208
IP Sec
IP Sec (IP Security) is comprised of the IP Authentication Header and IP Encapsulating Security Payload
protocols, that secure IP communications at the network layer of the protocol stack, using both
authentication and data encryption techniques. The ability to send IP Sec encrypted data to the printer is
provided by the use of a public cryptographic key, following a network negotiating session between the
initiator (client workstation) and the responder (printer or server). To send encrypted data to the printer, the
workstation and the printer have to establish a Security Association with each other by verifying a matching
password (shared secret) to each other. If this authentication is successful, a session public key will be
built and used to send IP Sec encrypted data over the TCP/IP network to the printer.
Providing additional security during the Public Key negotiating process, Digital Certificates can
alternatively be used in place of the Shared Secret, to encrypt the Public Key information being exchanged
between communicating parties. The Digital Certificate resides on the multifunction device (managed as
stated in this Encryption section in the Configuring Scan File certificates topic) and MUST also have been
imported and stored on the computer that is encrypting data being sent to the device.
Certificates add digital signatures (individualized checksums verifying data integrity) to datagrams during
the public key negotiating process, greatly assisting in securing that data from network sniffers.
To enable IP Sec:
1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field.
Press Enter.
2. Click the Properties tab.
3. Click the symbol to the left of the Security folder.
4. Select IP Sec in the directory tree.
5. Enable the Protocol by placing a checkmark in the Enabled box.
6. Select Pre-Shared Key to use the Shared Secret (between this device and remote computers also
possessing the secret). Note that if you select Digital Signature, the Shared Secret boxes will be
grayed out and you will have to supply a Certificate stored on this device to the remote computer that
wishes to send IP Sec encrypted data to this device. Refer to the Configuring certificates with
CentreWare Internet Services topic in this Encryption section for full information.
7. Enter the Shared Secret (a password) in the Shared Secret and Verify Shared Secret boxes.
8. Select Enabled (default setting) for the Communicate with Non-IP Sec Device setting, so that
computers not set up for encryption can still communicate with this device.
9. Use the on line Help for assistance with other available settings.
10. Click Apply when done and supply the Administrator User Name and Password, if prompted. The
default is 11111 and x-admin.