Axis OS 11 Products Support IEEE 802.1AE MACsec

The IEEE 802.1AE MACsec security standard is supported by the AXIS OS 11.8 system for more than 200 network devices.

 

Axis OS 11 Products Support IEEE 802.1AE MACsec
Axis OS 11 Products Support IEEE 802.1AE MACsec

Axis Communications announced the support for the IEEE 802.1AE MACsec security standard in the latest release of the Axis operating system, AXIS OS 11.8, for more than 200 network devices, including cameras, intercoms, and audio speakers. The development enables such devices to automatically encrypt data at a foundational level to enhance zero-trust networking. Axis became the first manufacturer of physical security products to support MACsec (Media Access Control Security). 

With AXIS OS 11.8, MACsec is enabled by default (through EAP-TLS/Dynamic CAK mode). Data is encrypted at the Ethernet Layer 2 (data link) network level, safeguarding the integrity of data being transferred between Axis devices and MACsec-enabled Ethernet switches. Because it operates at layer 2, MACsec can encrypt and protect data that could not previously be encrypted such as NTP, DHCP for general device operation, and RTP/RTSP for video streaming. Even if a user is already implementing HTTPS or a different form of encryption at another layer, adding MACsec at layer 2 effectively double encrypts the data, ensuring that an attacker would need to intercept and decrypt both layers in order to see or steal critical information. This makes the attacker’s job considerably more difficult, significantly increasing protection against attacks including denial of service, intrusion, man-in-the-middle data insertion and eavesdropping. 

The adoption of IEEE 802.1AE MACsec builds on Axis’ implementation of the IEEE 802.1AR Secure Device Identity (DevID) standard, together with IEEE 802.1X EAP-TLS network access control. Default support for the three IEEE standards on Axis devices enables automated device onboarding, authentication, and end-to-end encryption, providing IT professionals with standard mechanisms to efficiently and securely integrate Axis devices into a corporate network.

MACsec allows for an exchange and verification of encryption keys between a MACsec-enabled device and switch. Data within each Ethernet frame is then encrypted and decrypted in real time using AES-GCM 128-bit, enabling fast and secure transfer of data. AXIS OS 11.8 supports the two standard IEEE 802.1AE security modes: dynamic CAK (EAP-TLS), which is automatic and enabled by default, and static CAK (pre-shared key) for manual configuration.

Secure onboarding of an Axis device can be done through IEEE 802.1X EAP-TLS port-based network access control, in combination with an Axis device’s support for IEEE 802.1AR. IEEE 802.1AR is part of the Axis Edge Vault cybersecurity platform and enables automatic authentication in an IEEE 802.1X network. Axis loads unique, IEEE 802.1AR-compliant Initial Device Identifiers (IDevIDs) into a tamper-protected hardware cryptographic computing module that is embedded in Axis IoT products at the time of manufacture, protecting the IDevIDs against probing.

Seamless onboarding can be achieved with any network access control solution that supports the IEEE standards.

Click here for more Product News. 

Cyber Security, Product News, Products & Services

Axis, Axis Communications, AXIS OS 11.8, Cyber Security, Data Encryption, digital security, Digital Security System, IEEE 802.1AE MACsec, Media Access Control Security, zero-trust networking

Sponsored Content
Featured Video

Webinars, Podcasts & Videos

Under the care of ABM, systems perform, businesses prosper, and occupants thrive.

Where Others See a Facility, We See Possibility

Under the care of ABM, systems perform, businesses prosper, and occupants thrive.

crime scene

Listen Now: What To Do When Your Facility Becomes A Crime Scene

A business continuity analyst discusses steps FM teams need to consider after a crime has been committed in their buildings.

Facilities Teams, ARC Facilities Webinar

Did You Miss Our “Solving The Hidden Assets Challenge” Webinar?

Hidden assets can be a challenge for facilities teams. View this free video webinar on demand and learn how your team can retain knowledge and streamline operations.

Receive the latest articles in your inbox

Share to...