85
server instructs the switch or access point to open the port to allow data from the network camera
to pass through the switch and be sent over the network.
Figure 9.5a IEEE 802.1X enables port-based security and involves a supplicant (e.g., a network camera), an authen-
ticator (e.g., a switch) and an authentication server. Step 1: network access is requested; step 2: query forwarded to
an authentication server; step 3: authentication is successful and the switch is instructed to allow the network
camera to send data over the network.
9.5.4 HTTPS or SSL/TLS
HTTPS (Hyper Text Transfer Protocol Secure) is identical to HTTP but with one key difference: the
data transferred is encrypted using Secure Socket Layer (SSL) or Transport Layer Security (TLS).
This security method applies encryption to the data itself. Many Axis network video products
have built-in support for HTTPS, which makes it possible for video to be securely viewed using a
web browser. The use of HTTPS, however, can slow down the communication link and, therefore,
the frame rate of the video.
9.5.5 VPN (Virtual Private Network)
With VPN, a secure “tunnel” between two communicating devices can be created, enabling safe
and secure communication over the Internet. In such a set up, the original packet, including the
data and its header, which may contain information such as the source and destination
addresses, the type of information being sent, the packet number in the sequence of packets and
the packet length, is encrypted. The encrypted packet is then encapsulated in another packet
that shows only the IP addresses of the two communicating devices (i.e., routers). This set up
protects the traffic and its contents from unauthorized access, and only devices with the correct
“key” will be able to work within the VPN. Network devices between the client and the server
will not be able to access or view the data.
Authentication
Server (RADIUS)
or other LAN
resources
Authenticator
(Switch)
1
Supplicant
(Network camera)
2
3
NETWORk TECHNOLOGIES - CHAPTER 9
