5 First Steps to Better Audio Video Network Security

Audio video network security should be one of your primary concerns. Here are some critical steps to take first in your commercial AV projects.

Paul Konikowski Leave a Comment
5 First Steps to Better Audio Video Network Security

As more and more AV devices find themselves on IP networks, the surface area for cyberattacks increases. Generally speaking, I advocate for AV devices to be placed on dedicated AV networks, not on the local area network, but this is not always possible. In either case, the audio video network security should be preserved.

Here are five ways that any IP network, AV or otherwise, can be made to be more secure:

1. Restrict Access, Including Physical Access

Start with the Principle of Least Privilege and don’t give users any more access than needed. If a malicious actor obtains a user’s login and password, you don’t want to give them the keys to the kingdom.

Use multi-factor authentication (MFA) and force users to reset their passwords periodically. Use role-based access controls (RBAC) to define what access a given role should have, and update those roles when an employee changes roles.

Review the access privileges on a regular basis to prevent “privilege creep”. You should also limit physical access to server rooms, IDF closets, computer labs, and data storage centers.

2. Update Software and Patch Vulnerabilities

In many of the largest data breaches, the vulnerability was discovered months before the attack, but the companies failed to patch their software. Put someone in charge of updates, and make it their responsibility to install all software patches immediately, and share these patches with your clients.

3. Segment Networks

As I mentioned in my last CI column, the Target attackers used stolen credentials of a HVAC contractor to access Target’s payment network; the Stuxnet worm was able to infect an air-gapped network using USB drives.

Although you may not be able to fully segregate your networks, you should apply the principle of Least Route to limit the physical and logical connections between networks. If an attacker gains access, you should make it more difficult to traverse the networks using firewalls and access control lists (ACLs).

4. Filter Outbound Traffic

Many of the biggest data breaches, including Target, Sony Pictures Entertainment, and the Office of Personnel Management, depended on outbound connections to send the data out of the infected network to the hackers, using common protocols like FTP, DNS, ICMP, HTTP, or HTTPS.

By carefully monitoring outbound traffic flows, and enforcing aggressive outbound filtering, you can make the data breaches more difficult for the attackers and minimize the impact of a breach.

5. Monitor Logs

Most network devices, including many audiovisual devices, have the ability to log everything that they do. The problem is that most companies don’t bother to look at the logs until they realize they have a problem.

Monitoring logs can be a very difficult task, as the amount of entries in them can be staggering. Luckily, there are log management tools that are designed for this task, to help filter out normal log entries, and highlight any anomalies.

These are just five ways to audio video network security, there are dozens more. How you implement these security controls depends largely on your network architecture and the personnel involved.

Start by asking if these five steps are being taken. If you don’t have the right skillset on-prem, consider outsourcing to a company like Strategic Communications (who also does AV integrations!).

About the Author


Paul Konikowski, CTS-D, is an independent freelance consultant who currently designs and coordinates audiovisual installations for military bases. Paul earned his Bachelor of Science in Computer Engineering from the Georgia Institute of Technology (Georgia Tech). He has recently completed Harvard University’s online shortcourse entitled “Cybersecurity: Managing Risk in The Information Age”, and is now pursuing a Master of Science degree in Cybersecurity at Georgia Tech. He can be reached via Twitter at @PKaudiovisual or via email pkav.info@gmail.com.

Commercial Integrator Magazine

Read More Articles Like This… With A FREE Subscription

Commercial Integrator is dedicated to addressing the technological and business needs of professional integrators who serve the small and midsize business market. Whether you design, sell, service, or install… work on offices, churches, hospitals, schools or restaurants, Commercial Integrator is the dedicated resource you need.


  • Ann Brigida says:

    Hi Paul!
    Great article – I’m happy to see this subject being addressed. In case you weren’t aware:
    AVIXA published Recommended Practices for Security in Networked AV Systems (RP-C303.01:2018) to provide guidance and current best practices for security networked AV systems of all sizes. Best practices are described for identifying vulnerabilities and potential threats, assessing risk, developing mitigation plans, and controls to continuously address and manage security risks in AV systems.
    Additional guidance is available from ISO standards as well; specifically the ISO/IEC 27000 series and ISO 31000:2018. You can find more information about AVIXA’s RP here: http://bit.ly/2yqTLQ9

    Ann Brigida, CTS, CStd, Senior Director of Standards at AVIXA

Leave a Reply

Your email address will not be published. Required fields are marked *