Technical information
Network Security White Paper ver. G.1.2
Page 15 of 72
1-5 HTTP
1-5-1 Function Overview
The HTTP (Hypertext Transfer Protocol) service provides web services. This service is compliant with
RFC 1945.
TCP port 80 is used for the HTTP service.
The following functions are provided by the HTTP server service.
• Web Image Monitor
• Document server access via DeskTopBinder.
• Retrieving counter/user information using User Management Tool in SmartDeviceMonitor for
Admin/Client
• Access to the products’ address book using Address Management Tool in
SmartDeviceMonitor for Admin.
• Submission of a job by an IPP client.
• Providing job status to an IPP client.
NOTE: When logging into Web Image Monitor in Administrator mode, the user must enter the username
and password. It is the same as the username and password used for the mshell.
1-5-2 Destruction, Corruption and Modification of the File System
Unlikely, executable files cannot be run on the products’ web server.
1-5-3 Possibility of Acting as a Server for Relaying Viruses
Unlikely, without access to the file system this would be impossible.
1-5-4 Theft of Username and Password
Interception of network packets: When accessing Web Image Monitor, the password is BASE64
encoded. The password is not sent in clear text, but it is not particularly difficult to decode. Therefore, if
the password is intercepted and decoded, the possibility of unauthorized access and changing of device
settings does exist.
1-5-5 Theft of Print Data
Interception of network packets: Using IPP, print data is sent as clear text, but if intercepted by a third
party it is easily read.