1
Practical IPsec Deployment for Printing and Imaging Devices
June 2008
Table of Contents:
Introduction
.....................................................................................................................................
2
A Parable: Confidentiality, Authentication, and Integrity
.......................................................................
2
IPsec and Virtual Private Networks
.....................................................................................................
5
The Intranet Threat Model
.................................................................................................................
8
Too Easy: The Repeater
..................................................................................................................
10
Too Easy: The Flood
.......................................................................................................................
13
Too Easy: The Mirror Port
...............................................................................................................
16
Too Easy: MITM Active Sniffing
.......................................................................................................
17
Too Easy: MITM Data Injection
........................................................................................................
22
IPsec Basics
...................................................................................................................................
23
IPsec Basics: IPsec Policy – Packet Matching
.....................................................................................
25
IPsec Basics: IPsec Policy – Action-on-Match
......................................................................................
26
IPsec Basics: Internet Key Exchange and the SADB
............................................................................
29
IKE Authentication: Pre-shared Key
...................................................................................................
35
IKE Phase 2/Quick Mode
...............................................................................................................
36
IKE in Action
.................................................................................................................................
39
IPsec Basics: Receiving an IPsec Protected Packet
...............................................................................
44
IPsec Guidelines for Printing and Imaging Devices
.............................................................................
46
HP Jetdirect IPsec Configuration Wizard: Pre-Shared Key Authentication
..............................................
51
Microsoft IPsec Configuration Wizard for Pre-Shared Key
...................................................................
68
Microsoft Vista/Server 2008: IPsec Configuration via Netsh
...............................................................
89
Microsoft Vista/Server 2008: IPsec Configuration via Advanced Firewall
.............................................
91
Public Key Infrastructure and Public Key Certificate Basics
................................................................
100
HP Jetdirect and Public Key Certificates
..........................................................................................
107
IKE Authentication: Public Key Certificates
......................................................................................
107
The Microsoft Certificate Authority Environment
...............................................................................
107
Creating a Certificate Template
.....................................................................................................
108
Retrieving and Installing a CA Certificate
........................................................................................
113
Creating a Jetdirect CSR and Installing the Certificate
......................................................................
117
HP Jetdirect IPsec Configuration Wizard: Certificate Authentication
...................................................
122
Microsoft Windows: Certificate Authentication
................................................................................
125
Kerberos, Active Directory, and Jetdirect
.........................................................................................
130
Kerberos Basics
...........................................................................................................................
131
whitepaper