Xerox 7775 Manuale Utente

Security

WorkCentre 7755/7765/7775 Multifunction Printer
System Administrator Guide

68

Note:

DH is a public-key cryptography scheme that allows two parties to establish a shared secret 

over an insecure communications channel. It is also used within IKE to establish session keys.

2.

Select the DH Group. Options are:
•

Group 2: Provides a 1024-bit Modular Exponential (MODP) keying strength.

•

Group 14: Provides a 2048-bit MODP keying strength.

3.

Select one or more of the following Hash - Encryption algorithms:
•

SHA1 - Advanced Encryption Standard (AES)

•

SHA1 - Triple Data Encryption Standard (3DES)

•

MD5  -  AES

•

MD5  -  3DES

Notes:

•

3DES is a variation on DES that uses a168-bit key. 3DES is more secure than DES.

•

AES is more secure than 3DES.

4.

Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.

Note:

Transport mode only encrypts the IP payload whereas Tunnel mode encrypts the IP header 

and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an 
Authentication Header (AH), or Encapsulating Security Payload (ESP).

5.

If you select Tunnel Mode, under Enable Security End Point Address, select the address type. 
Options are Disabled, IPv4 Address, or IPv6 Address.

6.

Under IPsec Security, select ESP, AH, or BOTH.

7.

Type the Key Lifetime, and select the units; Seconds, Minutes, or Hours.

8.

Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.

Note:

PFS is disabled by default. PFS allows faster IPSec setup, but is not very secure.

9.

Under Hash, select from the following:
•

SHA1

•

MD5

•

None

10. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following 

Encryption types:

Note:

Encryption will not display if IPsec Security is set to AH.

•

AES

•

3DES

•

Null

11. Click Save.

To edit or delete an action, select the action from the list, then click Edit or Delete.