Built-in cybersecurity features

Protection from the inside out

Axis network products offer a variety of built-in cybersecurity features to counter different types of cyber-attacks, effectively battle vulnerabilities, and prevent unauthorized access to your system. From detecting firmware tampering to preventing device replacement, these features safeguard your system and help reduce the risk of digital attacks.

Authenticated by Axis

How can you be sure that your system is communicating with an authorized Axis device? You could physically inspect the product out of the box, but how can you guarantee that the device itself hasn’t been replaced? Following the latest international standard for secure device identity (IEEE 802.1AR), compatible Axis devices automate and secure the identification of the device over a network. Compatible devices run firmware version 10.1 and include the Axis Edge Vault component. This component protects the Axis device ID, a collection of certificates including a digitally signed version of the globally unique serial number of your Axis device. Axis device ID simplifies the authorization of Axis products on your network ensuring cost-efficient configuration to save you time and money.

Certified key storage

Used in selected Axis products, the Trusted Platform Module (TPM) is a standalone hardware component that ensures cryptographic keys and certificates are safe and secure, even in the event of a security breach. All private keys are stored within the TPM and all cryptographic operations requiring the private key are sent to the TPM for processing. It’s not possible to modify anything inside the TPM, so the secret part of the certificate is always safeguarded. The TPM in Axis products is certificated to meet the requirements of FIPS 140-2 level 2 and includes role-based operator authentication and tamper evidence.

Axis firmware – only from Axis

Attackers may try to deceive system owners into installing altered firmware which may include malicious code. Signed firmware prevents this. You can verify the integrity of the firmware before you install new devices or upgrade existing ones. Axis firmware is signed using a digital signature. This process is based on the RSA public-key encryption method, where the public key is embedded in the Axis device and the private key is stored in a safe and secure location at Axis. Devices with signed firmware can validate the firmware before allowing installation. This guarantees that the firmware is indeed from Axis and hasn’t been compromised.

Signed firmware is included in all devices running firmware version 9.20, and certain Axis devices using firmware version 8.40. Firmware version 9.20 is available for download on all new Axis products and most legacy products.

Secure startup every time

Based on the use of signed firmware, secure boot acts as a gatekeeper for your surveillance system. This functionality ensures unauthenticated, tampered code is blocked and rejected during the boot process before it can attack or infect your system. Furthermore, Axis signed firmware allows you to safely restore the device to its default factory state, and secure boot will guarantee it’s completely free of malware after a factory default.