Specifications

ManualsBrandsCannon ManualsComputer equipmentimageRunner 3025

INTENT OF THIS DOCUMENT:

Canon recognizes the importance of information security and the challenges that your

organization faces. This white paper provides information security facts for Canon imageRUNNER/

imagePRESS series devices. It provides details on Canon’s security position for networked and

stand-alone environments, as well as an overview of Canon’s device architecture, framework and

product technologies as related to document and information security.

This white paper is primarily intended for administrative personnel responsible for the

configuration and maintenance of Canon MFP devices. The information in this document, in

conjunction with other best practices, may be used as guidance to help improve your organizations

overall security. Some security settings may affect device functionality or performance. You may

want to test these settings before deploying them in your environment to ensure you understand

their effects.

Canon does not warrant that use of the information contained within this document will prevent

malicious attacks, or prevent misuse of your imageRUNNER and imagePRESS devices.

White Paper: Canon imageRUNNER/imagePRESS Security

Summary of content (31 pages)

PAGE 1
White Paper: Canon imageRUNNER/imagePRESS Security INTENT OF THIS DOCUMENT: Canon recognizes the importance of information security and the challenges that your organization faces. This white paper provides information security facts for Canon imageRUNNER/ imagePRESS series devices.
PAGE 2
Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1 Security Market Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.2 Imaging & Printing Security Overview . . . . . . . . . . . . . . . . . 4 2. Canon imagePlatform Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1 Device Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Network Security . . . . . . . . . . . .
PAGE 3
Section 1 — Introduction “If you look at these machines as just copiers or printers, you first wonder if you really need security. Then you realize conventional office equipment now incorporates significant technology advances and capabilities that make all documents an integrated part of a corporate network that also involves the Intranet and Internet.
PAGE 4
Section 1 — Introduction 1.1 — Security Market Overview In today’s digital world, risks to networks and devices come in more forms and from more directions than ever before. From identity theft and intellectual property loss to infection by viruses and trojan horses, IT administrators today find themselves playing an additional role of security officer to adequately protect information and assets from threats from the outside as well as within.
PAGE 5
Section 2 — Canon’s Imaging & Printing Security Framework Canon recognizes the vital need to help prevent data loss, protect against unwanted device use, and mitigate the risk of information being compromised. As a result, all imageRUNNER/imagePRESS devices include many standard security features to help safeguard information. Canon imageRUNNER security capabilities fall into three key areas: • Device Security • Network Security • Security Monotoring/Management Tools 2.
PAGE 6
Section 2 — Canon’s Imaging & Printing Security Framework Simple Device Login (SDL) Simple Device Login is a MEAP login service that can be used stand-alone with the device. User data is registered in the device’s memory using a web browser.
PAGE 7
Section 2 — Canon’s Imaging & Printing Security Framework Advanced Access Control* Canon imageRUNNER/imagePRESS devices support a number of advanced access control options to help you manage their use and restrict unauthorized users. These options provide a range of features to help manage Authentication, Authorization, and Auditing. Authentication options include support for proximity cards, PIN codes as well as smart cards.
PAGE 8
Section 2 — Canon’s Imaging & Printing Security Framework Mail Box Password Protection Each imageRUNNER/imagePRESS product ships standard with support for up to 100 Mail Boxes for storage of scanned and printed data. Mail Box security is provided by the ability to designate a unique passwords for access.
PAGE 9
Section 2 — Canon’s Imaging & Printing Security Framework 2.2 – Network Security Network and Print Security (Canon Network Printer Kit Only) Canon imageRUNNER/imagePRESS devices include a number of highly configurable network security features that assist in securing information when the optional Network Print Kit is installed.
PAGE 10
Section 2 — Canon’s Imaging & Printing Security Framework IP Address Range Settings Using the RX/Print Settings function, the System Manager can limit network access to the device to specific IP addresses or ranges for printing. Up to eight individual or consecutive address settings can be specified. Subsequently, the System Manager can also choose to permit a range of addresses, but reject specific addresses within that range.
PAGE 11
Section 2 — Canon’s Imaging & Printing Security Framework Authentication and Encryption Method: At least one of the following methods must be set for the device. You cannot set both methods at the same time. • AH (Authentication Header) A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.
PAGE 12
Section 2 — Canon’s Imaging & Printing Security Framework IEEE 802.1X The latest imageRUNNER/imagePRESS devices support IEEE 802.1x, which is a standard protocol for port-based Network Access Control and it provides authentication to devices attached to a LAN port. It establishes a point-to-point connection or prevents access from that port if authentication fails.
PAGE 13
Section 2 — Canon’s Imaging & Printing Security Framework Print Job Accounting A standard feature in Canon’s printer drivers, print job accounting requires users to enter an administrator-defined password prior to printing, thereby restricting device access to those authorized to print. Print Job Accounting Screen Mail Box Printing Another secure document delivery feature, Mail Box printing allows users to send a job to their individual Mail Box.
PAGE 14
Section 2 — Canon’s Imaging & Printing Security Framework Universal Send Security For Universal Send enabled devices, information found in the Send screen may be considered confidential and sensitive to certain users. For these devices, there are additional security features to prevent confidential information from being released.
PAGE 15
Section 2 — Canon’s Imaging & Printing Security Framework Access Code for Address Book End-users will also have the capacity to place an access number code on addresses in the Address Book. When registering an address in the Additional Functions section, users can then enter an Access Number to restrict the display of that address in the book. This function limits the display and use of an address in the Address Book to those users who have the correct code.
PAGE 16
Section 2 — Canon’s Imaging & Printing Security Framework USB Block USB Block allows the System Administrator to help protect the imageRUNNER/imagePRESS device against unauthorized access through the built-in USB interface. Access to the imageRUNNER/imagePRESS through the USB interface for desktop access and the device’s host mode for other USB devices can each be permitted or disabled. Go to Additional Functions System settings USB Settings Use USB Device On/Off or Use USB Host On/Off.
PAGE 17
Section 2 — Canon’s Imaging & Printing Security Framework Fax Security* Canon imageRUNNER devices that support Super G3 fax capabilities with the optional Super G3 Fax Board installed can be connected to the Public Switched Telephone Network for sending and receiving of fax data.
PAGE 18
Section 2 — Canon’s Imaging & Printing Security Framework 2.3 – Security Monitoring/Management Tools Canon provides a number of tools to help organizations enforce their internal company policies and meet regulatory requirements.
PAGE 19
Section 2 — Canon’s Imaging & Printing Security Framework Access Management System Kit* The Access Management System Kit can be used to tightly control access to device functionality. Restrictions can be assigned to users and groups, to restrict entire functions or restrict specific features within a function. Access restrictions are managed in units called “roles”. Roles contain information that determines which of the various functions of the device may be used or not.
PAGE 20
Section 2 — Canon’s Imaging & Printing Security Framework The following functions and features can be restricted: Device Function Values Description Print Allowed, Not Allowed Allows or prohibits using applications related to the Print function. Copy Allowed, Not Allowed Allows or prohibits using applications related to the Copy function. Send Allowed, Not Allowed Allows or prohibits using applications related to the Send function. (Including the Fax function).
PAGE 21
Section 3 — Advanced Security Features In addition to the wide variety of device and network security features that are standard on imagePlatform-based devices, Canon offers advanced security options to assist companies in meeting their internal privacy goals and address strict regulation guidelines. Developed in accordance with extended security requirements of key customers and U.S.
PAGE 22
Section 3 — Advanced Security Features The following are supported methods of hard drive data erase. Configuration of this setting is made in service mode, by an Authorized Canon Service Technician.
PAGE 23
Section 3 — Advanced Security Features c. Staple Sort When a user programs a job to be sorted into stapled sets, the page data will be overwritten page-by-page after all of the stapled sets finish printing. d. Remote/Cascade Copy When a user programs a remote or cascade copy job, depending on the settings chosen, page data will either immediately be overwritten page-by-page or the page data will be overwritten page-by-page after the entire job has finished. 2. Mail Box Print a.
PAGE 24
Section 3 — Advanced Security Features 3. Send/Scan Job a. Send/Scan data When a user sends or scans a job to another destination, all page data will be deleted or overwritten immediately after the entire job has been sent. b. Fax/I-Fax Data When the “Fax Activity Report” function is set to ‘On’, the data will be overwritten immediately after the device receives confirmation of a successful transmission. If the failed transmission occurs, the data will remain while the device retries.
PAGE 25
Section 3 — Advanced Security Features 3.2 – Other Advanced Security Features Standard HDD Format* Best practices, and often company policies, usually recommend that systems be completely wiped prior to being redeployed or at the end of its usable life. The Hard Disk Drive Format feature, which is standard with all imageRUNNER/imagePRESS devices, completely overwrites all data stored on the hard disk with null data.
PAGE 26
Section 4 — Security Solutions in non-imagePlatform Devices Restricting Device Setup Screens (displayed on the LCD panel User Interface) A standard feature, imageRUNNER device setup screens can be password protected, thereby ensuring that administrative device settings are not changed without appropriate authority. When a device administrator uses the System Settings menu, they can set network information, system configuration and enable and disable network and printing protocols among many other options.
PAGE 27
Section 5 — Canon Solutions and Regulatory Requirements 5.1 – Common Criteria Beginning on July 1, 2002, the Department of Defense required a broad group of commercial hardware/software suppliers to have their products evaluated using a standard known as Common Criteria to determine its fitness for the department’s use. Following the development of the Common Criteria, the National Institute of Standards and Technology and the National Security Agency, in cooperation and collaboration with the U.S.
PAGE 28
Section 6 — Conclusion Since initially introduced, the highly successful Canon imageRUNNER/imagePRESS series of devices have rapidly grown in both the breadth and depth of features and functions. With each release, these devices have become increasingly integrated within the IT and network infrastructure.
PAGE 29
Section 7 — Addendum 7.1 – Canon Security Recommendations Quick Reference The following actions are recommended by Canon as appropriate first steps in securing the Canon imageRUNNER or imagePRESS device for most environments. While these suggestions assist in enhancing device security, internal company security policies should ultimately dictate which security measures are appropriate for implementation within a specific environment. 1. 2. 3. 4. 5. 6. 7. 8.
PAGE 30
7.
PAGE 31
The information provided in this document is the most current information available at the time of its creation. Canon hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this document.