Security recommendations

Follow these recommendations to enhance the security of your devices.

Limit attack surfaces

It is good practice to limit the possible attack surfaces of a device to the absolute minimum needed to fulfill the requirements of the use case. To support this, Sennheiser allows the configuration of several TC Bar features:

  • The following interfaces and protocols are configurable and disabled by default:
    • Cloud connection to Sennheiser DeviceHub
    • Bluetooth®
    • Dante®
    • 3rd Party Access

  • The following interfaces and protocols are configurable and enabled by default:

    • IR remote control
    • mDNS
    • HDMI®

Recommendations for stand-alone (USB) setup

To facilitate secure connections and interactions with the bar using only USB, the TC Bar includes a unique 12-character initial password for its control interface. This secures the control access in case the device is accidentally connected to a network, while a pure USB setup is intended.

  • If you are using a room PC (e.g. Microsoft Teams Room/MTR) you should configure it to apply updates to the TC Bar using the regular Windows Update process. The update will be carried out automatically and silently through the connected USB link without any user interaction. This process will not use Ethernet, contrary to all other communication to Sennheiser Control Software.

  • If you are setting up an BYOD setup, where users connect their own devices to the TC Bar for the meeting, you should plan a regular schedule to apply updates to the TC Bar to ensure an optimal security level.

Recommendations for network setup

In case the TC Bar is connected to a network, make sure to change the default device password. To do so, simply connect to the same network the TC Bar is connected to, and access the Local Web UI or Sennheiser Control Cockpit to discover the device and claim it. During the claiming process, you are guided to change the device password.

In addition, you can use Control Cockpit to enable or disable interfaces and protocols, and to configure your device’s network settings.

Keep software up to date

Sennheiser releases firmware updates for security issues in a timely manner. Users of TC Bars should keep their devices updated to the latest version. The user can manually trigger the device update in DeviceHub or Control Cockpit at their convenience. In addition, DeviceHub will notify automatically once a new firmware update is available.

Please always keep your systems up to date.

Use strong passwords

To protect control access over the network, you must choose a strong password with at least 10 characters that includes at least one of each of the following:
  • lowercase letter: a, b, c, …, x, y, z
  • uppercase letter: A, B, C, …, X, Y, Z
  • digit: 0, …, 9
  • at least one special character that is present on a standard US-layout keyboard: !#$%&()*+,-./:;<=>?@[]^_{|}~

To protect each individual user installation, there are no generic passwords. Whenever a TC Bar is controlled over the network, the passwords used are always chosen by the user.