EasyManua.ls Logo

Axis M30 Series - IEEE 802.1 x Network Access; Brute-Force Attack Prevention; IP Address Filtering; Custom Firmware Certificate

Axis M30 Series
57 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
AXISM30NetworkCameraSeries
Thedeviceinterface
Createcerticatesigningrequest:Createacerticatesigningrequesttosendtoaregistrationauthoritytoapply
foradigitalidentitycerticate.
IEEE802.1x
IEEE802.1xisanIEEEstandardforport-basednetworkadmissioncontrolprovidingsecureauthenticationofwiredandwireless
networkdevices.IEEE802.1xisbasedonEAP(ExtensibleAuthenticationProtocol).
ToaccessanetworkprotectedbyIEEE802.1x,networkdevicesmustauthenticatethemselves.Theauthenticationisperformedby
anauthenticationserver,typicallyaRADIUSserver(forexampleFreeRADIUSandMicrosoftInternetAuthenticationServer).
Certicates
WhenconguredwithoutaCAcerticate,servercerticatevalidationisdisabledandthedevicetriestoauthenticateitself
regardlessofwhatnetworkitisconnectedto.
Whenusingacerticate,inAxis'implementation,thedeviceandtheauthenticationserverauthenticatethemselveswithdigital
certicatesusingEAP-TLS(ExtensibleAuthenticationProtocol-TransportLayerSecurity).
Toallowthedevicetoaccessanetworkprotectedthroughcerticates,asignedclientcerticatemustbeinstalledonthedevice.
Clientcerticate:SelectaclientcerticatetouseIEEE802.1x.Theauthenticationserverusesthecerticatetovalidatethe
client’sidentity.
CAcerticate:SelectaCAcerticatetovalidatetheauthenticationserver’sidentity.Whennocerticateisselected,thedevice
triestoauthenticateitselfregardlessofwhatnetworkitisconnectedto.
EAPidentity:Entertheuseridentityassociatedwiththeclientcerticate.
EAPOLversion:SelecttheEAPOLversionthatisusedinthenetworkswitch.
UseIEEE802.1x:SelecttousetheIEEE802.1xprotocol.
Preventbrute-forceattacks
Blocking:Turnontoblockbrute-forceattacks.Abrute-forceattackusestrial-and-errortoguesslogininfoorencryptionkeys.
Blockingperiod:Enterthenumberofsecondstoblockabrute-forceattack.
Blockingconditions:Enterthenumberofauthenticationfailuresallowedpersecondbeforetheblockstarts.Youcansetthe
numberoffailuresallowedbothonpagelevelanddevicelevel.
IPaddresslter
Uselter:SelecttolterwhichIPaddressesthatareallowedtoaccessthedevice.
Policy:ChoosewhethertoAllowaccessorDenyaccessforcertainIPaddresses.
Addresses:EntertheIPnumbersthatareeitherallowedordeniedaccesstothedevice.YoucanalsousetheCIDRformat.
Custom-signedrmwarecerticate
ToinstalltestrmwareorothercustomrmwarefromAxisonthedevice,youneedacustom-signedrmwarecerticate.The
certicateveriesthatthermwareisapprovedbyboththedeviceownerandAxis.Thermwarecanonlyrunonaspecic
devicewhichisidentiedbyitsuniqueserialnumberandchipID.Custom-signedrmwarecerticatescanonlybecreated
byAxis,sinceAxisholdsthekeytosignthem.
ClickInstalltoinstallthecerticate.Youneedtoinstallthecerticatebeforeyouinstallthermware.
30

Table of Contents

Other manuals for Axis M30 Series

Preview: Repainting Instructions
Repainting Instructions5 pages
Preview: Technical Specifications
Technical Specifications4 pages
Preview: Installation Guide
Installation Guide32 pages

Related product manuals