10 Ways to a Safer Q-SYS System


Some people on the internet just stink (not just the trolls on your Instagram feed hating on your quarantine haircut). October is CyberSecurity Awarness Month, so we thought we might give you 10 easy tips for better securing your Q-SYS system.

#1 – Choose Your LANs Wisely

Ever wondered why there are so many network ports on your Q-SYS Cores? They give you flexibility to decide how you want to deploy your AV system. Want to use one network to do realtime AV streaming and then use a different one for cloud-based management and monitoring ? No problem! What’s more, those network interfaces are fully isolated for maximum security.

#2 – Make Sure You Have the Latest Security Features and Patches

At QSC, we are constantly monitoring the IT security landscape and reacting to vulnerabilities whenever required.  We include new security patches and improvements in nearly every Q-SYS firmware release so always make sure you’re running the latest firmware.

#3 – Always Enable Access Control (Always!)

It doesn’t matter whether you’re installing your system on a heavily protected, isolated network or a fully integrated corporate IT infrastructure, setting up a unique username and password is the easiest way to protect your AV system. Access Control is enabled via Q-SYS Core Manager and literally takes seconds to configure.

#4 – Disable Unnecessary Network Services

Q-SYS Core Manager describes all of the higher level network services running on each network interface on your Core and provides the ability to enable / disable those per network port. Disabling any unnecessary network services is a very efficient way of hardening the security of your AV system by reducing any potential attack vectors.

#5 – Leverage IT Industry Standard Security Protocols Such as 802.1X

The easiest route into your AV system for a ‘bad actor’ is via the network. But, what if you could stop bad actors from connecting their devices to your network in the first place? 802.1X enables the network infrastructure to reject connections from unauthorized devices and only accept connection requests from authorized devices such as Q-SYS Cores and peripheral devices. Support for 802.1X is available in Q-SYS Designer Software v8.4 or higher.

#6 –Install an Authorized Security Certificate (and Make Your IT Security Admin Smile)

Certificates are the industry standard method to validate that devices and websites are who they claim to be. Installing a security certificate from your IT group on to your Q-SYS Cores and peripherals ensures that they are recognized, authorized and trusted on your IT managed network.

#7 – Protect Q-SYS Paging Stations or Touchscreen Controllers in Public Spaces

Consider using a PIN to manage access to paging stations and UCI’s to ensure that only authorized personnel are using your AV system. Remember that PINs can also be used to provide tailored sets of commands for each user on any physical paging station.

#9 – Connect to the Cloud Safely…

Q-SYS Core processors can be configured to connect to the Q-SYS Reflect Cloud via secure, encrypted communications over standard HTTPS and Secure Web Sockets (WSS). Protect your Core behind a gateway and firewall and give it an appropriate DNS and NTP configuration. That’s it – you’re done! You never need to apply a public facing IP address or configure complex port forwarding rules to access any QSC web service.

#10 – … and The Cloud Will Make Your Life Easier!

Q-SYS Reflect Enterprise Manager leverages industry standard techniques to ensure that your AV systems, and your data, are protected. By leveraging Enterprise Manager, you can configure, monitor and manage all of the above security guidelines on every Q-SYS Core you own, irrespective of where it is physically installed. For more information, visit www.qsys.com/enterprisemanager