Ultimately, it is the customer’s responsibility to select the method(s) most appropriate for securing their information. Canon does not warrant that use of the information contained within this document will prevent malicious attacks, or prevent misuse of your imageRUNNER ADVANCE systems.
Logging & Auditing........28 Canon Solutions & Regulatory Requirements... . . 30 Conclusion .
Our development of features within Canon imageRUNNER ADVANCE systems are designed to help prevent data loss, help protect against unwanted device infiltration and help keep information from being compromised.”...
1.3 — Key Security Concentration Areas Canon recognizes the vital need to help prevent data loss, protect against unwanted device use, and mitigate the risk of information being compromised. As a result, all imageRUNNER ADVANCE systems include many standard security features to help safeguard information.
The nature of embedded Linux and the hardening of the operating system drastically reduce the exposure to exploits as compared to a desktop or server version of a Linux or Windows operating system. Canon strives to develop products that meet or exceed our customer’s security requirements. Some of the security related activities include independent testing by security consulting companies of Canon imageRUNNER ADVANCE devices during various phases of the development process to flush out any potential vulnerability prior to production.
(MFPs) being deployed on a greater scale in these locations, Canon developed Advanced Authentication CAC/PIV—an easy-to-use, two-factor embedded authentication solution to lock and unlock Canon devices. This serverless solution ensures that all device functions are locked down until users insert their government-issued Common Access Card/Personal Identity Verification into the card reader and enter their PIN.
Access control solutions for the imageRUNNER ADVANCE can help Authentication, Authorization, and Auditing. Canon offers solutions that can lock down the entire device, or simply lock down specific functions (e.g. Send-to-Email), while leaving other applications available for general use. With the power and flexibility of MEAP, some solutions can be customized to meet your specific requirements.
Allows or prohibits saving functions. Allows or prohibits using applications related to the Web Access function. Allows or prohibits using applications related to Utilities. Allows or prohibits using other applications. Allows or prohibits the use of MEAP applications. White Paper: Canon imageRUNNER ADVANCE Security...
Function Level Authentication Canon imageRUNNER ADVANCE systems offer the ability to limit the use of specific functions by authorized users by requiring authentication to use sensitive functions with Function Level Authentication.
Print Driver Security Features Print Job Accounting A standard feature in Canon’s printer drivers, print job accounting requires users to enter an administrator-defined password prior to printing, thereby restricting device access to those authorized to print. Printing restrictions can be set using Department ID credentials or through the Access Management System.
Access to the Software Development Kit for MEAP is tightly restricted and controlled through licensing. Once an application has been developed, it is thoroughly reviewed by Canon to ensure that it meets strict guidelines for operability and security. Following the review, the application is digitally signed with a special encrypted signature to protect the integrity of the application.
Serverless Secure Print works by holding the user’s print job on their PC. The users can then walk to a Canon device in the SSP network, authenticate, and release jobs held in their SSP queue. Document Storage Space Protection...
PDF, TIFF, and JPEG. Advanced Box Scan and Store Screen Mail Box Store Destination Screen Mail Box Set/Store Password Screen Advanced Box Access Stored Files Screen White Paper: Canon imageRUNNER ADVANCE Security...
In order to use Digital User Signature Mode, SSO authentication must be enabled and a valid certificate installed on the device. Canon imageRUNNER ADVANCE systems also support a feature called PDF Visible Digital Signature, which forces the display of the digital signature on the first page of the PDF file rather than recipients having to open the document’s properties.
These options have been developed in accordance with the extended security requests of key customers and U.S. government agencies. Canon offers advanced security features that protect data stored on the device and during transmission.
• FAT 32-Compatible File System The “iR File System” is a Canon proprietary file system that was designed solely for the processing of image files in a fast and efficient manner. This file system is not compatible with commonly used PC file systems, and therefore analyzing its data at the sector level is extremely difficult.
ADVANCE systems uses a dedicated plug-in board that encrypts every byte of data before it is committed to the disk using the 256-bit AES (Advanced Encryption Standard) algorithm. Please refer to Section 9.2 for information on the Canon imageRUNNER ADVANCE Hard Disk Drive Security Kit Options.
2. Mail Box Print: a. Mail Box Print When a user prints a job stored in the Mail Box, all pages will be overwritten immediately after the entire job has printed out. White Paper: Canon imageRUNNER ADVANCE Security...
• Copy, send, fax, and, print log from System Monitor • Receive from system monitor Send Activity management report when equipped with Canon’s optional Scan and Send Kit. • Fax Activity management report • Auto print is set to [Off] disabling the Daily Send & Fax Activity Report The default setting for Job Log Conceal is [Off].
G3 Fax Board installed can be connected to the Public Switched Telephone Network for sending and receiving of fax data. In order to maintain the security of customer’s networks in relation to this potential interface, Canon has designed its Super G3 Fax Boards to function in accordance with the following security considerations:...
Since the data stored in the Confidential Fax Mail Box is in a format proprietary to Canon, there is no threat of virus infection. Even if the device receives a data file pretending to be a FAX image data but contains a virus, the received data must be decoded first.
One of the most common means for unauthorized people to gain access to any connected device is through a network, either wired or wireless. Canon provides administrators with a host of powerful controls to limit access to authorized users and devices, enable and disable system services, and ensure the privacy of information sent over networks through strong encryption technologies.
As a result, it may be possible to capture all the data as it is sent to the printer via the network. Canon helps mitigate this dilemma by providing Secure Socket Layer (SSL) encryption support for some transmissions to and from the imageRUNNER device, such as Internet protocol Printing (IPP), Internet-fax (I-fax), Remote UI, Web Access and DIDF.
Section 4 — Network Security IPSec Support Canon imageRUNNER ADVANCE systems support an optional IPSec Board, which allows users to utilize IPSec (Internet Protocol Security) to help ensure the privacy and security of information sent to and from the device, while in transit over unsecured networks.
Wireless LAN Board is enabled. IEEE 802.1X Canon imageRUNNER ADVANCE systems support IEEE 802.1x, which is a standard protocol for port- based Network Access Control. The protocol provides authentication to devices attached to a LAN port and establishes a point-to-point connection only if authentication is successful.
SMTP forces a successful login to a POP server prior to being able to send mail via SMTP. Section 5 — Security Monitoring & Management Tools Canon provides a number of tools to help organizations enforce their internal company policies and meet regulatory requirements. Whether a single imageRUNNER ADVANCE system is deployed, or a fleet of them, these solutions provide the ability to audit usage and limit access to features and functions enterprise- wide—at the group and user-level.
Canon has developed a number of cutting-edge technologies to provide administrators with powerful ways to discourage leaks and investigate unauthorized access.
Input billing codes from the device control panel through a MEAP application Canon imageWARE Accounting Manager uses the Department ID of authenticated users to manage and track usage. When SSO authentication is used, administrators can map the user credentials to the respective Active Directory account for tracking.
Canon MFP. Optional HP printer support is also available. Canon imageWARE Secure Audit Manager Express (iWSAM) is an optional security solution that captures and archives all copy, scan, print, fax and send jobs to a Windows folder.
Device and System Security Working Group, sponsored by the IEEE Information Assurance Standards Committee of the IEEE Computer Society. Canon participated in the development of the P2600 suite of Protection Profiles as a member of the Hardcopy Device and System Security Working Group.
Section 7 — Canon Solutions & Regulatory Requirements 7.4 –CAC/PIV Solutions for HSPD-12 Compliance HSPD-12 requires the establishment of a standard for identification of Federal Government employees. The Presidential Directive calls for the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems.
To meet the need for a comprehensive and customizable security solution for any environment, Canon imageRUNNER ADVANCE systems offer a robust set of standard features and optional components.
The following actions are recommended by Canon as appropriate first steps in securing an imageRUNNER ADVANCE system for most environments. While these suggestions assist in enhancing device security, internal company security policies should ultimately dictate which security measures are appropriate for implementation within a specific environment.
Section 9 — Addendum 9.2 – Canon imageRUNNER ADVANCE HDD Security Common Criteria Certification Supported Devices Activation Deactivation HDD Encryption HDD Overwrite Overwrite Pattern System Manager Password Password Initialization in Service Mode ScanGear Support ® imageWARE DM Support ® MEAP...
9.3 – IEEE 2600.1 CC Functional Requirements 9.4 – IEEE 2600.1 CC Settings/Registration Items Preferences White Paper: Canon imageRUNNER ADVANCE Security...
[ON] is selected for[Audit Log Retrieval]. *4 Not displayed when the Remote Operation Kit is enabled. *5 To allow to receive a secured print job, specify [Function Settings] (Settings/Registration) > [Restrict Printer Jobs] > [Rsrvd Jobs + Secured Print]. White Paper: Canon imageRUNNER ADVANCE Security...
The information provided in this document is the most current information available at the time of its creation. Canon hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this document.