{"id":2373,"date":"2021-12-14T10:29:24","date_gmt":"2021-12-14T17:29:24","guid":{"rendered":"https:\/\/blogs.qsc.com\/systems\/?p=2373"},"modified":"2021-12-16T01:00:13","modified_gmt":"2021-12-16T08:00:13","slug":"configuring-q-sys-with-security-in-mind","status":"publish","type":"post","link":"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/","title":{"rendered":"Configuring Q-SYS with Security in Mind"},"content":{"rendered":"<div class=\"trp_language_switcher_shortcode\">\n<div class=\"trp-language-switcher trp-language-switcher-container\" data-no-translation>\n    <div class=\"trp-ls-shortcode-current-language\">\n        <a href=\"#\" class=\"trp-ls-shortcode-disabled-language trp-ls-disabled-language\" title=\"English (UK)\" onclick=\"event.preventDefault()\">\n\t\t\t English (UK)\t\t<\/a>\n    <\/div>\n    <div class=\"trp-ls-shortcode-language\">\n                <a href=\"#\" class=\"trp-ls-shortcode-disabled-language trp-ls-disabled-language\"  title=\"English (UK)\" onclick=\"event.preventDefault()\">\n\t\t\t English (UK)\t\t<\/a>\n                    <a href=\"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373\" title=\"English\">\n             English        <\/a>\n\n            <a href=\"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373\" title=\"Deutsch\">\n             Deutsch        <\/a>\n\n            <a href=\"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373\" title=\"Fran\u00e7ais\">\n             Fran\u00e7ais        <\/a>\n\n            <a href=\"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373\" title=\"Espa\u00f1ol\">\n             Espa\u00f1ol        <\/a>\n\n        <\/div>\n    <script type=\"application\/javascript\">\n        \/\/ need to have the same with set from JS on both divs. Otherwise it can push stuff around in HTML\n        var trp_ls_shortcodes = document.querySelectorAll('.trp_language_switcher_shortcode .trp-language-switcher');\n        if ( trp_ls_shortcodes.length > 0) {\n            \/\/ get the last language switcher added\n            var trp_el = trp_ls_shortcodes[trp_ls_shortcodes.length - 1];\n\n            var trp_shortcode_language_item = trp_el.querySelector( '.trp-ls-shortcode-language' )\n            \/\/ set width\n            var trp_ls_shortcode_width                                               = trp_shortcode_language_item.offsetWidth + 16;\n            trp_shortcode_language_item.style.width                                  = trp_ls_shortcode_width + 'px';\n            trp_el.querySelector( '.trp-ls-shortcode-current-language' ).style.width = trp_ls_shortcode_width + 'px';\n\n            \/\/ We're putting this on display: none after we have its width.\n            trp_shortcode_language_item.style.display = 'none';\n        }\n    <\/script>\n<\/div>\n<\/div>\n<p>The modernization of the AV industry is critical, and QSC has been innovating toward that end for decades. But now that we\u2019re seeing wide acceptance of networked AV \u2013 and mass realization of its many benefits \u2013 education toward how to configure a system with a security-centric mindset becomes increasingly urgent.<\/p>\n\n\n\n<p>QSC is committed to supplying the resources and education necessary to harden Q-SYS systems so that they might reflect our best practices, and align with organizational security environments. Below are fourteen areas to address when working to structure your Q-SYS system.<\/p>\n\n\n\n<p><strong>Upgrade Your Firmware:<\/strong> While this seems simple, Q-SYS OS firmware updates are neglected more often than is ideal. This easy step is the only way to ensure your system receives updated (and very necessary) security patches and features.<\/p>\n\n\n\n<p><strong>Enable Access Control:<\/strong> Don\u2019t give the keys to the kingdom to every user. Q-SYS has a variety of access control options, from user roles to the ability to create custom role permissions. Device passwords are also available to protect certain settings.<\/p>\n\n\n\n<p><strong>Set Your Q-SYS Core Date and Time:<\/strong> You might be scratching your head as to how this factors into a solid security plan, but security certificates use time and date in the certificate exchange. Any errors can result in security certificate negotiation failures.<\/p>\n\n\n\n<p><strong>Enable 802.1X:<\/strong> No, this isn\u2019t your favorite drivetime radio station. IEEE 802.1X is a standard that defines how to provide authentication for connecting devices on local area networks, and is used for both wired and wireless networks. Once enabled, Q-SYS Products can be configured so they can be authenticated and granted network access.<\/p>\n\n\n\n<p><strong>Harden Your Softphone Configuration:<\/strong> VoIP telephony still counts as a potential point of entry, and as such QSC recommends using only encrypted Softphone communications and secure ciphers.<\/p>\n\n\n\n<p><strong>Disable Your FTP Server:<\/strong> FTP servers were not built to be secure \u2013 it was originally structured to provide basic, unencrypted file transfer capability for connected users. Now it is widely considered to be a security risk. As such, the FTP server on the Q-SYS Core is disabled by default, and it is recommended that this \u2018disabled\u2019 status remains. Double-check your Q-SYS Core to ensure this is still the case.<\/p>\n\n\n\n<p><strong>Harden Your SNMP Server:<\/strong> Simple Network Management Protocol (SNMP) is an easily abused means of gaining unauthorized access to network devices. Because of this (and similar to the FTP Server) the SNMP server on a Q-SYS Core defaults to \u2018disabled\u2019. If it is absolutely necessary for the success of your system, QSC recommends implementing only SNMPv3 and following client network InfoSec guidance.<\/p>\n\n\n\n<p><strong>Install a Certificate Authority (CA)-signed Device Certificate:<\/strong> These are trusted entities that issue Secure Sockets Layer (SSL) digital certificates that certify ownership of a public key with a specific entity (your company). This allows network resources to confirm that the Q-SYS Product is authorized to be on your network.<\/p>\n\n\n\n<p><strong>Configure DNS:<\/strong> Domain Name System (DNS) can be used by potential attackers to redirect traffic to compromised network resources. Configuring your Q-SYS Core\u2019s network configuration so that only trusted DNS servers (that were provided by your IT Team) are utilized is a necessary safeguard.<\/p>\n\n\n\n<p><strong>Configure External Control:<\/strong> There are times you might need to leverage some sort of external control system to control or monitor your Q-SYS system. This integration can be a potential point of weakness, so it\u2019s a good idea to structure it mindfully. Two tactics are to leverage Management APIs over HTTPS for encrypted control of your Q-SYS Core. Through APT management you can ensure that your organizational APTs are both consumable and secure. The second tactic is to configure an external control PIN (personal identification number) to manage your access more granularly. &nbsp;<\/p>\n\n\n\n<p><strong>Configure UCI PIN Protection:<\/strong> And speaking of PINs, UCI (User Control Interface) PINs can also be configured to allow only authorized users access to your Q-SYS UCIs. Additionally, you can also make any of your UCIs private at the click of a button.<\/p>\n\n\n\n<p><strong>Configure Paging User PIN Protection:<\/strong> More PIN stuff! If you have a system utilizing the PA Paging functionality, then you\u2019re able to set up PIN-based user access to the paging stations themselves. This is especially important for stations located in public spaces. (Especially useful in thwarting those teenagers who can\u2019t resist jumping onto PA system and singing a few bars.)<\/p>\n\n\n\n<p><strong>Disable Unused Network Services:<\/strong> This one will take some coordination. You\u2019ll want to have a sit down with your system designer and catalog which network services are not required for the design running on your Core processor, and so can be disabled. The point is to eliminate as many potential points of entry as possible.<\/p>\n\n\n\n<p><strong>Register with Q-SYS Reflect Enterprise Manager:<\/strong> You want visibility? Who want remote monitoring\/management that includes third-party devices? By registering for Q-SYS Reflect Enterprise Manager, you gain an immediacy into all your Q-SYS-based AV systems. And when it comes to issues, including security threats, a speedy resolution becomes everyone\u2019s foremost priority.<\/p>\n\n\n\n<p>Now that you have a broad understanding of what ought to be done and why, how do you actually get to the doing? Your next step is click into our <a href=\"https:\/\/q-syshelp.qsc.com\/#Security\/Configure_Security.htm?TocPath=Plan%2520and%2520Learn%257CQ-SYS%2520Security%257C_____5\">security documentation<\/a>. There you\u2019ll find a streamlined list on the exact topics explained above, complete with links to in-depth instructions and resources.<\/p>","protected":false},"excerpt":{"rendered":"<p>The modernization of the AV industry is critical, and QSC has been innovating toward that end for decades. But now that we\u2019re seeing wide acceptance of networked AV \u2013 and mass realization of its many benefits \u2013 education toward how to configure a system with a security-centric mindset becomes increasingly urgent. QSC is committed to &hellip; <a href=\"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\">Read More<\/a><\/p>","protected":false},"author":57,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[33,28,32],"class_list":["post-2373","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-french","tag-german","tag-spanish"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Configuring Q-SYS with Security in Mind - Q-SYS<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Configuring Q-SYS with Security in Mind - Q-SYS\" \/>\n<meta property=\"og:description\" content=\"The modernization of the AV industry is critical, and QSC has been innovating toward that end for decades. But now that we\u2019re seeing wide acceptance of networked AV \u2013 and mass realization of its many benefits \u2013 education toward how to configure a system with a security-centric mindset becomes increasingly urgent. QSC is committed to &hellip; Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\" \/>\n<meta property=\"og:site_name\" content=\"Q-SYS\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-14T17:29:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-12-16T08:00:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogs.qsc.com\/app\/uploads\/sites\/2\/2021\/12\/video-distribution-social-1200x628-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bonnie Walker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bonnie Walker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\",\"url\":\"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\",\"name\":\"Configuring Q-SYS with Security in Mind - Q-SYS\",\"isPartOf\":{\"@id\":\"https:\/\/blogs.qsc.com\/systems\/#website\"},\"datePublished\":\"2021-12-14T17:29:24+00:00\",\"dateModified\":\"2021-12-16T08:00:13+00:00\",\"author\":{\"@id\":\"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/e9faa863c67e26bff23e1efd85edc9fd\"},\"breadcrumb\":{\"@id\":\"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blogs.qsc.com\/systems\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Configuring Q-SYS with Security in Mind\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blogs.qsc.com\/systems\/#website\",\"url\":\"https:\/\/blogs.qsc.com\/systems\/\",\"name\":\"Q-SYS\",\"description\":\"System Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blogs.qsc.com\/systems\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/e9faa863c67e26bff23e1efd85edc9fd\",\"name\":\"Bonnie Walker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/749bb7eb3dd2242d1e08dd6824b97c867fb36a08aa1f4bb73bb5bc59c03ec849?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/749bb7eb3dd2242d1e08dd6824b97c867fb36a08aa1f4bb73bb5bc59c03ec849?s=96&d=mm&r=g\",\"caption\":\"Bonnie Walker\"},\"description\":\"Bonnie Walker is a Product Marketing Manager for Installed Systems, and is part of the marketing team. In her role, she works with product managers, customers and other stakeholders to articulate the value of the Q-SYS Platform and Q-SYS Ecosystem. Bonnie comes from a SaaS marketing background and is passionate about leadership strategy, narrative tech marketing, and bougie Ramen.\",\"url\":\"https:\/\/blogs.qsc.com\/systems\/in\/author\/bonniewalker\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Configuring Q-SYS with Security in Mind - Q-SYS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/","og_locale":"en_GB","og_type":"article","og_title":"Configuring Q-SYS with Security in Mind - Q-SYS","og_description":"The modernization of the AV industry is critical, and QSC has been innovating toward that end for decades. But now that we\u2019re seeing wide acceptance of networked AV \u2013 and mass realization of its many benefits \u2013 education toward how to configure a system with a security-centric mindset becomes increasingly urgent. QSC is committed to &hellip; Read More","og_url":"https:\/\/blogs.qsc.com\/systems\/in\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/","og_site_name":"Q-SYS","article_published_time":"2021-12-14T17:29:24+00:00","article_modified_time":"2021-12-16T08:00:13+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/blogs.qsc.com\/app\/uploads\/sites\/2\/2021\/12\/video-distribution-social-1200x628-1.jpg","type":"image\/jpeg"}],"author":"Bonnie Walker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Bonnie Walker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/","url":"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/","name":"Configuring Q-SYS with Security in Mind - Q-SYS","isPartOf":{"@id":"https:\/\/blogs.qsc.com\/systems\/#website"},"datePublished":"2021-12-14T17:29:24+00:00","dateModified":"2021-12-16T08:00:13+00:00","author":{"@id":"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/e9faa863c67e26bff23e1efd85edc9fd"},"breadcrumb":{"@id":"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blogs.qsc.com\/systems\/2021\/12\/14\/configuring-q-sys-with-security-in-mind\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blogs.qsc.com\/systems\/"},{"@type":"ListItem","position":2,"name":"Configuring Q-SYS with Security in Mind"}]},{"@type":"WebSite","@id":"https:\/\/blogs.qsc.com\/systems\/#website","url":"https:\/\/blogs.qsc.com\/systems\/","name":"Q-SYS","description":"System Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blogs.qsc.com\/systems\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/e9faa863c67e26bff23e1efd85edc9fd","name":"Bonnie Walker","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/blogs.qsc.com\/systems\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/749bb7eb3dd2242d1e08dd6824b97c867fb36a08aa1f4bb73bb5bc59c03ec849?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/749bb7eb3dd2242d1e08dd6824b97c867fb36a08aa1f4bb73bb5bc59c03ec849?s=96&d=mm&r=g","caption":"Bonnie Walker"},"description":"Bonnie Walker is a Product Marketing Manager for Installed Systems, and is part of the marketing team. In her role, she works with product managers, customers and other stakeholders to articulate the value of the Q-SYS Platform and Q-SYS Ecosystem. Bonnie comes from a SaaS marketing background and is passionate about leadership strategy, narrative tech marketing, and bougie Ramen.","url":"https:\/\/blogs.qsc.com\/systems\/in\/author\/bonniewalker\/"}]}},"_links":{"self":[{"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/comments?post=2373"}],"version-history":[{"count":0,"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/posts\/2373\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/media?parent=2373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/categories?post=2373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.qsc.com\/systems\/in\/wp-json\/wp\/v2\/tags?post=2373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}