing outbound traffic ensures your devices won’t be used in someone else's botnet and provides a little peace of mind around where that networked microphone is actually sending its audio. With a firewall blocking outbound traffic, you can be reasonably sure that it’s not transmitting your board meetings to Russia (reasonably sure, anyway).
Another simple way to improve network security is to regularly audit what devices are actually connected to the network and who they belong to. As organizational needs change, and as IT personnel turn over, it’s important to keep an up-to-date accounting of what devices are actually in use, what purpose they serve, and who is responsible for maintaining them.
Without these regular audits there is the potential for someone to surreptitiously connect a device to the audiovisual network and use it as a jumping off point for additional attacks. This also means retiring devices that are no longer in use and reducing support for legacy functionality. Many organizations are reluctant to take these additional steps for fear that they will disrupt some unknown workflow (if it ain’t broke… ) but that’s all the more reason to be certain that some sort of auditing and verification process is in place. No orphaned devices!
Software upgrades are a near daily part of computer security best practices. And while firmware upgrades for audiovisual devices are less frequent, they are no less important. Installing the latest firmware on your devices means you’re getting the latest defenses against malicious attacks — though it’s important to be aware that firmware upgrades can also be a vector for attack.
Audiovisual vendors have been slow to board this train, but ideally new firmware files are cryptographically signed to prove their integrity and verify they haven’t been tampered with by a malicious third party. The devices themselves should also only be capable of running cryptographically signed firmware so that someone can’t craft a malicious firmware and surreptitiously load it on a device. And all firmware files should be delivered via fully encrypted channels. No more FTP sites!
Flipping your model of network security will help your organization take network security more seriously and put your staff in the right mindset to point out vulnerabilities and unsecured systems. When you assume your network is already compromised, sending plaintext passwords, even on the local, limited-access subnet is a risky move because a malicious actor might be monitoring that traffic. With this level of wariness you’re much more likely to investigate the undocumented open port on your network-controlled HDMI switch or the unusual traffic passing between your conference room control panels. Is that just a bug, or a backdoor vulnerability?
Many folks in the industry have wondered why security breaches happen over and over again. Often it’s a simple question of financial incentive. Until customers demand more secure products and manufacturers feel monetary pain for offering poorly secured products, we’ll continue to have to bend over backwards to secure our networks. As consultants, we regularly discuss security issues with all kinds of audiovisual manufacturers, but we are just one voice. We’ve even created questionnaires and scoring systems to help establish a minimum bar when it comes to the security features of audiovisual systems, but at the end of the day maintaining the security of any network is an ongoing battle.
Few organizations are prepared to spend the time and money required to fully evaluate the security of every product they deploy and even fewer are prepared to defend against all types of attacks, from nation states to insider threats. At the very least, we can continue to pressure all vendors to redouble their efforts to make networked devices more secure. And in the meantime it doesn’t hurt to implement the steps outlined above.