Security at Crestron

Thousands of companies across hundreds of industries, government agencies, universities, and more have standardized on Crestron products. They trust and rely on Crestron to make their lives simpler and work/ education environments secure. Central to that success is Crestron's unwavering commitment to network security. Simply put, "If it's on the network, it must be secure." Clients need to know who and what is on their network.

Our Process

A secure system, of course, doesn't just happen. There are large number of considerations that need to be accounted for throughout the development process. Crestron allocates and dedicates resources to define the problem spaces and document the appropriate solutions.

Step 1 - Identifying risks that are applicable to the systems and identifying assumptions about the operating environment.

Step 2 - All source code is reviewed to ensure not only proper functionality, but also conformance to security guidelines.

Step 3 - Source code is subjected to scans using automated tools that review code for common errors and security holes.

Step 4 - A rigorous testing process is in place once the software/firmware is compiled and loaded into systems. Each night, the latest code is built and automated tests are run to ensure system stability. Included in these tests are standard network scanning tools to ensure there are no unauthorized ports, etc. which have been open.

Providing network security at the product level.

Enterprise IT departments categorize devices that don't support these features as a security risk.

  • AES Encryption - Ensures secure transmissions. The same protocol banks use to protect transactions on the Internet.
  • 802.1x Authentication - Ensures that every device on the network is explicitly authorized by the IT department.
  • Active Directory® - Centralized credential management ensures that only authorized users gain access.
  • NIAP & JITC Certifications - Crestron products have received approval by the Joint Interoperability Test Command (JITC) of the U.S. Department of Defense Information Systems Agency (DISA) and have been added to the Unified Capabilities (UC) Approved Products List (APL). Additionally, Crestron offers products that are NIAP/Common Criteria certified, ensuring they meet rigorous security standards.
  • PKI Authentication - Required when simple passwords are inadequate to confirm the identity of the parties involved in a particular action or communication, and to validate the information being transferred.
  • TLS - The most widely used security protocol, TLS provides privacy and data integrity between two applications communicating over a network.
  • SSH Network Protocol - Encrypts and protects communications, whereas Telnet, used in other Network AV products, does not.
  • HTTPS - The secure version of HTTP, HTTPS encrypts the data sent between your web browser and the website you're connected to, ensuring the privacy and integrity of the exchanged data. The "S" at the end of HTTPS stands for "Secure."
  • Secure CIP - Ensures communications between Crestron control processors and DM NVX devices are secure.

Resources & Documentation

Updated: 11/25/2024

The documents below describe in-depth the steps needed to secure a Crestron installation. These documents assume the reader has a basic understanding of security functions and protocols.

Crestron Toolbox Help Files
MyCrestron.com
Support
Additional Resources

Security Advisories

Vulnerability:

 

Updated Date:

 

Threat:

 

Identifier:

 

How is Crestron Affected:

 

Resources: