Various Security Functions
Do you feel uneasy about the following problems?
Unattended output
Unauthorized access
Faxes sent to the wrong destination
Forgetting to erase confidential data on the machine
The machine provides various security functions for minimize the risk of information leakage and unauthorized access.
This section describes functions that are effective in certain situations.
|
Implementing security measures does not guarantee that all information will be protected.
|
|
Concerning the Information Security Standard |
Preventing Documents Leaks and Modification
| When managing confidential documents, it is necessary to handle problems such as leaks, loss, and modification. The machine is equipped with security functions designed to prevent paper and electronic documents from leakage and tampering, such as embedding invisible text in output, not starting printing until the user logs in at the device, and attaching a signature to PDF documents. Use the following functions as security measures for preventing document leaks and modification, etc. |
Forced Print of Recognition Information
You can configure the machine to always print information such as the name of the logged in user on printed or copied documents. This enables you to identify the user responsible for the output of each document.
Printing User Information on DocumentsForced Secure Watermark
You can configure the machine to always embed invisible text such as "CONFIDENTIAL" or "TOP SECRET" in the background of printed or copied documents. The embedded text becomes visible when the documents are copied, alerting users to unauthorized duplication or the risk of information leakage.
Embedding Invisible Text (Forced Secure Watermark)Forced Hold
To avoid leaving printed material, accidental information leakage, misprinting, etc., the administrator can set to store the document before printing.
Printing Documents Retained in the Machine (Forced Hold Printing)Encrypted Secure Print
By using Encrypted Secure Printing, you can send encrypted printing data to a machine from your computer. This enables you to reduce the risk of information leaks when sending printed data, and to print more safely.
Printing More Safely with Encrypted Secure PrintDigital Signature
You can increase the reliability of documents created on the machine by adding digital signatures to scanned documents. The digital signature is added using a key and certificate mechanism, which enables you to identify the device and/or user that created the document, while ensuring that the data has not been altered.
Adding a Digital Signature to Sent FilesEncrypted PDF
Setting a password when scanning an original enables PDF files to be encrypted for sending/saving. This helps reduce the risk of the files being viewed or edited by others.
Performing EncryptionPreventing Unauthorized Access to the Network
| Although Cloud services have made it easier to exchange data via the Internet, communication can still be intercepted or modified by malicious third parties due to network vulnerabilities. The machine provides various measures for increasing network security, such as only allowing communication with specific IP addresses and encrypting data for communication. Use the following functions as security measures for preventing unauthorized network access, etc. |
Firewall Settings
Unauthorized access by third parties, as well as network attacks and breaches, can be blocked by only allowing communication with devices that have a specific IP address.
Restricting Communication by Using FirewallsProxy Settings
You can provide greater security by using a proxy server for connections outside the network, such as when browsing websites.
Setting a ProxyTLS Settings
TLS is a protocol for encryption for data sent over a network and is often used for communication via a Web browser or an e-mail application. TLS enables secure network communication when accessing the machine in a variety of situations, such as when using the Remote UI or distributing device information.
Configuring the Key and Certificate for TLSIPSec Settings
While TLS only encrypts data used on a specific application, such as a Web browser or an e-mail application, IPSec encrypts the whole (or payloads of) IP packets. This enables IPSec to offer a more versatile security system than TLS.
Configuring the IPSec SettingsIEEE 802.1X Settings
If a device tries to connect and start communicating on an 802.1X network, the device must go through user authentication in order to prove that the connection is made by an authorized user. Authentication information is sent to and checked by a RADIUS server, which permits or rejects communication to the network depending on the authentication result. If authentication fails, a LAN switch (or an access point) blocks access from the outside of the network. The machine can connect to an 802.1X network as a client device.
Configuring the IEEE 802.1X Authentication SettingsPreventing Trouble Caused by Erroneous Sending
| Erroneous sending to the wrong destination or careless mistakes such as entering the wrong fax number can lead to leaks of confidential information. The machine provides various measures for increasing security when sending, such as limiting the destinations that can be sent to and forcing the fax number to be entered twice before sending. Use the following functions as security measures for preventing trouble caused by erroneous sending. |
Address Book PIN
You can set an access number for important business contacts and other destinations in the Address Book that you do not want to display to all users.
Restricting Access to Destinations Registered in the Address BookManage Address Book Access Numbers
You can prevent the leakage of sensitive or personal information from the Address Book by setting a PIN or preventing certain destinations from being displayed in the Address Book. You can also hide the Address Book itself.
Hiding the Address BookRestrict Address Book Use
Set whether to hide the Address Book and one-touch buttons. You can specify separate settings for Fax as well as Scan and Send.
Restricting Use of the Address BookLimit New Destination
The destinations that can be specified when sending faxes or scanned documents can be restricted to those registered in the Address Book or one-touch buttons, those registered in <Favorite Settings> or <Send to Myself>, or those that can be searched on the LDAP server.
Restricting New DestinationsLimit E-Mail to Send to Myself
You can set restrictions so that users who log in with personal authentication can only send scanned documents to their own e-mail address.
Restricting E-Mail Destination to <Send to Myself>Restrict File TX to Personal Folder
You can set restrictions so that users who log in with personal authentication can only send scanned documents to their Personal folder.
Restricting File Send Destination to Personal FolderRestrict Sending to Domains
You can restrict e-mail and I-fax destinations so that only addresses in a specific domain are available. When a domain is specified, you can also set whether to allow sending to subdomains.
Restricting the Domain of Send DestinationConfirm Entered Fax Number
You can require users to enter a fax number twice for confirmation before sending faxes, to prevent misdialing.
Confirming Fax Numbers before SendingAllow Fax Driver TX
You can prohibit users from sending faxes from a computer.
Restricting Fax Sending from a ComputerConfirm Before Sending When Fax Dest. Included
You can set the machine to display a confirmation screen when sending to a fax destination.
Displaying a Confirmation Screen for Fax DestinationsPreviewing Documents before Sending
You can check scanned images on the preview screen before sending.
Checking Scanned Images Before Sending (Preview)Preventing Leaks of Confidential Information during Operation of the Machine
| The machine generates value as an information asset by storing important data. Preventing confidential information from remaining on the machine after disposal is another important security measure. The machine provides various measures for increasing security of operation, such as preventing unregistered users from operating the machine, encrypting the data on the storage device, and completely erasing temporary job data when the machine is started. Use the following functions as security measures for preventing leaks of confidential information during operation of the machine. |
Verify System at Startup
The integrity of the firmware, system, and MEAP applications in the machine are verified during startup.
<System Verification Settings>McAfee Embedded Control
When the machine is operating, the McAfee Embedded Control function is used to prevent unauthorized program modification and the execution of unauthorized programs, for improved system reliability.
<System Verification Settings>Personal Authentication Management
A user name and password can be used to perform personal authentication of users. Preventing unauthorized access by third parties and setting usage restrictions can maintain a higher level of security and enable more efficient operation of the machine.
Managing UsersStorage device Data Encryption
You can prevent leakage due to removal of the storage device by automatically encrypting data on the storage device.
Managing Storage Device DataStorage Data Complete Deletion Set.
Copied or scanned image data, as well as document data that is printed from a computer, is temporarily stored on the storage device. Although the document data and image data is automatically deleted from the storage device when operations are complete, some data remains. You can further improve security by using the storage data complete deletion function to automatically delete any data that remains after operations are complete.
Removing Unnecessary Data from the Storage DeviceInitialize All Data/Settings
You can restore all of the machine settings to the factory default values. All of the data that remains on the storage device is overwritten with 0 (null) data or another value, which prevents the leakage of sensitive data when replacing or disposing of the storage device.
Initializing All Data/SettingsSecurity Policy Settings
A security policy describes company-wide rules regarding information security. With this machine, multiple settings related to a security policy can be set together.
Applying a Security Policy to the MachineAllow Use of Default Password for Remote Access
You can set the machine to not allow users to log in to the Remote UI using the default password (7654321) of the "Administrator" user for security reasons.
<Allow Use of Default Password for Remote Access>