Canon Paper Shredder User Manual

Canon paper shredder user manual
Hide thumbs


Quick Links

Version 1.3
October , 2011
Canon recognizes the importance of information security and the challenges that your organization faces.
This white paper provides information security facts for Canon imageRUNNER ADVANCE systems. It
provides details on imageRUNNER ADVANCE security technology for networked and stand-alone
environments, as well as an overview of Canon's device architecture, framework and product technologies
as related to document and information security.
This White Paper is primarily intended for the administrative personnel of a customer charged with
responsibility for the configuration and maintenance of imageRUNNER ADVANCE systems. The
information in this document may be used to more clearly understand the many imageRUNNER ADVANCE
security-related configuration capabilities offered by Canon. The imageRUNNER ADVANCE system offers
a number of standard and optional capabilities that, when used by a customer, can help facilitate effective
management and security of data processed and stored by the system. Ultimately, it is the customer's
responsibility to select the method(s) most appropriate for securing their information.
Canon does not warrant that use of the information contained within this document will prevent malicious
attacks, or prevent misuse of your imageRUNNER ADVANCE systems.
Products shown with optional accessories/equipment. The features reviewed in this white paper include both standard and optional
solutions for imageRUNNER ADVANCE systems. Specifications and availability subject to change without notice.
White Paper: Canon imageRUNNER ADVANCE Security



  Related Manuals for Canon Paper Shredder

No related manuals

  Summary of Contents for Canon Paper Shredder

  • Page 1 Ultimately, it is the customer’s responsibility to select the method(s) most appropriate for securing their information. Canon does not warrant that use of the information contained within this document will prevent malicious attacks, or prevent misuse of your imageRUNNER ADVANCE systems.
  • Page 2: Table Of Contents

    Logging & Auditing........28 Canon Solutions & Regulatory Requirements... . . 30 Conclusion .
  • Page 3: Introduction

    Our development of features within Canon imageRUNNER ADVANCE systems are designed to help prevent data loss, help protect against unwanted device infiltration and help keep information from being compromised.”...
  • Page 4 1.3 — Key Security Concentration Areas Canon recognizes the vital need to help prevent data loss, protect against unwanted device use, and mitigate the risk of information being compromised. As a result, all imageRUNNER ADVANCE systems include many standard security features to help safeguard information.
  • Page 5: Device Security

    The nature of embedded Linux and the hardening of the operating system drastically reduce the exposure to exploits as compared to a desktop or server version of a Linux or Windows operating system. Canon strives to develop products that meet or exceed our customer’s security requirements. Some of the security related activities include independent testing by security consulting companies of Canon imageRUNNER ADVANCE devices during various phases of the development process to flush out any potential vulnerability prior to production.
  • Page 6 (MFPs) being deployed on a greater scale in these locations, Canon developed Advanced Authentication CAC/PIV—an easy-to-use, two-factor embedded authentication solution to lock and unlock Canon devices. This serverless solution ensures that all device functions are locked down until users insert their government-issued Common Access Card/Personal Identity Verification into the card reader and enter their PIN.
  • Page 7 Access control solutions for the imageRUNNER ADVANCE can help Authentication, Authorization, and Auditing. Canon offers solutions that can lock down the entire device, or simply lock down specific functions (e.g. Send-to-Email), while leaving other applications available for general use. With the power and flexibility of MEAP, some solutions can be customized to meet your specific requirements.
  • Page 8 Allows or prohibits saving functions. Allows or prohibits using applications related to the Web Access function. Allows or prohibits using applications related to Utilities. Allows or prohibits using other applications. Allows or prohibits the use of MEAP applications. White Paper: Canon imageRUNNER ADVANCE Security...
  • Page 9 Function Level Authentication Canon imageRUNNER ADVANCE systems offer the ability to limit the use of specific functions by authorized users by requiring authentication to use sensitive functions with Function Level Authentication.
  • Page 10 Print Driver Security Features Print Job Accounting A standard feature in Canon’s printer drivers, print job accounting requires users to enter an administrator-defined password prior to printing, thereby restricting device access to those authorized to print. Printing restrictions can be set using Department ID credentials or through the Access Management System.
  • Page 11: Information Security

    Access to the Software Development Kit for MEAP is tightly restricted and controlled through licensing. Once an application has been developed, it is thoroughly reviewed by Canon to ensure that it meets strict guidelines for operability and security. Following the review, the application is digitally signed with a special encrypted signature to protect the integrity of the application.
  • Page 12 Serverless Secure Print works by holding the user’s print job on their PC. The users can then walk to a Canon device in the SSP network, authenticate, and release jobs held in their SSP queue. Document Storage Space Protection...
  • Page 13 PDF, TIFF, and JPEG. Advanced Box Scan and Store Screen Mail Box Store Destination Screen Mail Box Set/Store Password Screen Advanced Box Access Stored Files Screen White Paper: Canon imageRUNNER ADVANCE Security...
  • Page 14 In order to use Digital User Signature Mode, SSO authentication must be enabled and a valid certificate installed on the device. Canon imageRUNNER ADVANCE systems also support a feature called PDF Visible Digital Signature, which forces the display of the digital signature on the first page of the PDF file rather than recipients having to open the document’s properties.
  • Page 15 These options have been developed in accordance with the extended security requests of key customers and U.S. government agencies. Canon offers advanced security features that protect data stored on the device and during transmission.
  • Page 16 • FAT 32-Compatible File System The “iR File System” is a Canon proprietary file system that was designed solely for the processing of image files in a fast and efficient manner. This file system is not compatible with commonly used PC file systems, and therefore analyzing its data at the sector level is extremely difficult.
  • Page 17 ADVANCE systems uses a dedicated plug-in board that encrypts every byte of data before it is committed to the disk using the 256-bit AES (Advanced Encryption Standard) algorithm. Please refer to Section 9.2 for information on the Canon imageRUNNER ADVANCE Hard Disk Drive Security Kit Options.
  • Page 18 2. Mail Box Print: a. Mail Box Print When a user prints a job stored in the Mail Box, all pages will be overwritten immediately after the entire job has printed out. White Paper: Canon imageRUNNER ADVANCE Security...
  • Page 19 • Copy, send, fax, and, print log from System Monitor • Receive from system monitor Send Activity management report when equipped with Canon’s optional Scan and Send Kit. • Fax Activity management report • Auto print is set to [Off] disabling the Daily Send & Fax Activity Report The default setting for Job Log Conceal is [Off].
  • Page 20 G3 Fax Board installed can be connected to the Public Switched Telephone Network for sending and receiving of fax data. In order to maintain the security of customer’s networks in relation to this potential interface, Canon has designed its Super G3 Fax Boards to function in accordance with the following security considerations:...
  • Page 21 Since the data stored in the Confidential Fax Mail Box is in a format proprietary to Canon, there is no threat of virus infection. Even if the device receives a data file pretending to be a FAX image data but contains a virus, the received data must be decoded first.
  • Page 22: Network Security

    One of the most common means for unauthorized people to gain access to any connected device is through a network, either wired or wireless. Canon provides administrators with a host of powerful controls to limit access to authorized users and devices, enable and disable system services, and ensure the privacy of information sent over networks through strong encryption technologies.
  • Page 23 As a result, it may be possible to capture all the data as it is sent to the printer via the network. Canon helps mitigate this dilemma by providing Secure Socket Layer (SSL) encryption support for some transmissions to and from the imageRUNNER device, such as Internet protocol Printing (IPP), Internet-fax (I-fax), Remote UI, Web Access and DIDF.
  • Page 24 Section 4 — Network Security IPSec Support Canon imageRUNNER ADVANCE systems support an optional IPSec Board, which allows users to utilize IPSec (Internet Protocol Security) to help ensure the privacy and security of information sent to and from the device, while in transit over unsecured networks.
  • Page 25 Wireless LAN Board is enabled. IEEE 802.1X Canon imageRUNNER ADVANCE systems support IEEE 802.1x, which is a standard protocol for port- based Network Access Control. The protocol provides authentication to devices attached to a LAN port and establishes a point-to-point connection only if authentication is successful.
  • Page 26 SMTP forces a successful login to a POP server prior to being able to send mail via SMTP. Section 5 — Security Monitoring & Management Tools Canon provides a number of tools to help organizations enforce their internal company policies and meet regulatory requirements. Whether a single imageRUNNER ADVANCE system is deployed, or a fleet of them, these solutions provide the ability to audit usage and limit access to features and functions enterprise- wide—at the group and user-level.
  • Page 27: Logging & Auditing

    Canon has developed a number of cutting-edge technologies to provide administrators with powerful ways to discourage leaks and investigate unauthorized access.
  • Page 28 Input billing codes from the device control panel through a MEAP application Canon imageWARE Accounting Manager uses the Department ID of authenticated users to manage and track usage. When SSO authentication is used, administrators can map the user credentials to the respective Active Directory account for tracking.
  • Page 29: Canon Solutions & Regulatory Requirements

    Canon MFP. Optional HP printer support is also available. Canon imageWARE Secure Audit Manager Express (iWSAM) is an optional security solution that captures and archives all copy, scan, print, fax and send jobs to a Windows folder.
  • Page 30 Device and System Security Working Group, sponsored by the IEEE Information Assurance Standards Committee of the IEEE Computer Society. Canon participated in the development of the P2600 suite of Protection Profiles as a member of the Hardcopy Device and System Security Working Group.
  • Page 31 Section 7 — Canon Solutions & Regulatory Requirements 7.4 –CAC/PIV Solutions for HSPD-12 Compliance HSPD-12 requires the establishment of a standard for identification of Federal Government employees. The Presidential Directive calls for the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems.
  • Page 32: Conclusion

    To meet the need for a comprehensive and customizable security solution for any environment, Canon imageRUNNER ADVANCE systems offer a robust set of standard features and optional components.
  • Page 33: Addendum

    The following actions are recommended by Canon as appropriate first steps in securing an imageRUNNER ADVANCE system for most environments. While these suggestions assist in enhancing device security, internal company security policies should ultimately dictate which security measures are appropriate for implementation within a specific environment.
  • Page 34 Section 9 — Addendum 9.2 – Canon imageRUNNER ADVANCE HDD Security Common Criteria Certification Supported Devices Activation Deactivation HDD Encryption HDD Overwrite Overwrite Pattern System Manager Password Password Initialization in Service Mode ScanGear Support ® imageWARE DM Support ® MEAP...
  • Page 35 9.3 – IEEE 2600.1 CC Functional Requirements 9.4 – IEEE 2600.1 CC Settings/Registration Items Preferences White Paper: Canon imageRUNNER ADVANCE Security...
  • Page 36 [ON] is selected for[Audit Log Retrieval]. *4 Not displayed when the Remote Operation Kit is enabled. *5 To allow to receive a secured print job, specify [Function Settings] (Settings/Registration) > [Restrict Printer Jobs] > [Rsrvd Jobs + Secured Print]. White Paper: Canon imageRUNNER ADVANCE Security...
  • Page 37 The information provided in this document is the most current information available at the time of its creation. Canon hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this document.