Axis Communications announced support for the IEEE 802.1AE MACsec security standard in the latest release of the Axis operating system, AXIS OS 11.8, for more than 200 network devices, including cameras, intercoms and audio speakers. The development enables such devices to automatically encrypt data at a foundational level to enhance zero-trust networking.
With AXIS OS 11.8, MACsec is enabled by default (through EAP-TLS/Dynamic CAK mode). Data is encrypted at the Ethernet Layer 2 (data link) network level, safeguarding the integrity of data being transferred between Axis devices and MACsec-enabled Ethernet switches. Because it operates at layer 2, MACsec can encrypt and protect data that could not previously be encrypted such as NTP, DHCP for general device operation, and RTP/RTSP for video streaming. Even if a user is already implementing HTTPS or a different form of encryption at another layer, adding MACsec at layer 2 effectively double encrypts the data, ensuring that an attacker would need to intercept and decrypt both layers in order to see or steal critical information. This makes the attacker’s job considerably more difficult, significantly increasing protection against attacks including denial of service, intrusion, man-in-the-middle data insertion and eavesdropping.