Network Security - Canon imageRUNNER ADVANCE C5500 Series Customer Expectation Document

imageRUNNER ADVANCE C5500 and C5500 II Series Customer Expectations Document

2.9.4 Network Security

The imageRUNNER ADVANCE C5500 and C5500 II Series machines secure
network communications by using IPSec (IP Security), filtering by port number,
encryption and authentication, and network port and application access control.
• IPSec – The IPSec protocol is standard on the imageRUNNER ADVANCE
C5500 and C5500 II Series machines. It ensures that information and
communications over the network remain private by encrypting all inbound and
outbound network traffic.
• Filtering by Port Number – Permits or rejects data packets from entering
specific port numbers or a range of port numbers. Also, IP address filters to
outbound connections can be applied. For example, if functions, such as
Remote Copy and Universal Send are used, System Administrators can block
or restrict users from sending files to specific IP addresses. This minimizes the
risk of data from being sent out of the company to systems that are not trusted.
• Encryption and Authentication – SSL (Secure Sockets Layer) protects data
transferred over the network by encrypting file names and formats. The System
Administrator can also add IPsec capabilities to secure Internet Protocol (IP)
communications from lower layer protocols, such as TCP (Transmission
Control Protocol) and UDP (User Datagram Protocol) by authenticating and
encrypting each IP packet of a data stream across the Internet.
Additionally, the imageRUNNER ADVANCE C5500 and C5500 II Series
supports
Authentication involves communication between a supplicant, authenticator,
and authentication server. The supplicant is authentication software on a client
device. The client device needs the supplicant to provide credentials, such as
user names/passwords or digital certificates to the authenticator (a wireless
access point). The authenticator then forwards the credentials to the
authentication server (generally a RADIUS database) for verification. If the
credentials are valid in the authentication server database, the client device can
access resources located on the protected side of the network.
• Network Port and Application Access Control – Network Port and
Application Access Control enables system administrators to set up only the
necessary protocols, such as IPP, FTP, SNTP, SNMP, RAW, LPD, and others
for transferring data. These protocols can be switched ON and OFF. The
administrator can also disable unneeded services, protocols, ports, and the
potential paths of attack so that attacks on the machine can be minimized.
Version 6
imageRUNNER ADVANCE C5500 and C5500 II Series Customer Expectations Document
IEEE 802.1X, which provides port-based authentication.
Page 25