Technical information

Network Security White Paper ver. G.1.2

Page 24 of 72

1-12-3 Recommended Precautions

If a strict security policy is needed, the DIPRINT port can be changed or closed using Web Image

Monitor or the mshell.

NOTE: To reduce the possibility of print data being intercepted, please use HTTPS instead of DIPRINT

to submit jobs.

1-13SMB

1-13-1 Function Overview

The SMB service uses NBT (NetBIOS over TCP/IP) as its base layer.

The NBT service provides the NetBIOS service over TCP/IP instead of NetBEUI. Using this service, a

remote host can access network services of the products by the NetBIOS name (Computer Name)

instead of IP address. This service uses 3 ports, UDP port 137 for NetBIOS-NS (NetBIOS Name

Service), UDP port 138 for NetBIOS-DGM (NetBIOS Datagram Service) and TCP port 139 for

NetBIOS-SSN (NetBIOS Session Service). SMB (Server Message Block) over TCP/IP provides the

following services:

• Browsing print servers from SMB clients

• Installing Point and Print drivers to clients

• Printing jobs from SMB clients

• Sending job queue information to SMB clients

• Sending notifications of job completion to SMB clients

1-13-2 Potential Threats and Recommended Precautions

Possibility of Successful DOS (Denial of Service) Attacks

The RICOH network device can detect a high frequency of logins and delay responses to the user’s

a message showing that the device is currently under attack will be displayed in Web Image Monitor.

Theft of Username and Password

Interception of network packets: The SMB protocol has authentication but a guest account can be

configured. Some print data may contain authentication information. The password can be encrypted by

enabling the printer driver’s encryption function before sending data to the MFP. Please refer to the user

manual and driver help for more information about this function.

Theft of Print Data

Interception of network packets: Using SMB, print data is sent as clear text, if intercepted by a third party

it is easily read.