Technical information
Network Security White Paper ver. G.1.2
Page 26 of 72
1-15-2 Potential Threats and Recommended Precautions
Theft of Username and Password
The SIP protocol has an authentication function. However, the products do not support authentication
using the SIP protocol. Therefore, the username and password are not included with data sent over this
protocol.
Theft of Facsimile Data
Interception of network packets: Using IP-Fax, facsimile data is formatted for an ISDN connection and is
not encrypted. If intercepted by a third party, it can be read.
1-15-3 Recommended Precaution
If a strict security policy is to be maintained, the TCP/UDP ports for H323hostcall (1720) and for SIP
(5060) can be changed or closed. However, these services cannot be stopped.
1-16 SSDP
1-16-1 Function Overview
SSDP (Simple Service Discovery Protocol) is used for both advertising services and searching for
services on UPnP network. SSDP uses UDP port 1900. If UPnP is not being used, this port can be
closed.
1-16-2 Potential Threats and Recommended Precautions
Possibility of Unauthorized Parties Intercepting Device Information
The products use SSDP to advertise services and search for services. If this is a concern, the SSDP
service should be disabled using Web Image Monitor or the mshell.
1-16-3 Recommended Precaution
If a strict security policy is to be maintained, the SSDP service can be disabled and the port for this
service can be completely closed using Web Image Monitor or the mshell.