As an industry-leader and global pioneer in IP-based AV distribution systems, ZeeVee takes security seriously.
AV over IP is a practical, cost-effective solution to deliver high quality video while reducing complicated delivery systems and high cost equipment, but also might be the target of some wannabe hackers. That’s why it’s critical to emphasize security when deploying AV over IP solutions with strong access controls, encryption, and digital content protection.
Mitigate Security Risks
ZeeVee’s solutions have been engineered to ensure the highest possible security for AV over IP. That’s why stadiums, government agencies, Fortune 500 companies, and universities have chosen ZeeVee.
- AV over IP data encryption to protect confidential video content against eavesdropping and unauthorized disclosure.
- Strong user authentication mechanisms to ensure only authorized administrators and applications gain access to the AV over IP management platform.
- Management stream encryption to ensure data privacy for customer administrators or third-parties performing remote administration over corporate or public network connections.
- Digital content protection mechanisms and media stream encryption to safeguard intellectual property and prevent pirating.
Defense-In-Depth Provides Ultimate Protection
Conceived by the National Security Agency (NSA), Defense-in-Depth is a layering tactic that provides a more holistic approach to data and electronic security. It is composed of three areas: Physical, Technical, and Administrative. Strong controls across these three areas can help mitigate risks. ZeeVee’s Defense-in-Depth implementation provides digital rights protection, video stream encryption, encrypted and access-controlled management platforms, and encrypted communication.
Management System Access Controls
Starting with strong passwords, the management platform uses HTTPS (Secure Hypertext Transfer Protocol) & SSH (Secure File Transfer Protocol) protocols that authenticates users.
Encrypted Traffic with Military-Grade Encryption
AV traffic between devices is automatically encrypted using AES128 algorithm, the same block cipher that the United States government uses to protect top secret and classified information. In the unlikely events, a hacker is able to access a dedicated IP network, this encryption prevents eavesdropping and hijacking attempts.
Safeguarding Copyright-Protected Content
ZeeVee systems are deployed around the world to stream copyright-protected content. ZyPer4K encoders/decoders are protected by standards-based end-to-end HDCP 2.2 (High-Bandwidth Digital Content Protection) to ensure digital right compliance.
ZeeVee’s defense-in-depth approach to AV over IP security guards against a wide variety of potential threats.
AV over IP Security Best Practice Guidelines
ZeeVee’s strong security capabilities help customers eliminate vulnerabilities and minimize risks. In addition to implementing ZyPer security features, ZeeVee recommends system integrators follow these best practices:
- Deploy the AV over IP system on a dedicated IP network or distinct VLAN segment to isolate traffic and restrict network access.
- In shared network environments force VLAN tagging on AV switch ports to prevent rogue devices and unauthorized users from accessing other network segments.
- Disable USB and Ethernet utility ports on ZyPer4K encoders and decoders deployed in public spaces to prevent rogue devices from connecting to the network.
- Ensure ZyPer4K encoders and decoders are always running the latest firmware releases.
- Protect the integrity of the ZyPer Management Platform. Install the ZMP in a physically secure location. Disable Telnet access. Use strong passwords to tightly control access to the MaestroZ user interface and the ZMP API. Regularly rotate MaestroZ passwords to bolster security. Ensure the ZMP is always running the latest software release.
- Protect the integrity of Ethernet switching equipment. Install Ethernet switches in a physically secure location. Implement strong user authentication and authorization controls for the Ethernet switch management console. Lock down unused UDP/TCP ports. Disable unused network services. Ensure the switch is always running the latest firmware/software updates. Follow any additional security guidelines recommended by the Ethernet switch manufacturer.
- Work closely with the corporate IT or networking organization if connecting the ZMP to the corporate IP network or the public internet. The corporate IT team can ensure the management platform is deployed and secured in accordance with company policies.
For More Information
To see how ZeeVee can help you take full advantage of all the benefits of AV over IP without compromising security, visit zeevee.com/contact.