AXIS 241Q/241S - System options 39

Notes:

• If the referrals feature is enabled and you wish to also allow normal access to the Live

 

View page, the product's own IP address or host name must be added to the list of allowed

 

referrers.

Restricting referrers has no effect on an MPEG-4 video stream. To restrict an MPEG-4 stream, IP address filtering must be enabled.

Restricting referrers is of greatest value when not using IP address filtering. If IP address filtering is used, then the allowed referrers are automatically restricted to those allowed IP addresses.

HTTPS

For greater security, AXIS 241Q/241S can be configured to use HTTPS (Hypertext Transfer Protocol over SSL (Secure Socket Layer)). That is, all communication that would otherwise go via HTTP will instead go via an encrypted HTTPS connection.

A self-signed certificate can be used until a Certificate Authority-issued certificate has been obtained. Click the Create self-signed Certificate button to install a self-signed certificate. Although self-signed certificates are free and offer some protection, true security is only implemented after the installation of a signed certificate issued by a certificate authority.

A signed certificate can be obtained from an issuing Certificate Authority by clicking the Create Certificate Request button. When the signed certificate is returned, click the Install signed certificate button to import the certificate. The properties of any certificate request currently resident in the camera or installed can also be viewed by clicking the Properties...

button. The HTTPS Connection Policy must also be set in the drop-down lists to enable HTTPS in the camera.

For more information, please see the online help .

IEEE 802.1x - Network Admission Control

IEEE 802.1x is an IEEE standard for port-based Network Admission Control. It provides authentication to devices attached to a network port (wired or wireless), establishing a point-to-point connection, or, if authentication fails, preventing access on that port.

802.1x is based on EAP (Extensible Authentication Protocol).

In a 802.1x enabled network switch, clients equipped with the correct software can be authenticated and allowed or denied network access at the Ethernet level.

Clients and servers in an 802.1x network may need to authenticate each other by some means. In the Axis implementation this is done with the help of digital certificates provided by a Certification Authority. These are then validated by a third-party entity, such as a RADIUS server, examples of which are Free Radius and Microsoft Internet Authentication Service.

To perform the authentication, the RADIUS server uses various EAP methods/protocols, of which there are many. The one used in the Axis implementation is EAP-TLS (EAP-Transport Layer Security).

Page 39
Image 39
Axis Communications user manual Ieee 802.1x Network Admission Control, Axis 241Q/241S System options