HP CM8000 Practical IPsec Deployment for Printing and Imaging Devices - Page 23

header. This attack is called Data Injection. Jane can accomplish this addition because TCP/IP has limited integrity checking - simple checksums. Because Jane is acting as a MITM, she can receive a packet and add data to it, then send it back out. The beauty of this approach is that the TCP/IP stack takes care of the new checksum automatically! The integrity of the packet was compromised, but in a hard to detect way. Jane automatically receives the secret document via email even though the MFP operator didn't send it to Jane's email address originally. If the email logs are viewed, it would appear that the person using Scan to Email on the MFP entered Jane's email address. IPsec Basics We've seen how our attacker Jane was able to access our MFP documents by taking advantage of the lack of confidentiality, mutual authentication, and integrity as well as some network infrastructure capabilities. We also know that these are general vulnerabilities and that any service on a TCP/IP network is subject to these attacks. What can we do to stop these attacks? One way is to deploy IPsec. What exactly is IPsec? Well, IPsec is a protocol suite that provides cryptographic protection to IP. The IPsec policy is a set of rules that determine which IP packets are provided this protection. Let's look at Figure 21 - Printing without an IPsec Policy. In this figure, we see a normal print job being sent to the printer. We also know that this data can be captured and manipulated by Jane in a in a variety of ways. Figure 21 - Printing without an IPsec Policy Now we want to deploy IPsec and see how IPsec works for printing. Let's look at the print data that is being transmitted by the computer first. Refer to Figure 22 - Printing with an IPsec Policy. 23