Technical information
Network Security White Paper ver. G.1.2
Page 22 of 72
1-10-3 Recommended Precaution
As stated above, there are not many threats that apply to the LPD port. However, if a strict security
policy is to be maintained, the LPD service can be disabled and the port for this service can be
completely closed using Web Image Monitor or the mshell.
NOTE: The best way to reduce the possibility of print data being intercepted is to use IPP over HTTPS
or SFTP instead of LPR as the printing protocol.
1-11IPP
1-11-1 Function Overview
The IPP (Internet Printing Protocol) service is used for Internet printing from IPP clients. This service is
compliant with RFC 2565 and uses TCP port 631.
The following functions are provided by the IPP service.
• Submission of jobs by an IPP client.
• Job status returned to IPP client.
The IPP service can have up to 10 password protected user accounts for the IPP service. Both “BASIC”
and “DIGEST” authentication are supported. “BASIC” authentication sends the username and password
in clear text. “DIGEST” authentication is more secure with the username and password hashed.
Both authentication methods are selectable in Web Image Monitor and mshell.
IPP authentication can also be disabled. In this case, usernames and passwords are not authenticated
(The default setting is “disabled”.).
1-11-2 Potential Threats and Recommended Precautions
Possibility of Acting as a Server for Relaying Viruses
The IPP service treats all received data as print jobs. If someone sends an executable file via the
embedded IPP service, the product prints the file as garbage data.
Theft of Username and Password
Interception of network packets: When the client negotiates the connection with the MFP, the MFP can
specify whether the connection uses digest-MD5 hashing for the username and password.
Theft of Print Data
Interception of network packets: Using IPP, print data is sent as clear text, if intercepted by a third party it
is easily read.