Canon Paper Shredder Key Exchange Protocol, Wireless LAN, Authentication and Encryption Method

Page 26

Section 4 – Network Security

See the imageRUNNER ADVANCE system manual for the specific device in question for additional instructions on registering IPSec-based security policies.

Authentication and Encryption Method:

One of the following methods must be set for the device.

AH (Authentication Header)

A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.

ESP (Encapsulating Security Payload)

A protocol that provides confidentiality via encryption while certifying the integrity and authentication of only the payload part of communicated data.

Key Exchange Protocol

Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA used for IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.

To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared key in advance, which is a keyword (24 characters or less) used for both devices to send and receive data. Use the control panel of the device to set the same pre-shared key as the destination to perform IPSec communications with, and perform authentication with the pre-shared key method.

To select authentication with the digital signature method, it is necessary to install a key pair file and CA certificate file created on a PC in advance using the Remote UI, and then register the installed files using the control panel of the device. Authentication is conducted with the destinations for IPSec communication using the CA certificate.

The types of key pair and CA certificate that can be used for authentication with the digital signature method are indicated below.

RSA algorithm

X.509 certificate

PKCS#12 format key pair

Wireless LAN

Canon imageRUNNER ADVANCE systems support wireless networking through the installation of an optional Wireless LAN Board. The Wireless LAN Board is IPv6 compliant and supports the latest wireless traffic encryption standards, including WEP, WPA and WPA2, in addition to support for the IEEE802.1X authentication standard.

The Wireless LAN Board and the standard network interface of imageRUNNER ADVANCE systems cannot be used simultaneously, eliminating the possibility of maliciously using the device as a router or bridge to inter-connect two networks. Network communication functionality is automatically disabled for the standard network interface when the Wireless LAN Board is enabled.

26

White Paper: Canon imageRUNNER ADVANCE Security

 

 

Page 25 Page 27
Image 26
Page 25 Page 27
Contents White Paper Canon imageRUNNER Advance Security Table of Contents Introduction Key Security Concentration Areas Security Market OverviewImaging & Printing Security Overview Device Security AuthenticationDevice-Based Authentication ImageRUNNER Advance Controller SecurityAdvanced Authentication-Proximity Card Card-Based AuthenticationUniFLOW Card Authentication Authorized Send for CAC/PIVAccess Management System Access ControlPassword-Protected System Settings Privileges by Access Level Scan and Send Security Function Level AuthenticationAddress Book Password Access Code for Address Book Destination Restriction FunctionUSB Block Print Driver Security FeaturesThird Party Meap Application and Development Print Job AccountingSecure Printing Information SecurityDocument Security Secured Print / Encrypted Secured PrintAdvanced Box Security Document Storage Space ProtectionMail Box Security Other Document Security Capabilities Watermark / Secure WatermarkCopy Set Numbering HDD and RAM Data Protection Data SecurityData at Rest Standard HDD Format HDD Data Encryption KitHDD Data Erase Kit Timing of OverwriteInformation Security Job Log Conceal Function Performance Impact Using the HDD Data Erase KitRemovable HDD Kit Encrypted Secured Print Data in TransitEssentials Workflow Composer Super G3 Fax Board and Multi Line Fax Board Other Fax FeaturesFax Security Fax Destination Confirmation Fax Storage Space Advanced Box Fax Forwarding & Fax Received Notification Fax Mail Box and Advanced Box Fax SecurityEnabling/Disabling Protocols/Applications Network SecurityNetwork and Print Security Canon Network Printer Kit Only SSL Encryption Media Access Control MAC FilteringIP Address Filtering IPv6 SupportKey Exchange Protocol Wireless LANAuthentication and Encryption Method Scan and Send Virus Concerns for E-mail Reception IeeeSnmp Community String Mail Server Security Smtp AuthenticationPOP Authentication Before Smtp Security Monitoring & Management Tools Restricting Device Setup ScreensAccess Management System ImageWARE Enterprise Management ConsoleLogging & Auditing Document Scan Lock & TraceImageWARE Secure Audit Manager Canon imageWARE Accounting ManagerCanon imageRUNNER Advance Tracker Common Criteria Certification Canon Solutions & Regulatory RequirementsCommon Criteria Authorized Send for CAC/PIV Conclusion Addendum Canon Security Recommendations Quick ReferenceCanon imageRUNNER Advance HDD Security FunctionsCanon U.S.A., Inc One Canon Plaza Lake Success, NY
Top Page Image Contents