Manualshelf

Technical information

ManualsBrandsAficio ManualsComputer equipmentMLP150DN
11121314151617181920
Network Security White Paper ver. G.1.2
Page 13 of 72
password that are disclosed only to Service Technicians is required to input firmware to the printer using
the FTP service. In addition, firmware is verified by checking the header for a digital signature before
being used. It would be extremely difficult to make fake firmware. A downgrade (ie installing old
unsigned firmware) is not allowed by rfu.
Possibility of Acting as a Server for Relaying Viruses
This is unlikely, although the FTP service permits write-access. All written data submitted via the FTP
service is treated as a print job or firmware. Any executable would be printed as binary (garbage data).
Theft of Username and Password
Interception of network packets: The FTP username and the password are sent in clear text because the
FTP protocol itself does not support encryption. In fact, a username and password are not even
necessary when logging into an FTP session.
Brute force password crack:
The RICOH network device can detect a high frequency of failed logins. If the number of login attempts
exceeds a configured threshold, the device will send an e-mail to the administrator. All failed logins will
be logged.
Theft of Print Data
Interception of network packets: Using FTP, print data is not encrypted. If intercepted by a third party it is
easily read.
Possibility of Successful DOS (Denial of Service) Attacks
The RICOH network device can detect a high frequency of logins and delay responses to the user’s
login requests. The device will also send an e-mail to the administrator. The device will create a log and
a message showing that the device is currently under attack will be displayed in Web Image Monitor.
1-3-3 Recommended Precautions
Never use FTP, always use SFTP.
1-4 SFTP (SSH2)
1-4-1 Function Overview
The SFTP (“Secure File Transfer Protocol” or “SSH File Transfer Protocol”) service provides the same
functions as FTP. SFTP uses an SSH (Secure Shell) session over TCP port 22. The SSH provides the
following feature: Data Encryption (Protects against interception or falsification).
For information about OpenSSH, please see: http://www.openssh.com/