Security
WorkCentre 7755/7765/7775 Multifunction Printer
System Administrator Guide
68
Note: DH is a public-key cryptography scheme that allows two parties to establish a shared secret
over an insecure communications channel. It is also used within IKE to establish session keys.
2. Select the DH Group. Options are:
• Group 2: Provides a 1024-bit Modular Exponential (MODP) keying strength.
• Group 14: Provides a 2048-bit MODP keying strength.
3. Select one or more of the following Hash - Encryption algorithms:
• SHA1 - Advanced Encryption Standard (AES)
• SHA1 - Triple Data Encryption Standard (3DES)
•MD5 - AES
•MD5 - 3DES
Notes:
• 3DES is a variation on DES that uses a168-bit key. 3DES is more secure than DES.
• AES is more secure than 3DES.
4. Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.
Note: Transport mode only encrypts the IP payload whereas Tunnel mode encrypts the IP header
and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an
Authentication Header (AH), or Encapsulating Security Payload (ESP).
5. If you select Tunnel Mode, under Enable Security End Point Address, select the address type.
Options are Disabled, IPv4 Address, or IPv6 Address.
6. Under IPsec Security, select ESP, AH, or BOTH.
7. Type the Key Lifetime, and select the units; Seconds, Minutes, or Hours.
8. Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.
Note: PFS is disabled by default. PFS allows faster IPSec setup, but is not very secure.
9. Under Hash, select from the following:
•SHA1
•MD5
•None
10. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following
Encryption types:
Note: Encryption will not display if
IPsec Security is set to AH.
•AES
•3DES
•Null
11. Click Save.
Editing or Deleting an Action
To edit or delete an action, select the action from the list, then click Edit or Delete.