Newsletter–Tech/Application Focus

September, 2022

Security is Key in AVoIP

Security is Key in AVoIP

A constant issue and consideration for deploying an AVoIP solution is to ensure the host organization’s network security will not be compromised. The ZyPer4K system and its companion ZyPer Management Platform implement several robust security-related features outlined below.

Encryption Between Endpoints

All AV traffic between ZyPer4K encoders and decoders, including audio, video, RS-232, USB and IR communications, uses an advanced encryption standard (AES-128). This level of encryption is sufficient to protect U.S. government classified information up to the SECRET level.

High-bandwidth Digital Content Protection

ZyPer4K units support end-to-end high-bandwidth digital content Protection (HDCP 2.2), a form of copy protection that prevents the copying of digital, audio and video content. The system is meant to stop HDCP-encrypted content from being played on unauthorized devices or devices which have been modified to copy HDCP content. This feature cannot be disabled and provides a 100% assurance of HDCP compliance.

ZyPer Management Platform

The ZyPer Management Platform has a basic level of security that enables only password-protected access via the ZyPer Management Platform GUI (via JSON) or its API. Telnet access to the management platform can also be disabled.

USB Ports

The ZyPer4K USB ports can be filtered to disable unauthorized access. Filter options include:

  • None – Allows any USB compatible device to interface over ZyPer4K
  • HID – Allows only human interface devices (mouse/keyboard)
  • Storage – Allows any USB compatible device except mass storage

1Gb Ethernet Utility Port

The 1Gb Ethernet utility port found on the ZyPer4K encoders and decoders provides a convenient means of accessing the network. For security reasons, these ports can be disabled via the API.

Port-Based Access Control

The ZyPer4K family of products support 802.1X MAC-address authentication or MAC Address Authentication Bypass. This means you simply have to enter the list of your ZyPer4K TX and RX devices’ MAC addresses into the RADIUS server and enable them on the network. MAC Address Authentication is supported by all major switch vendors including Arista, Cisco, Dell, Extreme, HP, Netgear and Commscope/Ruckus.

10Gb Security

The fact that ZyPer4K is on a 10Gb network and uncompressed video traffic is always greater than 1Gb provides a level of security to “remote data theft.” External (internet) access to any 10Gb AV over IP system will be conducted using a link with 1Gb or much less bandwidth. For example, it is a physical impossibility to steal uncompressed AV traffic with a bandwidth of 6.5Gb/sec via a 1Gb/sec link.