EasyManua.ls Logo

Axis D4100-E - Prevent brute-force attacks; IP address filter; Custom-signed firmware certificate

Axis D4100-E
37 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISD4100-ENetworkStrobeSiren
Thedeviceinterface
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexampleFreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,asignedclientcerticatemustbeinstalledonthedevice.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectaCAcerticatetovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
IPaddresslter
Uselter:SelecttolterwhichIPaddressesthatareallowedtoaccessthedevice.
Policy:ChoosewhethertoAllowaccessorDenyaccessforcertainIPaddresses.
Addresses:EntertheIPnumbersthatareeitherallowedordeniedaccesstothedevice.YoucanalsousetheCIDRformat.
Custom-signedrmwarecerticate
ToinstalltestrmwareorothercustomrmwarefromAxisonthedevice,youneedacustom-signedrmwarecerticate.The
certicateveriesthatthermwareisapprovedbyboththedeviceownerandAxis.Thermwarecanonlyrunonaspecic
devicewhichisidentiedbyitsuniqueserialnumberandchipID.Custom-signedrmwarecerticatescanonlybecreated
byAxis,sinceAxisholdsthekeytosignthem.
ClickInstalltoinstallthecerticate.Youneedtoinstallthecerticatebeforeyouinstallthermware.
18

Table of Contents

Other manuals for Axis D4100-E

Preview: Installation Guide
Installation Guide34 pages

Related product manuals