Lexmark MX931 Security White Paper - Page 23

IPsec

Get Lexmark MX931 PDF manuals and user guides View all Lexmark MX931 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 23 highlights

Secure Network Interfaces 23 • EAP-TTLS with the following authentication methods: - CHAP - MSCHAP - MSCHAPv2 - PAP Lexmark devices support all these protocols and can be configured to include or exclude each protocol in the 802.1X protocol negotiation. IPsec Overview IPsec is supported on Lexmark devices. This network protocol is an extremely important mechanism because it allows the device to establish a secure connection to other network nodes, such as print servers and management workstations. IPsec is available in conventional operating systems, such as Windows and Linux. By applying IPsec between the device and a workstation or server, the traffic between these systems can be secured with strong encryption. Benefits • Authorized systems can see and manage devices through SNMPv3, while shutting out unauthorized systems. • The information is protected from being detected while on the network, or more accurately, the detected data is useless because it is encrypted when SNMPv3 packets are encrypted. • Remote configuration by a web session, Telnet, SNMP or any other IP-based means can be secured. Because mechanisms such as HTTPS and SNMPv3 can provide their own security, this provides a redundant level of security. Alternately, IPsec can be configured to be the only security mechanism, simplifying the security setup. • All traffic between the Lexmark device management application, Markvision Enterprise, and MFPs can be protected. In short, IPsec can be used to protect virtually any form of IP-based network traffic between the Lexmark device and a set of hosts, no matter what operation is performed by that traffic. Details IPsec safely sends information to your solutions-capable printers and MFPs by securing all network traffic to and from Lexmark devices with encryption and authentication. You can also protect the contents of jobs that are scanned to any destination, including servers running Lexmark Document Distributor, e-mail, and network storage. Lexmark devices support IPsec with preshared keys and certificates. IPsec can be used in preshared key mode and certificate mode, simultaneously. In preshared key mode, printers and MFPs can be configured to establish a secure IPsec connection with up to seven other systems. Lexmark devices can store and apply two types of certificates for use with IPsec - Device and CA Certificates. This certificate can be generated from scratch, and both the PEM and DER formats are supported.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
EAP-TTLS with the following authentication methods:
CHAP
MSCHAP
MSCHAPv2
PAP
Lexmark devices support all these protocols and can be configured to include or exclude each protocol in the
802.1X protocol negotiation.
IPsec
Overview
IPsec is supported on Lexmark devices. This network protocol is an extremely important mechanism because
it allows the device to establish a secure connection to other network nodes, such as print servers and
management workstations. IPsec is available in conventional operating systems, such as Windows and Linux.
By applying IPsec between the device and a workstation or server, the traffic between these systems can be
secured with strong encryption.
Benefits
Authorized systems can see and manage devices through SNMPv3, while shutting out unauthorized
systems.
The information is protected from being detected while on the network, or more accurately, the detected
data is useless because it is encrypted when SNMPv3 packets are encrypted.
Remote configuration by a web session, Telnet, SNMP or any other IP-based means can be secured. Because
mechanisms such as HTTPS and SNMPv3 can provide their own security, this provides a redundant level
of security. Alternately, IPsec can be configured to be the only security mechanism, simplifying the security
setup.
All traffic between the Lexmark device management application, Markvision Enterprise, and MFPs can be
protected.
In short, IPsec can be used to protect virtually any form of IP-based network traffic between the Lexmark device
and a set of hosts, no matter what operation is performed by that traffic.
Details
IPsec safely sends information to your solutions-capable printers and MFPs by securing all network traffic to
and from Lexmark devices with encryption and authentication. You can also protect the contents of jobs that
are scanned to any destination, including servers running Lexmark Document Distributor, e-mail, and network
storage.
Lexmark devices support IPsec with preshared keys and certificates. IPsec can be used in preshared key mode
and certificate mode, simultaneously. In preshared key mode, printers and MFPs can be configured to establish
a secure IPsec connection with up to seven other systems. Lexmark devices can store and apply two types
of certificates for use with IPsec – Device and CA Certificates. This certificate can be generated from scratch,
and both the PEM and DER formats are supported.
Secure Network Interfaces
23