1. Manuals
  2. Brands
  3. Canon Manuals
  4. Printer Accessories
  5. iR-ADV Security Kit-B1
  6. Service manual

Canon iR-ADV Security Kit-B1 Service Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
February 27, 2012
Revision 0
iR-ADV Security Kit-B1 for IEEE 2600.1
Service Manual
Specifications
Functions
Installation
Maintenance
1
2
3
4

Advertisement

Table of Contents
loading

Related Manuals for Canon iR-ADV Security Kit-B1

Summary of Contents for Canon iR-ADV Security Kit-B1

  • Page 1 February 27, 2012 Revision 0 iR-ADV Security Kit-B1 for IEEE 2600.1 Service Manual Specifications Functions Installation Maintenance...
  • Page 2 This manual is copyrighted with all rights reserved. Under the copyright laws, this manual may changes in the contents of this manual over a long or short period, Canon will issue a new not be copied, reproduced or translated into another language, in whole or in part, without the edition of this manual.

  • Page 3: Table Of Contents

    Contents The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". Checking the Operation After Making the Settings -------------------3-5 Checking the Ping When IPSec is in Operation---------------------------- 3-5 Specifications Setting by the Device ------------------------------------------------------------- 3-5...
  • Page 4 Explanation of Symbols The following rules apply throughout this Service Manual: The following symbols are used throughout this Service Manual. Each chapter contains sections explaining the purpose of specific functions and the relationship between electrical and mechanical systems with reference to the timing of Symbols Explanation Symbols...

  • Page 5: Specifications

    Specifications ■ Product compositions Specifications...

  • Page 6: Product Overview

    License is option Hardware option Standard function iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is an option to use the imageRUNNER ADVANCE 4000 Series(4051/4045/4035/4025) as the CC certified HDD Data imageRUNNER ADVANCE 4000 Series 2600.1 model (hereinafter called "2600.1 model")

  • Page 7: Toe Identification Method

    Check that the machine configuration (such as the controller and options) is the same as that when IEEE 2600.1 CC certification was obtained on the touch paneldisplay. There are following mentions in "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification of Administrator Guide".
  • Page 8 Since versions are not given to any options other than HDD Data Encryption & Mirroring Kit, they are aggregated in the Controller Version. "ACCESS MANAGEMENT SYSTEM" and "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification" are not displayed unless default authentication is switched to SSO-H.

  • Page 9: Functions

    Functions ■ Basic Function ■ New Function Functions...

  • Page 10: What Is Ieee2600

    Functions > Basic Function > What is IEEE2600? > IEEE2600.1 Basic Function ■ IEEE2600.1 IEEE 2600.1 describes security requirements of MFPs and printers, and is one of the PPs What is IEEE2600? (Protection Profiles) of IEEE 2600 series. PP is a document that describes a set of security requirements in certain product range which satisfies consumers' needs.

  • Page 11: Target Function

    Functions > Basic Function > Target Function Purpose of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification: The iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria includes the security function iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is assumed to that it functions and met entirely of seven kinds of above.

  • Page 12: Security Functional Requirements Of Mfp

    Functions > Basic Function > Security Functional Requirements of MFP Security Functional Requirements of MFP The following shows the security functional requirements of MFP. Functional requirements Purpose Functions supported by iR-ADV User recognition/ To prevent unauthorized use by MEAP SSO-H authentication function unregistered persons Access control of device...

  • Page 13: New Function

    Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 New Function Function Settings Setting items Displayed Screen Setting Setting value (IEEE value (at iR-ADV Security Kit-B1 for IEEE2600.1 2600.1 the time of certification shipment) machine) Check that the following installation is complete before enabling the license of iR-ADV Report with TX Image [Send] >...

  • Page 14: Setting Value (Ieee 2600.1)

    Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) (PS/PCL/UFR II Printer) > Restricting Printer Jobs, included with this product. ■ Setting value (IEEE 2600.1) 1. The Advanced Box is disabled since it is not targeted for audit log.
  • Page 15 Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) Use NetWare > OFF Setting value (IEEE 2600.1) Setting value (at the time of shipment) Use AppleTalk > OFF Setting value (IEEE 2600.1) Setting value (at the time of shipment) T-2-10 5.
  • Page 16 Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) 8. The remote fax reception function is configured not to be used since its job is executed 11. ON is selected for "Use I-Fax Memory Lock" to prevent the received I-Fax job from being without the SSO-H user authentication.
  • Page 17 Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) 13. The proof print setting (Print When Storing from Printer Driver) in the settings/registration Audit Log Retrieval of each Mail Box is grayed out to prohibit general users fromindividually changing the Setting value (IEEE 2600.1)

  • Page 18: Installation Location

    Functions > New Function > Audit Log (Standard Function of This Machine) 2-10 Audit Log (Standard Function of This Machine) ■ Installation location Settings/Registration > [Management Settings] > [Device Management] > [Unified Security The following logs are newly generated to audit the user operation. Settings] The following shows the description of each log.

  • Page 19: Self Test Function (Ipsec)

    Functions > New Function > Self Test Function (IPSec) 2-11 Log type User authentication log 4098 Job log 1001/8193 Mail Box operation log 8197 Mail Box authentication log 8199 Management function log 8198 Network log 8200 User authentication and user management log 3001 T-2-23 NOTE:...

  • Page 20: Installation

    Installation ■ Points to Note About Installation ■ Installation Overview ■ Checking the Operation After Making the Settings Installation...

  • Page 21: Points To Note About Installation

    IEEE2600.1 CC certification. To maintain the status of IEEE2600.1CC certification, install the firmware for the host machine from the CD included in the package of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification.

  • Page 22: Installation Overview

    Installation > Installation Overview > The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". Installation Overview 2. Installing the System 1) Remove the VOID seal from the IEEE2600 certification kit, take out the CD-ROM and register the firmware to SST.
  • Page 23 Installation > Installation Overview > The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". 6. Checking the Version and Configuration 1) Check that the following version matches with the version described in the User's Guide.

  • Page 24: Checking The Operation After Making The Settings

    Installation > Checking the Operation After Making the Settings > Setting by the Device Checking the Operation After Making the Settings Enter a policy name and perform each setting in order. Checking the Ping When IPSec is in Operation In IEEE2600 certification, all communication is encrypted by IPSec when the device communicates via network.
  • Page 25 PFS > OFF Auth./Encryption > Auto F-3-5 IKE Settings Authentication Method > Shared Key, Enter "canon" here. This character string is used in the PC setting of the next section. F-3-7 Reference: You can compare it when You output a list of IPSec policy when a change entered later.

  • Page 26: Setting By The Pc

    Authentication > Add First Authentication Method >Preshared key as usual and a response is returned after performing the setting accordingto the procedure (not recommended) (Ex: canon) Connection Security Rules Windows Firewall Properties Control Panel > All Control Panel Items > Administrative Tools >...

  • Page 27: Ipsec Defaults > Customize

    Installation > Checking the Operation After Making the Settings > IPSec defaults > Customize IPsec Setting IPSec defaults > Customize Create a new IP Security Policy. Select Start > Control Panel > System and Security > Administrative Tools > Local Security Policy.
  • Page 28 Installation > Checking the Operation After Making the Settings > IPSec defaults > Customize Note: Delete the security method that is set by default. F-3-14 Data protection (Quick Mode) Select "Require encryption for all connection security rules that use these settings." Add Intergrity and Encryption Algorithms, Protocol : ESP(recommended) Algorithms : AES-CBC 128...

  • Page 29: Connection Security Rules

    Advanced Security F-3-15 Authentication method Authentication method > Advanced > Customize > First Authentication > Add First Authentication Method >Preshared key (not recommended) (Ex: canon) F-3-17 Open New Conection Security Rule Wizard. Note: This character string is used in the Device setting of the befor section.
  • Page 30 Installation > Checking the Operation After Making the Settings > Connection Security Rules 3-11 Rule Type Requirements Custom Require authentication for inbound and outbound connetions F-3-19 F-3-21 Endpoints Authentication Method Any IP address Default F-3-20 F-3-22 3-11 Installation > Checking the Operation After Making the Settings > Connection Security Rules...

  • Page 31: Assigning The Security Policy

    Installation > Checking the Operation After Making the Settings > Assigning the Security Policy 3-12 Protocol and Ports Name Protocol type : Any Any (Ex : test) F-3-23 F-3-25 Profile Assigning the Security Policy Select : Domain, Private, Public IPsec communication starts when a policy is assigned. Control Panel >...

  • Page 32: Checking The Ping

    Installation > Checking the Operation After Making the Settings > Checking the Ping 3-13 Checking the Ping Be sure to check the ping from the device. At the initial connection, time-out may occur before encryption communication is established, which may result in the connection failure. Execute a ping repeatedly at some interval if connection failed.

  • Page 33: Maintenance

    Maintenance ■ Notes when service ■ Reference matter in market service Maintenance...

  • Page 34: Supporting The Modified Items After The Release Of Ir-Adv Security Kit-B1 For Ieee2600.1

    CDS special upgrading. Recovery after Servicing Work When the setting of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is changed due to the servicing work (replacement of Main Controller,replacement of HDD, clearing of each service mode), the environment of the host machine needs to be returned to that of IEEE2600 certification.

  • Page 35: Reference Matter In Market Service

    Maintenance > Reference matter in market service > Functions Which Operates Normally Reference matter in market service Functions Which Operates Normally Version upgrade by SST Installation of IPSec Board encrypts communication. In the case of communication between SST and the host machine, system can be installed by SST vianetwork in the same way as the normal service since IPSec function is not used.

Table of Contents