beautypg.com

Xerox WorkCentre 6400 User Manual

Page 68

background image

Security

WorkCentre 6400 Multifunction Printer
System Administrator Guide

68

Note:

DH is a public-key cryptography scheme that allows two parties to establish a shared secret

over an insecure communications channel. It is also used within IKE to establish session keys.

2.

Select the DH Group. Options are:

Group 2: Provides a 1024-bit Modular Exponential (MODP) keying strength.

Group 14: Provides a 2048-bit MODP keying strength.

3.

Select one or more of the following Hash - Encryption algorithms:

SHA1 - Advanced Encryption Standard (AES)

SHA1 - Triple Data Encryption Standard (3DES)

MD5 - AES

MD5 - 3DES

Notes:

3DES is a variation on DES that uses a168-bit key. 3DES is more secure than DES.

AES is more secure than 3DES.

4.

Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.

Note:

Transport mode only encrypts the IP payload whereas Tunnel mode encrypts the IP header

and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an
Authentication Header (AH), or Encapsulating Security Payload (ESP).

5.

If you select Tunnel Mode, under Enable Security End Point Address, select the address type.
Options are Disabled, IPv4 Address, or IPv6 Address.

6.

Under IPsec Security, select ESP, AH, or BOTH.

7.

Type the Key Lifetime, and select the units; Seconds, Minutes, or Hours.

8.

Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.

Note:

PFS is disabled by default. PFS allows faster IPSec setup, but is not very secure.

9.

Under Hash, select from the following:

SHA1

MD5

None

10. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following

Encryption types:

Note:

Encryption will not display if IPsec Security is set to AH.

AES

3DES

Null

11. Click Save.

Editing or Deleting an Action

To edit or delete an action, select the action from the list, then click Edit or Delete.