See the imageRUNNER ADVANCEsystem manual for the specific device in question for additional
instructionson registering IPSec-based security policies.
Authentication and Encryption Method:
One ofthe following methods must be set for the device.
• AH (Authentication Header)
A protocolfor certifying authentication by detecting modifications to the communicated
data, including the IP header. The communicated data isnot encrypted.
• ESP (Encapsulating Security Payload)
A protocolthat provides confidentiality via encryption while certifying the integrity and
authentication ofonly the payload part of communicated data.
KeyExchange Protocol
SupportsIKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet
SecurityAssociation and Key Management Protocol). IKE includes two phases; in phase 1 the SA used
for IKE(IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) iscreated.
To setauthentication with the pre-shared key method, it is necessary to decide upon a pre-shared
keyin advance, which is a keyword (24 characters or less) used for both devicesto send and receive
data. Use the controlpanel of the device to set the same pre-shared key as the destination to perform
IPSeccommunications with, and perform authentication with the pre-shared key method.
To selectauthentication with the digital signature method, it is necessary to installa key pair file and
CA certificate file created on a PCin advance using the Remote UI, and then register the installed files
using the controlpanel of the device. Authentication is conducted with the destinations for IPSec
communication using the CA certificate.
The typesof key pair and CA certificate that can be used for authentication with the digital signature
method are indicated below.
•RSA algorithm
•X.509 certificate
•PKCS#12 format key pair
WirelessLAN
Canon imageRUNNER ADVANCEsystems support wireless networking through the installation of
an optionalWireless LAN Board. The Wireless LAN Board is IPv6 compliant and supports the latest
wirelesstraffic encryption standards, including WEP, WPA and WPA2, in addition to supportfor the
IEEE802.1Xauthentication standard.
The WirelessLAN Board and the standard network interface of imageRUNNER ADVANCE systems
cannotbe used simultaneously, eliminating the possibility of maliciously using the device asa
router or bridge to inter-connecttwo networks. Network communication functionality is automatically
disabled for the standard networkinterface when the Wireless LAN Board is enabled.
26
White Paper: Canon imageRUNNER ADVANCE Security
Section 4 – Network Security