Brother International ADS-3000N Network Users Guide - Page 80
Perfect Forward Secrecy PFS, Remote Router IP-Address
View all Brother International ADS-3000N manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 80 highlights
Security Features NOTE • ESP is a protocol for carrying out encrypted communication using IPsec. ESP encrypts the payload (communicated contents) and adds additional information. The IP packet consists of the header and the encrypted payload, which follows the header. In addition to the encrypted data, the IP packet also includes information regarding the encryption method and encryption key, the authentication data, and so on. • AH (Authentication Header) is part of the IPsec protocol that authenticates the sender and prevents manipulation of the data (ensures the completeness of the data). In the IP packet, the data is inserted immediately after the header. In addition, the packets include hash values, which are calculated using an equation from the communicated contents, secret key, and so on, to prevent the falsification of the sender and manipulation of the data. Unlike ESP, the communicated contents are not encrypted, and the data is sent and received as plain text. Encryption Select DES, 3DES, AES-CBC 128, or AES-CBC 256. The encryption can be selected only when ESP is 6 selected in Protocol. Hash Select None, MD5, SHA1, SHA256, SHA384, or SHA512. None can be selected only when ESP is selected in Protocol. When AH+ESP is selected in Protocol, select each protocol for Hash(AH) and Hash(ESP). SA Lifetime Specify the IPsec SA lifetime. Type the time (seconds) and number of kilobytes (KByte). Encapsulation Mode Select Transport or Tunnel. Remote Router IP-Address Specify the IP address (IPv4 or IPv6) of the remote router. Enter this information only when the Tunnel mode is selected. NOTE SA (Security Association) is an encrypted communication method using IPsec or IPv6 that exchanges and shares information, such as the encryption method and encryption key, to establish a secure communication channel before communication begins. SA may also refer to an already established virtual encrypted communication channel. The SA used for IPsec establishes the encryption method, exchanges the keys, and carries out mutual authentication according to the IKE (Internet Key Exchange) standard procedure. In addition, the SA is updated periodically. Perfect Forward Secrecy (PFS) PFS does not derive keys from the previous keys that were used to encrypt messages. In addition, if a key that is used to encrypt a message was derived from a parent key, that parent key is not used to derive other keys. Therefore, even if a key is compromised, the damage is limited only to the messages that were encrypted using that key. Select Enabled or Disabled. 76