A common misconception is that once a network device is installed, it requires minimal maintenance. However, this 'set-and-forget' approach can leave devices vulnerable to emerging cybersecurity threats and exploits. In reality, device management is critical throughout the entire product lifecycle - from initial setup to decommissioning. This article highlights essential cybersecurity measures and demonstrates how Axis device management software helps mitigate risks at every stage.
Implementation
The foundation of a secure and efficient system is laid during the implementation phase, where careful planning and execution can make all the difference. During this critical stage, involving configuration and staging, installation, deployment and onboarding, there are important measures to take before handing the system over to the customer.
Upgrading the device to the latest recommended device software version is a critical step. When implementing a device, it's essential to check that the latest software version is installed, considering that updates may have occurred during the time elapsed between device production and implementation.
Using up-to-date device software ensures inclusion of the most recently identified bug fixes. Crucially, it helps maintain cybersecurity by addressing vulnerabilities through the latest patches. As cybersecurity is a constantly moving target, applying the latest device software version helps ensure a stable and secure system.
While device software updates can be done manually through the device’s web interface, using device management software gives you more control over these critical installation and security tasks. AXIS Device Manager, for instance, lets you efficiently update device software in bulk, set network parameters, deploy certificates, and configure other essential settings. By leveraging AXIS Device Manager, you can save time and effort in implementing and securing your devices, while also ensuring they remain up-to-date and compliant with the latest security standards.
In addition to updating device software, recommendations on security policies and advice on deployment can be found in the AXIS OS hardening guide. To further enhance security, AXIS Device Manager Extend allows you to set recommended security policies, such as making sure file transfer protocol (FTP) and secure shell (SSH) protocol are always closed. This ensures that parameters are constantly maintained with the most up-to-date security compliance. Even if the settings are changed in error, the management software can revert to the set policy.
You can also use AXIS Device Manager Extend to apply application policies, such as making sure that AXIS Video Motion Detection is always running the most up-to-date version on selected cameras. AXIS Device Manager Extend will also allow users to install and directly configure most applications on Axis devices.
In service
Keeping track of a large number of devices during their lifetime on the network can be very time-consuming. In addition to inventory management and understanding the status of each device, key requirements include monitoring, maintenance, and upgrades across the system. An efficient and convenient way to monitor and perform maintenance is to use AXIS Device Manager Extend as a complement to AXIS Device Manager.
AXIS Device Manager Extend provides a centralized dashboard that allows efficient inventory and asset management, ideal for multisite operations. With remote access, crucial maintenance tasks can be scaled, such as upgrading the operating system, AXIS OS; defining, applying and enforcing security policies; and managing applications. It also helps speed up troubleshooting, allowing you to identify and resolve potential issues remotely, reducing the time and expense usually required for a site visit. The system administrator can use the software to instantly check the operational status of a device, its connection stability, and that all devices are operating as intended.
The management software can also indicate to the administrator the status of the device’s operating system and whether it is up to date. As cybersecurity threats evolve rapidly, making regular software updates is essential to ensure your devices are ready to face the latest cybersecurity threats. Via AXIS Device Manager Extend, device software upgrades can be pushed out to any connected device with just a few clicks to ensure it is running on up-to-date software.
Some organizations can be reluctant to upgrade in-service device software due to concerns that upgrades can affect system stability. Axis device management software provides two options to keep AXIS OS up to date: the active track and the long-term support (LTS) track. In the active track, AXIS OS is continually updated with new features and security patches. Alternatively, organizations with concerns regarding upgrades have the flexibility to use AXIS OS on the LTS track, which provides security fixes and patches without adding any new functionality. Axis device management software gives recommendations of AXIS OS on the LTS and active tracks to help you make the best decision for your upgrade according to your needs. Axis devices are typically supported for an additional five years; that is, patches are available 5 years after the product has been discontinued.
In large systems, there’s the potential for high numbers of inactive, redundant accounts, such as temporary usernames set up for one-time service purposes. These unused accounts enable entry points and pose a potential security risk. The dashboard in AXIS Device Manager Extend presents an aggregated view of all user accounts and from here, the administrator can quickly manage them, removing them if necessary.
Decommissioning
Decommissioning devices in a timely manner is crucial to maintaining cybersecurity and minimizing risks. Devices that are out of software support can pose significant threats, as they no longer receive updates and patches. To mitigate this risk, it's essential to plan for device replacement before they reach the end-of-support date.
AXIS Device Manager Extend helps you stay on top of device lifecycle management by providing warranty, product discontinuation, and end-of-support information for all devices in the system. You can also track the end-of-support date for each device's operating system, enabling you to prepare for decommissioning and replacement in advance. Plus, you can easily export inventory reports for auditing and compliance purposes.
When decommissioning an Axis device, it’s vital to remove sensitive data and perform a factory default to erase all configurations and data. While this can be done physically using the factory reset button, or the camera web interface, utilizing AXIS Device Manager provides a more efficient and streamlined process.
Mitigate risks and maintain cybersecurity throughout the device lifecycle
Ensuring cybersecurity is vital throughout the lifecycle of network devices. Axis device management software increases the speed and efficiency of configuration, management, and maintenance of devices over time. Ultimately, they enable the implementation of robust safeguards to effectively mitigate the risk of cyberthreats.