Threats and Mitigation

As a result of the broad capabilities of Q-SYS and its optional integration with third-party devices, there are many reasons why Q-SYS might be a target from an information security perspective:

• To gain access to, or interfere with, the audio, video, and control signals being processed and distributed by the system – for example, site-wide paging announcements or audio and video content in collaboration spaces.
• To traverse the Q-SYS system to gain access to other assets on the network such as I/O endpoints or servers and workstations.

Mitigation Recommendations

When evaluating the appropriate level of hardening or mitigation paths to incorporate into a Q-SYS deployment, it is recommended to consider:

• The value and confidentiality of the audio, video, or control signal content throughout the system.
• The value and vulnerability of other, potentially unrelated, network assets that could be accessed if the Q-SYS system were to be compromised.

Tip: This documentation extensively covers Q-SYS from an IT security perspective and provides you with information necessary to appropriately harden a Q-SYS system for deployment on a network. However, due to the wide variety of applications where Q-SYS is deployed, and also due to the varying Information Security requirements associated with unique customer needs, it is recommended that an independent threat model be undertaken for each deployment where IT security is a concern.