Network Security; Ipsec; Filtering By Port Number; Encryption And Authentication - Canon imageRUNNER ADVANCE DX C3800 Series Service Manual

Canon
E. Network Security
The imageRUNNER ADVANCE DX C3800 Series machines secure network
communications by using IPSec (IP Security), filtering by port number,
encryption and authentication, and network port and application control.
1.

IPSec

The IPSec protocol is standard on the imageRUNNER ADVANCE DX
C3800 Series machines. It ensures that information and communications
over the network remain private by encrypting all inbound and outbound
network traffic.
2.

Filtering by Port Number

Port number filtering permits or rejects data packets from entering
specific port numbers or a range of port numbers. Also, IP address filters
to outbound connections can be applied. For example, if functions, such
as Remote Copy and Universal Send are used, System Administrators
can block or restrict users from sending files to specific IP addresses.
This minimizes the risk of data from being sent out of the company to
systems that are not trusted.
3.

Encryption and Authentication

TLS (Transport Layer Security)
network by encrypting file names and formats. The System Administrator
can also add IPSec capabilities to secure Internet Protocol (IP)
communications from lower layer protocols, such as TCP (Transmission
Control Protocol) and UDP (User Datagram Protocol) by authenticating
and encrypting each IP packet of a data stream across the Internet.
Additionally, the imageRUNNER ADVANCE DX C3800 Series supports
IEEE 802.1X, which provides port-based authentication. Authentication
involves communications between a supplicant, authenticator, and
authentication server. The supplicant is authentication software on a
client device. The client device (the imageRUNNER ADVANCE DX
C3800 Series) needs the supplicant to provide credentials, such as user
names/passwords or digital certificates, to the authenticator (a wireless
access point). The authenticator then forwards the credentials to the
authentication server (generally a RADIUS database) for verification. If
the credentials are valid in the authentication server database, the client
device can access resources located on the protected side of the
network.
36 TLS V1.3 is supported by the imageRUNNER ADVANCE DX C3800 Series; however, MEAP
applications, uniFLOW, imageWARE Remote, and the CDS only support up to TLS V1.2.
imageRUNNER ADVANCE DX C3800 Series Service Guide
Revision 4
imageRUNNER ADVANCE DX C3800 Series Service Guide
protects data transferred over the
36
March 2023
Page 28