Security Policy Setting Items

The setting items related to the security policy of the machine are described below. Select the check boxes for the items that you want to apply on the setting screen.

[Interface]

[Wireless Connection Policy]
Prevent unauthorized access by prohibiting wireless connections.
[Prohibit Use of Direct Connection]
<Use Direct Connection> and <Keep Enabled If SSID/Net. Key Specified> are set to <Off>. It is not possible to access the machine from mobile devices.
[Prohibit Use of Wireless LAN]
If <Select Interface> is set to <Wireless LAN> or <Wired LAN + Wireless LAN>, it changes to <Wired LAN>. Wireless connections can no longer be made via a wireless LAN router or access point.
 
[USB Policy]

Prevent unauthorized access and data breaches by prohibiting USB connection.
[Prohibit use as USB device]
<Use as USB Device> is set to <Off>. It is not possible to connect to a computer via USB.
[Prohibit use as USB storage device]
<Use USB Storage Device> is set to <Off>. It is not possible to use USB storage devices.

[Network]

[Communication Operational Policy]
Increase the security of communications by requiring the verification of signatures and certificates.
Always verify signatures for SMB/WebDAV server functions]
There are no setting items that the security policy is applied to for the machine.
-
[Always verify server certificate when using TLS]
The following settings are set to <On>, and a check mark is added to <CN>.
<Confirm TLS Certificate for POP RX>
<Confirm TLS Certificate Using AddOn App>
During TLS communication, verification will be performed for digital certificates with common names.
[Prohibit cleartext authentication for server functions]
<Use FTP Printing> in <FTP Print Settings> is set to <Off>.
<SMTP RX> in <E-mail Settings>  <Communication Settings> is set to <Always Use TLS>.
[Authentication Method] in [Network Settings]   [Dedicated Port Authentication Method] is set to [Mode 2].
When using the machine as a server, plain text authentication and functions that use plain text authentication are not available.
[Prohibit use of SNMPv1]
In <SNMP Settings>, <Use SNMPv1> is set to <Off>. It is not possible to use SNMPv1 when obtaining device information from the computer.
This setting does not apply to communication with IEEE 802.1X networks, even if the check box is selected for [Always verify server certificate when using TLS].
If [Prohibit cleartext authentication for server functions] is selected and your device management software or driver version is old, it may not be possible to connect to the machine. Ensure that you are using the latest versions.
 
[Port Usage Policy]

Prevent external breaches by closing unused ports.
[Restrict LPD port (port number: 515)]
<LPD Print Settings> is set to <Off>. It is not possible to perform LPD printing.
[Restrict RAW port (port number: 9100)]
<RAW Print Settings> is set to <Off>. It is not possible to perform RAW printing.
[Restrict FTP port (port number: 21)]
In <FTP Print Settings>, <Use FTP Printing> is set to <Off>. It is not possible to perform FTP printing.
[Restrict WSD port (port number: 3702, 60000)]
In <WSD Settings>, <Use WSD Print> and <Use WSD Browsing> are all set to <Off>. It is not possible to use WSD functions.
[Restrict BMLinkS port (port number: 1900)]
There are no setting items that the security policy is applied to for the machine.
-
[Restrict IPP port (port number: 631)]
The <IPP Print Settings> and <Use Mopria> options are all set to <Off>. It is not possible to print using IPP or Mopria™.
[Restrict SMB port (port number: 139, 445)]
There are no setting items that the security policy is applied to for the machine.
-
[Restrict SMTP port (port number: 25)]
[SMTP RX] in [Network Settings - E-Mail Settings] [SMTP/POP Settings] is deselected and cannot be set. SMTP reception is not possible.
[Restrict dedicated port (port number: 9002, 9006, 9007, 9011-9015, 9017-9019, 9022, 9023, 9025, 20317, 47545-47547)]
[Use Dedicated Port] is deselected and cannot be set. It is not possible to use dedicated ports.
[Restrict Remote Operator's Software port (port number: 5900)]
There are no setting items that the security policy is applied to for the machine.
-
[Restrict SIP (IP Fax) port (port number: 5004, 5005, 5060, 5061, 49152)]
There are no setting items that the security policy is applied to for the machine.
-
[Restrict mDNS port (port number: 5353)]
The following settings are set to <Off>.
<Use IPv4 mDNS> and <Use IPv6 mDNS> in <mDNS Settings>.
<Use Mopria>
It is not possible to search the network or perform automatic settings using mDNS. It is also not possible to print using Mopria™.
[Restrict SLP port (port number: 427)]
In <Multicast Discovery Settings>, <Response> is set to <Off>. It is not possible to search the network or perform automatic settings using SLP.
[Restrict SNMP port (port number: 161)]
In <SNMP Settings>, the <Use SNMPv1> and <Use SNMPv3> options are set to <Off>. It is not possible to obtain device information from the computer or configure settings using SNMP.

[Authentication]

[Authentication Operational Policy]
Prevent unregistered users from performing unauthorized operations by implementing secure user authentication.
[Prohibit guest users to use device]
<Set Administrator PIN> is set to <On>.
It becomes [Standard Authentication Mode] if [Guest Authentication Mode] is set for [Authentication Mode:] in [Remote UI Authentication].
In addition, [Guest Authentication Mode] can no longer be selected for [Authentication Mode:] in [Remote UI Authentication].
Unregistered users cannot access settings that require Administrator privileges, and print jobs from computers are canceled.
[Force setting of auto logout]
<Auto Reset Time> is enabled. The user is automatically logged out if no operations are performed for a specified period of time. Select [Time Until Logout:] on the Remote UI setting screen.
 
[Password Operational Policy]

Impose strict limits for password operations.
[Prohibit caching of password for external servers]
[Prohibit Caching of Authentication Password for Access to External Servers] is selected and [Save authentication information for login users] is deselected. Users will always be required to enter a password when accessing an external server. The authentication information of the login user is no longer retained.
[Display warning when default password is in use]
[Display Warning When Default Password Is in Use] is selected. A warning message will be displayed whenever the machine's factory default password is used.
[Prohibit use of default password for remote access]
[Allow Use of Default Password for Remote Access] is deselected. It is not possible to use the factory default password when accessing the machine from a computer.
 
[Password Settings Policy]

Prevent third parties from easily guessing passwords by setting a minimum level of complexity and a period of validity for user authentication passwords.
[Set minimum number of characters for password]
[Set Minimum Number of Characters for Password] is deselected. It is not possible to set a password with fewer characters than the number specified for [Minimum Number of Characters].
[Set password validity period]
[No Expiry for Password] is deselected.
[Set Password Validity Period] is selected. Specify the password expiration period in [Validity Period:].
[Prohibit use of 3 or more identical consecutive characters]
[Prohibit Use of 3 or More Identical Consecutive Characters] is selected. It is not possible to set a password that includes the same character repeated three or more times consecutively.
[Force use of at least 1 uppercase character]
[Force Use of at Least 1 Uppercase Character] is selected. Passwords are required to include at least one uppercase alphabetic character.
[Force use of at least 1 lowercase character]
[Force Use of at Least 1 Lowercase Character] is selected. Passwords are required to include at least one lowercase alphabetic character.
[Force use of at least 1 digit]
[Force Use of at Least 1 Digit] is selected. Passwords are required to include at least one numeric character.
[Force use of at least 1 symbol]
[Force Use of at Least 1 Symbol] is selected. Passwords are required to include at least one symbol.
 
[Lockout Policy]

Block users from logging in for a specified period of time after a certain number of consecutive invalid login attempts.
[Enable lockout]
[Enable Lockout] in [Authentication Function Settings] is selected. Specify the values for [Lockout Threshold] and [Lockout Period].

[Key/Certificate]

Protect important data by preventing the use of weak encryption, or by saving encrypted user passwords and keys in a designated hardware component.
[Prohibit use of weak encryption]
[Prohibit Use of Weak Encryption] is selected. It is not possible to use weak encryption. When the check box is selected, [Prohibit use of key/certificate with weak encryption] can be selected.
[Prohibit use of key/certificate with weak encryption]
[Prohibit Use of Key/Certificate with Weak Encryption] in [Prohibit Use of Weak Encryption] is selected. It is not possible to use a key or certificate with weak encryption.
[Use TPM to store password and key]
There are no setting items that the security policy is applied to for the machine.
-

[Log]

You can periodically survey how the machine is used, by requiring logs to be recorded.
[Force recording of audit log]
The following settings are set to <On>.
<Display Job Log>
<Save Audit Log>
<Retrieve Network Authentication Log>
<Rtrv Log w/ Mngt Sftwr> in <Display Job Log> is set to <Allow>.
Audit logs are always recorded.
[Force SNTP settings]
In <SNTP Settings>, <Use SNTP> is set to <On>. Time synchronization via SNTP is required. Enter a value for [NTP Server Address] on the Remote UI setting screen.

[Job]

[Printing Policy]
Prevent information leakage from occurring when printing.
[Prohibit immediate printing of received jobs]
[Force Hold] is selected. Only [Hold as Shared Job] in [Condition Settings] can be set for [Action].
Printing does not occur immediately, even when printing operations are performed.
 
[Sending/Receiving Policy]

Limit the sending operations for destinations, and limit how received data is processed.
[Allow sending only to registered addresses]
There are no setting items that the security policy is applied to for the machine.
-
[Force confirmation of fax number]
There are no setting items that the security policy is applied to for the machine.
-
[Prohibit auto forwarding]
There are no setting items that the security policy is applied to for the machine.
-

[Storage]

Delete unnecessary data in the memory of the machine to prevent information leaks.
[Force complete deletion of data]
There are no setting items that the security policy is applied to for the machine.
-
8193-03K