HP 635n Practical IPsec Deployment for Printing and Imaging Devices - Page 8

The Intranet Threat Model

Get HP 635n - JetDirect IPv6/IPsec Print Server PDF manuals and user guides
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals

Page 8 highlights

Figure 5 - Internet VPN Age What happens in Figure 5 is that all data communication occurring between the Remote Router and the Corporate Router is provided confidentiality, authentication, and integrity via IPsec. It is like we have been able to create a leased line under our control right through the Internet. Also, the applications that send data from the Corporate Office to the Remote Offices are not aware that security is being used; hence the applications don't have to be modified to work in such an environment. They work transparently over the Intranet and Internet. What data is protected with IPsec depends on the IPsec policy. The IPsec policy is a set of rules which govern what to do with information that comes in and out of the computer system via the network. For example, the Corporate Router in Figure 4 could have an IPsec policy with one rule that was very simple: "protect data being sent to the Remote Router with IPsec". There are a variety of different ways IPsec can protect data. For the purposes of this whitepaper, "protecting data with IPsec" means "protecting data via mutual authentication, integrity, and confidentiality". The Intranet Threat Model What do Virtual Private Networks have to do with printing and imaging? No company is placing their printers on the public Internet (if you thought spam was bad on fax machines....) so is there a point in talking about IPsec for printing & imaging? While it is true most companies don't deploy their printers on the Internet, it is not true that IPsec cannot benefit printing and imaging devices. To best explain the threats that can be present in an Intranet, let's go through an imaginary "case-study". Case Study: Design Breakthrough and Data Protection You are the CEO of a small startup company that has made a major breakthrough in graphics chip design. As you realize that you could be sitting on a gold mine, you begin to worry about the security of your data. All the relevant documents associated with the design breakthrough are kept under lock and key, extensively watermarked, and must be checked out with a security 8

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
8
Figure 5 - Internet VPN Age
What happens in Figure 5 is that all data communication occurring between the Remote Router and
the Corporate Router is provided
confidentiality
,
authentication
, and
integrity
via IPsec. It is like we
have been able to create a leased line under our control right through the Internet.
Also, the
applications that send data from the Corporate Office to the Remote Offices are not aware that
security is being used; hence the applications don’t have to be modified to work in such an
environment.
They work transparently over the Intranet and Internet.
What data is protected with IPsec depends on the IPsec policy.
The IPsec policy is a set of rules
which govern what to do with information that comes in and out of the computer system via the
network.
For example, the Corporate Router in Figure 4 could have an IPsec policy with one rule that
was very simple: “protect data being sent to the Remote Router with IPsec”.
There are a variety of
different ways IPsec can protect data. For the purposes of this whitepaper, “protecting data with
IPsec” means “protecting data via mutual authentication, integrity, and confidentiality”.
The Intranet Threat Model
What do Virtual Private Networks have to do with printing and imaging?
No company is placing
their printers on the public Internet (if you thought spam was bad on fax machines….) so is there a
point in talking about IPsec for printing & imaging?
While it is true most companies don’t deploy
their printers on the Internet, it is not true that IPsec cannot benefit printing and imaging devices.
To
best explain the threats that can be present in an Intranet, let’s go through an imaginary “case-study”.
Case Study: Design Breakthrough and Data Protection
You are the CEO of a small startup company that has made a major breakthrough in graphics chip design.
As you realize that
you could be sitting on a gold mine, you begin to worry about the security of your data.
All the relevant documents associated
with the design breakthrough are kept under lock and key, extensively watermarked, and must be checked out with a security