HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 27

Require, IPsec, Protection, Transport, AES128, AES192, AES256, HMAC-SHA1, AES-XCBC, Table 2 -

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 27 highlights

Rule # 2 Action Require IPsec Protection IPsec IPsec IPsec IPsec Mode Header Confidentiality Authentication Algorithm Algorithm Transport ESP 3DES, HMAC-SHA1, AES128, AES-XCBC AES192, AES256 Table 2 - Expanded IPsec Policy IPsec Compression Algorithm None Whoa! There are a lot of new terms in Table 2 that we haven't covered. The acronyms under the various algorithm columns are enough to scare anyone. The math behind them would send this author running away for sure. But, we can explain them fairly easily at a high level. 3DES stands for Triple Data Encryption Standard. It is an algorithm that provides for confidentiality - in other words, it encrypts the data so that the only entity that can understand it is the entity in possession of the key that can decrypt the data. AES stands for Advanced Encryption Standard. It is an encryption algorithm that has been adopted by the United States Government as a replacement for DES. AES128 is using a128 bit encryption key, AES192 is using a 192 bit encryption key, and AES256 is using a 256 bit encryption key. In general, the larger the encryption key, the more "secure" AES is going to be and quite probably, the more "computationally expensive" (i.e., slower performance) it will be. 3DES has a 168 bit key, in case you were wondering. As of Summer 2008, all of these encryption protocols will keep your data safe for a long time. What is an HMAC? HMAC stands for the "keyed-Hash Message Authentication Code". It is a way of providing Authentication and Integrity to the IPsec packet. SHA-1 and AES-XCBC are algorithms that provide this protection. In fact, they use a completely separate secret key from the secret key used to provide confidentiality protection. The last algorithm column, IP Compression, is a way of reducing the amount of data that you need to transmit by compressing the data. HP printing and imaging products do not support any IP compression protocols as yet, so we aren't going to talk about it here. Finally, for discussing Encapsulating Security Payload, or ESP, and transport mode, we need to see a close up of the packet. Refer to Figure 23 - ESP. 27

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
27
Rule
#
Action
IPsec
Mode
IPsec
Header
IPsec
Confidentiality
Algorithm
IPsec
Authentication
Algorithm
IPsec
Compression
Algorithm
2
Require
IPsec
Protection
Transport
ESP
3DES,
AES128,
AES192,
AES256
HMAC-SHA1,
AES-XCBC
None
Table 2 – Expanded IPsec Policy
Whoa!
There are a lot of new terms in Table 2 that we haven’t covered.
The acronyms under the
various algorithm columns are enough to scare anyone.
The math behind them would send this
author running away for sure.
But, we can explain them fairly easily at a high level.
3DES stands for
Triple Data Encryption Standard.
It is an algorithm that provides for confidentiality – in other words,
it encrypts the data so that the only entity that can understand it is the entity in possession of the key
that can decrypt the data.
AES stands for Advanced Encryption Standard.
It is an encryption
algorithm that has been adopted by the United States Government as a replacement for DES.
AES128 is using a128 bit encryption key, AES192 is using a 192 bit encryption key, and AES256 is
using a 256 bit encryption key.
In general, the larger the encryption key, the more “secure” AES is
going to be and quite probably, the more “computationally expensive” (i.e., slower performance) it
will be. 3DES has a 168 bit key, in case you were wondering.
As of Summer 2008, all of these
encryption protocols will keep your data safe for a long time.
What is an HMAC?
HMAC stands for the “keyed-Hash Message Authentication Code”.
It is a way
of providing Authentication and Integrity to the IPsec packet.
SHA-1 and AES-XCBC are algorithms
that provide this protection.
In fact, they use a completely separate secret key from the secret key
used to provide confidentiality protection. The last algorithm column, IP Compression, is a way of
reducing the amount of data that you need to transmit by compressing the data.
HP printing and
imaging products do not support any IP compression protocols as yet, so we aren’t going to talk
about it here.
Finally, for discussing Encapsulating Security Payload, or ESP, and transport mode, we
need to see a close up of the packet. Refer to Figure 23 – ESP.