Page 1: Operating Instructions
Operating Instructions Security Reference Getting Started Configuring Administrator Authentication Configuring User Authentication Protecting Data from Information Leaks Securing Information Sent over the Network or Stored on Hard Disk Managing Access to the Machine Enhanced Network Security Specifying the Extended Security Functions Troubleshooting 10 Appendix Read this manual carefully before you use this machine and keep it handy for future reference.
Page 3: Table Of Contents
TABLE OF CONTENTS Manuals for This Machine..........................7 Notice..................................9 Important.................................9 How to Read This Manual..........................10 Symbols................................10 Name of Major Item............................10 IP Address..............................10 Notes................................10 1. Getting Started Before Using the Security Functions........................11 Setting up the Machine............................12 Enhanced Security............................16 Glossary................................17 Security Measures Provided by this Machine....................19 Using Authentication and Managing Users....................19 Ensuring Information Security........................19 Limiting and Controlling Access........................20...
Page 4 3. Configuring User Authentication Users..................................35 About User Authentication..........................36 Configuring User Authentication........................37 Enabling User Authentication..........................38 User Code Authentication..........................39 Specifying User Code Authentication......................39 Basic Authentication............................41 Specifying Basic Authentication........................41 Authentication Information Stored in the Address Book................42 Specifying Login User Names and Passwords..................42 Specifying Login Details..........................44 Windows Authentication..........................46 Specifying Windows Authentication......................48 Installing Internet Information Services (IIS) and Certificate Services............51...
Page 5 Changing the Owner of a Document......................79 Specifying Access Permissions for Files Stored Using the Scanner Function..........79 Specifying User and Access Permissions for Files Stored by a Particular User........83 Specifying Passwords for Stored Files......................84 Unlocking Files.............................85 5. Securing Information Sent over the Network or Stored on Hard Disk Preventing Information Leakage Due to Unauthorized Transmission............87 Restricting Destinations..........................87 Using S/MIME to Protect E-mail Transmission....................89...
Page 6 Logs That Can Be Managed Using Web Image Monitor..............131 7. Enhanced Network Security Preventing Unauthorized Access........................145 Access Control............................145 Enabling and Disabling Protocols......................146 Specifying Network Security Level......................151 Encrypting Transmitted Passwords.......................155 Specifying a Driver Encryption Key......................155 Protection Using Encryption..........................157 SSL (Secure Sockets Layer) Encryption....................157 User Settings for SSL (Secure Sockets Layer)..................162 Setting the SSL/TLS Encryption Mode.....................162 SNMPv3 Encryption..........................164...
Page 7 Settings You Can Configure Using Web Image Monitor...............204 Settings You Can Configure When IPsec Is Available/Unavailable............205 9. Troubleshooting If Authentication Fails.............................209 If a Message is Displayed........................209 If an Error Code is Displayed........................211 If the Machine Cannot Be Operated.......................227 10. Appendix Supervisor Operations..........................231 Logging in as the Supervisor........................231 Logging out as the Supervisor........................232...
Page 8 System Settings............................249 Adjustment Settings for Operators......................249 Settings via Web Image Monitor......................250 Document Server File Permissions........................251 The Privilege for User Account Settings in the Address Book..............252 User Settings - Control Panel Settings......................255 System Settings...............................256 Copier / Document Server Features......................262 Scanner Features............................269 Maintenance..............................271 Adjustment Settings for Operators........................272 Tray Paper Settings............................273...
Page 9: Manuals For This Machine
Manuals for This Machine Read this manual carefully before you use this machine. Refer to the manuals that are relevant to what you want to do with the machine. • Media differ according to manual. • The printed and electronic versions of a manual have the same contents. ®...
Page 10 Security Reference This manual is for administrators of the machine. It explains security functions that you can use to prevent unauthorized use of the machine, data tampering, or information leakage. Be sure to read this manual when setting the enhanced security functions, or user and administrator authentication. Guide to Paper Explains paper characteristics and methods for handling paper.
Page 11: Notice
Notice Important In no event will the company be liable for direct, indirect, special, incidental, or consequential damages as a result of handling or operating the machine. For good copy quality, the manufacturer recommends that you use genuine toner from the manufacturer. The manufacturer shall not be responsible for any damage or expense that might result from the use of parts other than genuine parts from the manufacturer with your office products.
Page 12: How To Read This Manual
How to Read This Manual Symbols This manual uses the following symbols: Indicates points to pay attention to when using the machine, and explanations of likely causes of paper misfeeds, damage to originals, or loss of data. Be sure to read these explanations. Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.
Page 13: Getting Started
1. Getting Started This chapter describes the machine's security features and how to specify initial security settings. Before Using the Security Functions • If the security settings are not configured, the data in the machine is vulnerable to attack. 1. To prevent this machine being stolen or willfully damaged, etc., install it in a secure location. 2.
Page 14: Setting Up The Machine
1. Getting Started Setting up the Machine This section describes how to enable encryption of transmitted data and configure the administrator account. If you want a high level of security, make the following setting before using the machine. Enabling security Turn the machine on.
Page 15 Setting up the Machine Specify IPv4 Address. For details on how to specify the IPv4 address, see "Interface Settings", Network and System Settings Reference. Be sure to connect this machine to a network that only administrators can access. Start Web Image Monitor, and then log in to the machine as the administrator. For details about logging in to Web Image Monitor as an administrator, see p.68 "Logging in Using Web Image Monitor".
Page 16 1. Getting Started Click [OK]. Log out, and then quit Web Image Monitor. Press the [User Tools] key on the control panel. Press [System Settings]. Press [Administrator Tools]. Press [Extended Security]. If this item is not visible, press [ Next] to display more settings. Set [@Remote Service] to [Prohibit].
Page 17 Setting up the Machine Press the [User Tools] key. Disconnect the machine from the administrators-only network, and then connect it to the general use network. Firmware Update Cautions If "IPsec" is enabled, all information on the network will be encrypted. This allows you to perform firmware updates securely.
Page 18: Enhanced Security
1. Getting Started Enhanced Security This machine's security functions can be enhanced by managing the machine and its users using the improved authentication functions. By specifying access limits for the machine's functions and the documents and data stored in the machine, information leaks and unauthorized access can be prevented.
Page 19: Glossary
Glossary Glossary Administrator There are four types of administrators according to administrative function: machine administrator, network administrator, file administrator, and user administrator. We recommend a different person for each administrator role. In this way, you can spread the workload and limit unauthorized operation by a single administrator. Basically, administrators make machine settings and manage the machine;...
Page 20 1. Getting Started Logout This action is required with administrator and user authentication. This action is required when you have finished using the machine or changing the settings.
Page 21: Security Measures Provided By This Machine
Security Measures Provided by this Machine Security Measures Provided by this Machine Using Authentication and Managing Users Enabling Authentication To control administrators' and users' access to the machine, perform administrator authentication and user authentication using login user names and login passwords. To perform authentication, the authentication function must be enabled.
Page 22: Limiting And Controlling Access
1. Getting Started Using S/MIME to Protect E-mail Transmission When sending mail from the scanner to a user registered in the Address Book, you can use S/MIME to protect its contents from interception and alteration, and attach an electronic signature to guarantee the sender's identity.
Page 23: Enhancing Network Security
Security Measures Provided by this Machine Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine's functions. For details about limiting available functions for users and groups, see p.122 "Limiting Available Functions". Enhancing Network Security Preventing Unauthorized Access You can limit IP addresses or disable ports to prevent unauthorized access over the network and...
Page 24 1. Getting Started...
Page 25: Configuring Administrator Authentication
2. Configuring Administrator Authentication This chapter describes what an administrator can do, how to register an administrator, how to specify administrator authentication, and how to log in to and out from the machine as an administrator. Administrators Administrators manage user access to the machine and various other important functions and settings. When an administrator controls limited access and settings, first select the machine's administrator and enable the authentication function before using the machine.
Page 26: Machine Administrator
2. Configuring Administrator Authentication Machine Administrator This is the administrator who mainly manages the machine's default settings. You can set the machine so that the default for each function can only be specified by the machine administrator. By making this setting, you can prevent unauthorized people from changing the settings and allow the machine to be used securely by its many users.
Page 27: About Administrator Authentication
About Administrator Authentication About Administrator Authentication There are four types of administrators: user administrator, machine administrator, network administrator, and file administrator. BZM004 1. User Administrator This administrator manages personal information in the Address Book. You can register/delete users in the Address Book or change users' personal information.
Page 28: Enabling Administrator Authentication
2. Configuring Administrator Authentication Enabling Administrator Authentication To control administrators' access to the machine, perform administrator authentication using login user names and passwords. When registering an administrator, you cannot use a login user name already registered in the Address Book. Administrators are handled differently from the users registered in the Address Book.
Page 29 Enabling Administrator Authentication • Be sure not to forget the supervisor login user name and login password. If you do forget them, a service representative will have to return the machine to its default state. This will result in all data in the machine being lost.
Page 30: Registering The Administrator
2. Configuring Administrator Authentication Set "Admin. Authentication" to [On]. Select the settings to manage from "Available Settings". To specify administrator authentication for more than one category, repeat steps 5 to 7. Press [OK]. Press the [User Tools] key. • "Available Settings" varies depending on the administrator. •...
Page 31 Enabling Administrator Authentication Press the [User Tools] key. Press [System Settings]. Press [Administrator Tools]. Press [Program / Change Administrator]. If this item is not visible, press [ Next] to display more settings. In the line for the administrator whose authority you want to specify, press [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4], and then press [Change].
Page 32: Logging In Using Administrator Authentication
2. Configuring Administrator Authentication Press [Change] for "Login Password". Enter the login password, and then press [OK]. Follow the password policy to make the login password more secure. For details about the password policy and how to specify it, see p.191 "Specifying the Extended Security Functions".
Page 33 Enabling Administrator Authentication Press the [Login/Logout] key. BZM003 The login screen appears. The login screen can also be made to appear by pressing [Login] in the User Tools menu. Press [Login]. Enter the login user name, and then press [OK]. When you log in to the machine for the first time as the administrator, enter "admin".
Page 34: Logging Out Using Administrator Authentication
2. Configuring Administrator Authentication • If user authentication has already been specified, a screen for authentication appears. To log in as an administrator, enter the administrator's login user name and login password. • When you log in with a user name that has multiple administrator privileges, one of the administrator privileges associated with that name is displayed.
Page 35: Changing The Administrator's User Name And Password
Enabling Administrator Authentication Press [OK]. You will be automatically logged out. Press the [User Tools] key. • An administrator's privileges can only be changed by an administrator with the relevant privileges. • Administrator privileges cannot be revoked by any single administrator. Changing the Administrator's User Name and Password Using Web Image Monitor, you can log into the machine and change the administrator's user name and password.
Page 36 2. Configuring Administrator Authentication Click [OK]. The login screen appears. • The Web browser might be configured to auto complete login dialog boxes by retaining user names and passwords. This function reduces security. To prevent the browser retaining user names and passwords, disable the browser's auto complete function.
Page 37: Configuring User Authentication
3. Configuring User Authentication This chapter describes what a user can do, how to specify user authentication, and how to log into and out from the machine as a user. Users A user performs normal operations on the machine, such as copying and scanning. Users are managed using the personal information in the machine's Address Book, and can use only the functions they are permitted to access by administrators.
Page 38: About User Authentication
3. Configuring User Authentication About User Authentication This machine has an authentication function to prevent unauthorized access. By using login user name and login password, you can specify access limits for individual users and groups of users. BZM005 1. User A user performs normal operations on the machine, such as copying.
Page 39: Configuring User Authentication
Configuring User Authentication Configuring User Authentication Specify administrator authentication and user authentication according to the following chart: Administrator authentication p.26 "Specifying Administrator Privileges" p.28 "Registering the Administrator" User authentication Specify user authentication. Five types of user authentication are available: p.39 "User Code Authentication" p.41 "Basic Authentication"...
Page 40: Enabling User Authentication
3. Configuring User Authentication Enabling User Authentication To control users' access to the machine, perform user authentication using login user names and passwords. There are five types of user authentication methods: user code authentication, basic authentication, Windows authentication, LDAP authentication, and Integration Server authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authentication.
Page 41: User Code Authentication
User Code Authentication User Code Authentication This is an authentication method for limiting access to functions according to a user code. The same user code can be used by more than one user. For details about specifying user codes, see "Authentication Information", Network and System Settings Reference.
Page 42 3. Configuring User Authentication Select which of the machine's functions you want to limit. The selected settings will be unavailable to users. For details about limiting available functions for individuals or groups, see p.122 "Limiting Available Functions". For details about printer job authentication, see p.64 "Printer Job Authentication". Press [OK].
Page 43: Basic Authentication
Basic Authentication Basic Authentication Specify this authentication method when using the machine's Address Book to authenticate each user. Using basic authentication, you can not only manage the machine's available functions but also limit access to stored files and to the personal data in the Address Book. Under basic authentication, the administrator must specify the functions available to each user registered in the Address Book.
Page 44: Authentication Information Stored In The Address Book
3. Configuring User Authentication Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be logged out. Authentication Information Stored in the Address Book This can be specified by the user administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication"...
Page 45 Basic Authentication Select the user. Press [Auth. Info]. Press [Change] for "Login User Name". Enter a login user name, and then press [OK].
Page 46: Specifying Login Details
3. Configuring User Authentication Press [Change] for "Login Password". Enter a login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK]. Press [Exit]. Press the [User Tools] key. •...
Page 47 Basic Authentication • When using "Use Auth. Info at Login" for "SMTP Authentication", "Folder Authentication", or "LDAP Authentication", a user name other than "other", "admin", "supervisor" or "HIDE***" must be specified. The symbol "***" represents any character. • To use "Use Auth. Info at Login" for "SMTP Authentication", a login password up to 128 characters in length must be specified.
Page 48: Windows Authentication
3. Configuring User Authentication Windows Authentication Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server. Under Windows authentication, you can specify the access limit for each group registered in the directory server.
Page 49 Windows Authentication • During Windows authentication, data registered in the directory server, such as the user's e-mail address, is automatically registered in the machine. If user information on the server is changed, information registered in the machine may be overwritten when authentication is performed. •...
Page 50: Specifying Windows Authentication
3. Configuring User Authentication Specifying Windows Authentication Before beginning to configure the machine, make sure that administrator authentication is properly configured under "Administrator Authentication Management". This can be specified by the machine administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication"...
Page 51 Windows Authentication Up to 5 realms can be registered. Press [Change] for "Domain Name", enter the name of the domain controller to be authenticated, and then press [OK]. Press [On] for "Use Secure Connection (SSL)". If this item is not visible, press [ Next] to display more settings. If you are not using secure sockets layer (SSL) for authentication, press [Off].
Page 52 3. Configuring User Authentication Under "Group", press [Program / Change], and then press [* Not Programmed]. If this item is not visible, press [ Next] to display more settings. Under "Group Name", press [Change], and then enter the group name. Press [OK].
Page 53: Installing Internet Information Services (Iis) And Certificate Services
Windows Authentication Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be logged out. Installing Internet Information Services (IIS) and Certificate Services Specify this setting if you want the machine to automatically obtain e-mail addresses registered in Active Directory.
Page 54: Creating The Server Certificate
3. Configuring User Authentication Creating the Server Certificate After installing Internet Information Services (IIS) and Certificate services Windows components, create the Server Certificate as follows: Windows Server 2008 R2 is used to illustrate the procedure. On the [Start] menu, point to [Administrator Tools], and then click [Internet Information Services (IIS) Manager].
Page 55 Windows Authentication Click [Logout]. • If a certificate authority issues a certificate that must be authenticated by an intermediate certificate authority, and the certificate is installed on this machine, an intermediate certificate must be installed on the client computer. If it is not, validation by the certificate authority will not be performed correctly, and a warning message might appear when the destination user receives an e-mail with an S/MIME signature.
Page 56: Ldap Authentication
3. Configuring User Authentication LDAP Authentication Specify this authentication method when using the LDAP server to authenticate users who have their accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the LDAP server. The Address Book stored in the LDAP server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the Address Book.
Page 57: Specifying Ldap Authentication
LDAP Authentication • User Name You do not have to enter the user name if the LDAP server supports "Anonymous Authentication". • Password You do not have to enter the password if the LDAP server supports "Anonymous Authentication". • Enter the login name and password correctly; keeping in mind that it is case-sensitive. •...
Page 58 3. Configuring User Authentication Press [Administrator Tools]. Press [User Authentication Management]. If this item is not visible, press [ Next] to display more settings. Select [LDAP Auth.]. Select the LDAP server to be used for LDAP authentication. Select which of the machine's functions you want to permit. If this item is not visible, press [ Next] to display more settings.
Page 59 LDAP Authentication Press [Change] for "Login Name Attribute". If this item is not visible, press [ Next] to display more settings. Enter the login name attribute, and then press [OK]. Use the login name attribute as a search criterion to obtain information about an authenticated user. You can create a search filter based on the Login Name Attribute, select a user, and then retrieve the user information from the LDAP server so it is transferred to the machine's Address Book.
Page 60 3. Configuring User Authentication "employeeNumber", provided it is unique. If you do not specify the Unique Attribute, an account with the same user information but with a different login user name will be created in the machine. Press [OK]. Press the [User Tools] key. A confirmation message appears.
Page 61: Integration Server Authentication
Integration Server Authentication Integration Server Authentication For external authentication, the Integration Server authentication collectively authenticates users accessing the server over the network, providing a server-independent, centralized user authentication system that is safe and convenient. By downloading the user information registered in the Integration Server into the machine's Address Book, you can authenticate a user without registering the user on the machine's control panel.
Page 62 3. Configuring User Authentication Press [Change] for "Server Name". Specify the name of the server for external authentication. Enter the server name, and then press [OK]. Enter the IPv4 address or host name. In "Authentication Type", select the authentication system for external authentication. Select an available authentication system.
Page 63 Integration Server Authentication Press [Obtain URL]. The machine obtains the URL of the server specified in "Server Name". If "Server Name" or the setting for enabling SSL is changed after obtaining the URL, the URL is "Not Obtained". Press [Exit]. In the "Authentication Type", if you have not registered a group, proceed to step 18.
Page 64 3. Configuring User Authentication Under "Group Name", press [Change], and then enter the group name. Press [OK]. Select which of the machine's functions you want to permit. Authentication will be applied to the selected functions. Users can use the selected functions only. For details about specifying available functions for individuals or groups, see p.122 "Limiting Available Functions".
Page 65 Integration Server Authentication Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be logged out.
Page 66: Printer Job Authentication
3. Configuring User Authentication Printer Job Authentication Depending on the user authentication settings of the machine and printer driver, print jobs may not be printed. Specify these settings according to the operating environment. A job can be printed if the user code entered in the printer properties dialog box matches a user code registered in the machine's Address Book and the job is authenticated.
Page 67 Printer Job Authentication • For details about entering the user code in the printer properties dialog box, see the Printer Reference or the printer driver Help.
Page 68: If User Authentication Is Specified
3. Configuring User Authentication If User Authentication is Specified When user authentication (user code authentication, basic authentication, Windows authentication, LDAP authentication, or Integration Server authentication) is set, the authentication screen is displayed. To use the machine's security functions, each user must enter a valid user name and password. Log in to operate the machine, and log out when you are finished operations.
Page 69: If Basic, Windows, Ldap Or Integration Server Authentication Is Specified
If User Authentication is Specified • To log out, do one of the following: • Press the operation switch. • Press the [Energy Saver] key after jobs are completed. • Press the [Clear] key and the [Clear Modes] key at the same time. Logging in Using the Printer Driver When user code authentication is set, specify a user code in the printer driver's printing preferences dialog box.
Page 70: Logging In Using Web Image Monitor
3. Configuring User Authentication Logging out Using the Control Panel Use the following procedure to log out when basic authentication, Windows authentication, LDAP authentication, or Integration Server authentication is enabled. Press the [Login/Logout] key. Press [Yes]. • You can log out using the following procedures also. •...
Page 71 If User Authentication is Specified To use the lockout function for user authentication, the authentication method must be set to basic authentication. Under other authentication methods, the lockout function protects supervisor and administrator accounts only, not general user accounts. Lockout setting items The lockout function settings can be made using Web Image Monitor.
Page 72 3. Configuring User Authentication Enter "http://(the machine's IP address or host name)/" in the address bar. Click [Login]. The machine administrator can log in. Enter the login user name and login password. Click [Configuration], and then click [User Lockout Policy] under "Security". Set "Lockout"...
Page 73: Auto Logout
If User Authentication is Specified Auto Logout This can be specified by the machine administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication". When using basic authentication, Windows authentication, LDAP authentication or Integration Server authentication, the machine automatically logs you off if you do not use the control panel within a given time.
Page 74 3. Configuring User Authentication Select [On]. If you do not want to specify [Auto Logout Timer], select [Off]. Enter "60" to "999" (seconds) using the number keys, and then press [ ]. Press the [User Tools] key. A confirmation message appears. If you press [Yes], you will be logged out.
Page 75: Authentication Using An External Device
Authentication Using an External Device Authentication Using an External Device To authenticate using an external device, see the device manual. For details, contact your sales representative.
Page 76 3. Configuring User Authentication...
Page 77: Protecting Data From Information Leaks
4. Protecting Data from Information Leaks This chapter describes how to protect document data. Configuring Access Permissions for Stored Files You can specify who is allowed to access stored scan files and files stored in the Document Server. This can prevent activities such as printing or sending of stored files by unauthorized users. You can also specify which users can change or delete stored files.
Page 78: Specifying User And Access Permissions For Stored Files
4. Protecting Data from Information Leaks • The file administrator can also delete stored files. For details, see "Deleting a Stored Document", Copy and Document Server Reference. Specifying User and Access Permissions for Stored Files This can be specified by the file creator (owner) or file administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication"...
Page 79 Configuring Access Permissions for Stored Files Press [Edit File]. Press [Change Access Priv.]. Press [Program/Change/Delete].
Page 80 4. Protecting Data from Information Leaks Press [New Program]. Select the users or groups to whom you want to assign access permission. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit]. Select the user to whom you want to assign access permission, and then select the permission.
Page 81: Changing The Owner Of A Document
Configuring Access Permissions for Stored Files • The "Edit", "Edit / Delete", and "Full Control" access permissions allow a user to perform high level operations that could result in loss of or changes to sensitive information. We recommend you grant only the "Read-only"...
Page 82 4. Protecting Data from Information Leaks Press [Store File]. Press [Access Privileges]. Press [New Program]. Select the users or groups to whom you want to assign permission. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit].
Page 83 Configuring Access Permissions for Stored Files Press [OK]. Store files on the hard disk. Specifying Access Permissions for Stored Files This section explains how to change access privileges for a file stored on the hard disk under the scanner function. Press the [Scanner] key.
Page 84 4. Protecting Data from Information Leaks Press [Change Access Priv.]. Press [Program/Change/Delete]. Press [New Program]. Select the users or groups to whom you want to assign permission. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit].
Page 85: Specifying User And Access Permissions For Files Stored By A Particular User
Configuring Access Permissions for Stored Files Press [OK]. • The "Edit", "Edit / Delete", and "Full Control" access permissions allow a user to perform high level operations that could result in loss of or changes to sensitive information. We recommend you grant only the "Read-only"...
Page 86: Specifying Passwords For Stored Files
4. Protecting Data from Information Leaks Press [New Program]. Select the users or groups to register. You can select more than one user. By pressing [All Users], you can select all the users. Press [Exit]. Select the user to whom you want to assign access permission, and then select the permission.
Page 87: Unlocking Files
Configuring Access Permissions for Stored Files Select the file. Press [Edit File]. Press [Change Password]. Enter the password using the number keys. You can use 4 to 8 numbers as the password for the stored file. Press [OK]. Confirm the password by re-entering it using the number keys. Press [OK].
Page 88 4. Protecting Data from Information Leaks For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication". Press the [Document Server] key. Select the file. icon appears next to a file locked by the Enhance File Protection function. Press [Edit File].
Page 89: Securing Information Sent Over The Network Or Stored On Hard Disk
5. Securing Information Sent over the Network or Stored on Hard Disk This chapter describes how to protect information transmitted through the network or stored on the hard disk from unauthorized viewing and modification. Preventing Information Leakage Due to Unauthorized Transmission If user authentication is specified, the user who has logged in will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user.
Page 90 5. Securing Information Sent over the Network or Stored on Hard Disk Press the [User Tools] key. Press [System Settings]. Press [Administrator Tools]. Press [Extended Security]. If this item is not visible, press [ Next] to display more settings. Press [On] for "Restrict Use of Destinations". If you set "Restrict Use of Destinations"...
Page 91: Using S/Mime To Protect E-Mail Transmission
Using S/MIME to Protect E-mail Transmission Using S/MIME to Protect E-mail Transmission By registering a user certificate in the Address Book, you can send e-mail that is encrypted with a public key which prevents its content from being altered during transmission. You can also prevent sender impersonation (spoofing) by installing a device certificate on the machine, and attaching an electronic signature created with a private key.
Page 92 5. Securing Information Sent over the Network or Stored on Hard Disk 4. Using the shared key, encrypt the e-mail message. 5. The shared key is encrypted using the user's public key. 6. The encrypted e-mail is sent. 7. The receiver decrypts the shared key using a secret key that corresponds to the public key. 8.
Page 93: Attaching An Electronic Signature
Using S/MIME to Protect E-mail Transmission Click [Login]. The network administrator can log in. Enter the login user name and login password. Click [Configuration], and then click [S/MIME] under "Security". Select the encryption algorithm from the drop down menu next to "Encryption Algorithm" under "Encryption".
Page 94 5. Securing Information Sent over the Network or Stored on Hard Disk 2. Install the device certificate using Web Image Monitor. 3. Make settings for the certificate to be used for S/MIME using Web Image Monitor. 4. Make settings for the electronic signature using Web Image Monitor. Creating and Installing the Self-Signed Certificate Create and install the device certificate using Web Image Monitor.
Page 95 Using S/MIME to Protect E-mail Transmission Click [Login]. The network administrator can log in. Enter the login user name and login password. Click [Configuration], and then click [Device Certificate] under "Security". Check the radio button next to the number of the certificate you want to request. Click [Request].
Page 96 5. Securing Information Sent over the Network or Stored on Hard Disk Check the radio button next to the number of the certificate you want to install. Click [Install]. Enter the details of the device certificate. In the certificate box, enter the details of the device certificate issued by the certificate authority. For details about the displayed items and selectable items, see Web Image Monitor Help.
Page 97 Using S/MIME to Protect E-mail Transmission Specifying the Electronic Signature After installing the device certificate on the machine, configure the electronic signature using Web Image Monitor. The configuration procedure is the same regardless of whether you are using a self-signed certificate or a certificate issued by a certificate authority.
Page 98: Protecting The Address Book
5. Securing Information Sent over the Network or Stored on Hard Disk Protecting the Address Book If user authentication is specified, the user who has logged in will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user. To protect the data from unauthorized reading, you can also encrypt the data in the Address Book.
Page 99: Encrypting Data In The Address Book
Protecting the Address Book Press [Exit]. Select the user to whom you want to assign access permission, and then select the permission. Select the permission, from [Read-only], [Edit], [Edit / Delete], or [Full Control]. Press [Exit]. Press [OK]. Press [Exit]. Press the [User Tools] key.
Page 100 5. Securing Information Sent over the Network or Stored on Hard Disk Press [On] for "Encrypt Address Book". Press [Change] for "Encryption Key". Enter the encryption key, and then press [OK]. Enter the encryption key using up to 32 alphanumeric characters. Press [Encrypt / Decrypt].
Page 101 Protecting the Address Book Normally, once encryption is complete, "Encryption / Decryption is successfully complete. Press [Exit]." appears. If you press [Stop] during encryption, the data is not encrypted. If you press [Stop] during decryption, the data stays encrypted. Press [Exit]. Press [OK].
Page 102: Encrypting Data On The Hard Disk
5. Securing Information Sent over the Network or Stored on Hard Disk Encrypting Data on the Hard Disk This can be specified by the machine administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication".
Page 103 Encrypting Data on the Hard Disk Data not kept (Data to be Setting Data to be kept Required time initialized) • Embedded Software Architecture applications' program/log • Address Book • Stored documents • Sent and received (stored documents in the File System Data Approximately 1 emails...
Page 104 5. Securing Information Sent over the Network or Stored on Hard Disk after the data that is stored on the hard disk has been overwritten and the machine has been rebooted with the turning off and on of the main power switch. •...
Page 105 Encrypting Data on the Hard Disk Press the [Start] key. Press [OK]. Press [Exit]. Press [Exit]. Press the [User Tools] key. Turn off the power and the main power switch, and then turn the main power switch back For details about turning off the power, see "Turning On/Off the Power", About This Machine.
Page 106: Printing The Encryption Key
5. Securing Information Sent over the Network or Stored on Hard Disk Printing the Encryption Key Use the following procedure to print the key again if it has been lost or misplaced. • The encryption key is required for data recovery if the machine malfunctions. Be sure to store the encryption key safely for retrieving backup data.
Page 107: Updating The Encryption Key
Encrypting Data on the Hard Disk Updating the Encryption Key You can update the encryption key and create a new key. Updates are possible when the machine is functioning normally. • The encryption key is required for recovery if the machine malfunctions. Be sure to store the encryption key safely for retrieving backup data.
Page 108: Canceling Data Encryption
5. Securing Information Sent over the Network or Stored on Hard Disk Press [OK]. Press [Exit]. Press [Exit]. Press the [User Tools] key. Turn off the power and the main power switch, and then turn the main power switch back For details about turning off the power, see "Turning On/Off the Power", About This Machine.
Page 109 Encrypting Data on the Hard Disk Press [OK]. Press [Exit]. Press [Exit]. Press the [User Tools] key. Turn off the power and the main power switch, and then turn the main power switch back For details about turning off the power, see "Turning On/Off the Power", About This Machine.
Page 110: Deleting Data On The Hard Disk
5. Securing Information Sent over the Network or Stored on Hard Disk Deleting Data on the Hard Disk This can be specified by the machine administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication".
Page 111: Auto Erase Memory
Deleting Data on the Hard Disk Auto Erase Memory A document scanned in copier, or scanner mode, or print data sent from a printer driver is temporarily stored on the machine's hard disk. Even after the job is completed, it remains in the hard disk as temporary data.
Page 112 5. Securing Information Sent over the Network or Stored on Hard Disk • DoD Temporary data is overwritten with a fixed value, the fixed value's complement, and random numbers. When completed, the overwriting is then verified. • Random Numbers Temporary data is overwritten multiple times with random numbers. The number of overwrites can be selected from 1 to 9.
Page 113 Deleting Data on the Hard Disk Press [On]. Select the method of overwriting. If you select [NSA] or [DoD], proceed to step 9. If you select [Random Numbers], proceed to step 7. For details about the methods of overwriting, see p.109 "Methods of Overwriting". Press [Change].
Page 114: Erase All Memory
5. Securing Information Sent over the Network or Stored on Hard Disk • To set Auto Erase Memory to [On] again, repeat the procedure in "Using Auto Erase Memory". Types of Data that Can or Cannot Be Overwritten The following are the types of data that can or cannot be overwritten by "Auto Erase Memory". Data Overwritten by Auto Erase Memory Copier •...
Page 115 Deleting Data on the Hard Disk • If you select "Erase All Memory", you can delete the following: user codes, counters under each user code, user stamps, data stored in the Address Book, applications using Embedded Software Architecture, and the machine's network settings. •...
Page 116 5. Securing Information Sent over the Network or Stored on Hard Disk Select the method of overwriting. If you select [NSA] or [DoD], proceed to step 9. If you select [Random Numbers], proceed to step 7. For details about the methods of overwriting, see p.109 "Methods of Overwriting". Press [Change].
Page 117 Deleting Data on the Hard Disk When overwriting is completed, press [Exit], and then turn off the main power. Before turning the power off, see "Turning On the Power", About This Machine. • Should the main power switch be turned off before "Erase All Memory" is completed, overwriting will continue once the main power switch is turned back on.
Page 118 5. Securing Information Sent over the Network or Stored on Hard Disk...
Page 119: Managing Access To The Machine
6. Managing Access to the Machine This chapter describes how to prevent unauthorized access to and modification of the machine's settings. Preventing Changes to Machine Settings The administrator type determines which machine settings can be modified. Users cannot change the administrator settings.
Page 120: Menu Protect
6. Managing Access to the Machine Menu Protect The administrator can also limit users' access permission to the machine's settings. The machine's menus can be locked so the settings cannot be changed. This function is also effective when management is not based on user authentication.
Page 121 Menu Protect Press [Copier / Document Server Features]. Press [Administrator Tools]. Press [Menu Protect].
Page 122 6. Managing Access to the Machine Select the menu protect level, and then press [OK]. Press the [User Tools] key. Scanner Function To specify "Menu Protect" in "Scanner Features", set "Machine Management" to [On] in "Administrator Authentication Management" in "Administrator Tools" in "System Settings". Press the [User Tools] key.
Page 123 Menu Protect Select the menu protect level, and then press [OK]. Press the [User Tools] key.
Page 124: Limiting Available Functions
6. Managing Access to the Machine Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine's functions. Specify the available functions from the Copier, Printer, Document Server, and Scanner functions. Available Functions Copier •...
Page 125 Limiting Available Functions Press [Address Book Management]. Select the user. Press [Auth. Info]. In "Available Functions", select the functions you want to specify. If this item is not visible, press [ Next] to display more settings. Press [OK]. Press [Exit]. Press the [User Tools] key.
Page 126: Managing Log Files
6. Managing Access to the Machine Managing Log Files The logs created by this machine allow you to track access to the machine, identities of users, and usage of the machine's various functions. For security, you can encrypt the logs. This prevents users who do not have the encryption key from accessing log information.
Page 127 Managing Log Files Job Log Collect Level Level 1 User Settings Access Log Collect Level Level 1 Level 2 User Settings Open a Web browser. Enter "http://(the machine's IP address or host name)/" in the address bar. Click [Login]. The machine administrator can log in. Enter the login user name and login password.
Page 128: Downloading Logs
6. Managing Access to the Machine Click [Configuration], and then click [Logs] under "Device Settings". Select [Active] under "Encrypt Logs". To disable log encryption, select [Inactive]. If other changes have been made in related log settings, they will occur at the same time. Click [OK].
Page 129 Managing Log Files Enter "http://(the machine's IP address or host name)/" in the address bar. Click [Login]. The machine administrator can log in. Enter the login user name and login password. Click [Configuration], and then click [Download Logs]. Click [Download]. Specify the folder in which you want to save the file.
Page 130 6. Managing Access to the Machine Estimated number of logs created per day Job logs Access logs 100 (100 logs per day) This figure is based on 100 operations such as initialization and access operations over the Web and 200 access log entries (two entries per job: one login and one logout).
Page 131 Managing Log Files If logs are downloaded without overwriting CAW006S 1. Access log 2. Job log 3. Download 4. Downloaded logs...
Page 132 6. Managing Access to the Machine If logs are downloaded during overwriting CAW003S 1. Access log 2. Job log 3. Download 4. Downloaded logs 5. Overwriting 6. Deleted by overwriting To determine whether or not overwriting occurred while the logs were downloading, check the message in the last line of the downloaded logs.
Page 133: Logs That Can Be Managed Using Web Image Monitor
Managing Log Files Logs That Can Be Managed Using Web Image Monitor This section details the information items contained in the logs that are created for retrieval by Web Image Monitor. Logs that can be collected The following tables explain the items in the job log and access log that the machine creates when you enable log collection using Web Image Monitor.
Page 134 6. Managing Access to the Machine Job Log Item Log Type Attribute Content Scanner: Stored File Scanner: Stored File Details of stored scan files whose URLs were URL Link Sending URL Link Sending sent by e-mail. Report Printing Report Printing Details of reports printed from the control panel.
Page 135 Managing Log Files Access Log Item Log Type Attribute Content Firmware: Structure Firmware: Structure Details of structure changes that occurred when Change Change an SD card was inserted or removed, or when an unsupported SD card was inserted. Firmware: Structure Firmware: Structure Details of checks for changes to firmware module structure made at times such as when...
Page 136: Attributes Of Logs You Can Download
6. Managing Access to the Machine • Log Collection Item Change • If "Access Log Collect Level" is set to "Level 2", all access logs are collected. • The first log made following power on is the "Firmware: Structure" log. Attributes of logs you can download If you use Web Image Monitor to download logs, a CSV file containing the information items shown in the following table is produced.
Page 137 Managing Log Files If there are multiple targets, multiple lines are displayed. Job and access log information items Item Content Start Date/Time For a job log entry, indicates the start date and time of the operation. If the job has not been completed, this is blank. For an access log entry, indicates the same date and time as shown by "End Date/Time".
Page 138 6. Managing Access to the Machine Item Content Status Indicates the status of an operation or event: • If "Completed" is displayed for a job log entry, the operation completed successfully; "Failed" indicates the operation was unsuccessful; "Processing" indicates the operation is still in progress.
Page 139 Managing Log Files Item Content User Entry ID Indicates the user's entry ID. This is a hexadecimal ID that identifies users who performed job or access log-related operations: For supervisors, only "0xffffff86" is available; for administrators, "0xffffff87", "0xffffff88", "0xffffff89", and "0xffffff8a" are available.
Page 140 6. Managing Access to the Machine Access log information items Item Content Access Log Type Indicates the type of access: "Authentication" indicates a user authentication access. "System" indicates a system access. "Stored File" indicates a stored file access. "Network Attack Detection/Encrypted Communication" indicates a network attack or encrypted communication access.
Page 141 Managing Log Files Item Content Login User Type Indicates the type of login user: "User" indicates the logged in user was a registered general user. "Guest" indicates the logged in user was a guest user. "User Administrator" indicates the logged in user was a registered user administrator.
Page 142 6. Managing Access to the Machine Item Content Stored File ID Identifies a created or deleted file. This is a hexadecimal ID that indicates created or deleted stored files. Stored File Name Name of a created or deleted file. File Location Region of all file deletion.
Page 143 Managing Log Files Item Content Log Collect Level Indicates the level of log collection: "Level 1", "Level 2", or "User Settings". Encryption/Cleartext Indicates whether communication encryption is enabled or disabled: "Encryption Communication" indicates encryption is enabled; "Cleartext Communication" indicates encryption is not disabled. Machine Port No.
Page 144 6. Managing Access to the Machine Item Content Network Attack Status Indicates the attack status of the network: "Violation Detected" indicates an attack on the network was detected. "Recovered from Violation" indicates the network recovered from an attack. "Max. Host Capacity Reached" indicates the machine became inoperable due to the volume of incoming data reaching the maximum host capacity.
Page 145 Managing Log Files Item Content Parts Number Firmware module part number. Version Firmware version. Machine Data Encryption Key Indicates the type of encryption key operation performed: Operation "Back Up Machine Data Encryption Key" indicates an encryption key backup was performed. "Restore Machine Data Encryption Key"...
Page 146 6. Managing Access to the Machine Item Content End Date/Time Dates and times "Scan File" operations ended. This is Item 53 of the CSV file. Stored File Name Names of "Stored File" files. Stored File ID Indicates the ID of data that is output as a stored file. This is a decimal ID that identifies the stored file.
Page 147: Enhanced Network Security
7. Enhanced Network Security This chapter describes how to increase security over the network using the machine's functions. Preventing Unauthorized Access You can limit IP addresses, disable ports and protocols, or use Web Image Monitor to specify the network security level to prevent unauthorized access over the network and protect the Address Book, stored files, and default settings.
Page 148: Enabling And Disabling Protocols
7. Enhanced Network Security Enabling and Disabling Protocols This can be specified by the network administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication". Specify whether to enable or disable the function for each protocol.
Page 149 Preventing Unauthorized Access Protocol Port Setting Method When Disabled Functions that require sftp cannot be used. You can restrict personal information • Web Image Monitor ssh/sftp TCP: 22 from being displayed by • telnet making settings on the control panel using "Restrict Display of User Information".
Page 150 7. Enhanced Network Security Protocol Port Setting Method When Disabled Functions that require SNMPv1, v2 cannot be used. Using the control panel, • Web Image Monitor SNMPv1,v2 UDP: 161 Web Image Monitor or • telnet telnet, you can specify that SNMPv1, v2 settings are read-only, and cannot be edited.
Page 151 Preventing Unauthorized Access Protocol Port Setting Method When Disabled TCP: 7443 @Remote cannot be @Remote • telnet used. TCP: 7444 You can attempt to TCP: 10021 • telnet update firmware via FTP. • Control Panel SNMP over IPX cannot NetWare (IPX/SPX) •...
Page 152 7. Enhanced Network Security Press [Effective Protocol]. Press [Inactive] for the protocol you want to disable. Press [OK]. Press the [User Tools] key. Enabling and Disabling Protocols Using Web Image Monitor Open a Web browser. Enter "http://(the machine's IP address or host name)/" in the address bar. Click [Login].
Page 153: Specifying Network Security Level
Preventing Unauthorized Access Specifying Network Security Level This can be specified by the network administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication". This setting lets you change the security level to limit unauthorized access.
Page 154 7. Enhanced Network Security Select the network security level. Select [Level 0], [Level 1], or [Level 2]. Press [OK]. Press [Exit]. Press the [User Tools] key. Specifying Network Security Level Using Web Image Monitor Open a Web browser. Enter "http://(the machine's IP address or host name)/" in the address bar. Click [Login].
Page 155 Preventing Unauthorized Access Function Level 0 Level 1 Level 2 SSL/TLS> Port 443 Open Open Open SSL/TLS> Permit SSL/TLS Communication Ciphertext Ciphertext Ciphertext Only Priority Priority SSL/TLS version>SSL2.0 Active Active Active SSL/TLS version>SSL3.0 Active Active Active SSL/TLS version>TLS Active Active Active Encryption Strength Setting>AES Active...
Page 156 7. Enhanced Network Security Tab Name: NetWare Function Level 0 Level 1 Level 2 NetWare Active Active Inactive Tab Name: SNMP Function Level 0 Level 1 Level 2 SNMP Active Active Active Permit Settings by SNMPv1 and v2 SNMPv1,v2 Function Active Active Inactive...
Page 157: Encrypting Transmitted Passwords
Encrypting Transmitted Passwords Encrypting Transmitted Passwords We recommend you use one or more of the following security protocols: IPsec, SNMPv3, and SSL. Using these protocols can enhance your machine's security by making login passwords harder to break. Also, encrypt the login password for administrator authentication and user authentication. Driver Encryption Key Encrypt the password transmitted when specifying user authentication.
Page 158 7. Enhanced Network Security The network administrator must give users the driver encryption key specified on the machine so they can register it on their computers. Make sure to enter the same driver encryption key as that is specified on the machine. Press [OK].
Page 159: Protection Using Encryption
Protection Using Encryption Protection Using Encryption Establish encrypted transmission on this machine using SSL, SNMPv3, and IPsec. By encrypting transmitted data and safeguarding the transmission route, you can prevent sent data from being intercepted, analyzed, and tampered with. SSL (Secure Sockets Layer) Encryption This can be specified by the network administrator.
Page 160 7. Enhanced Network Security 2. The device certificate and public key are sent from the machine to the user's computer. 3. The shared key created with the computer is encrypted using the public key, sent to the machine, and then decrypted using the private key in the machine. 4.
Page 161 Protection Using Encryption Make the necessary settings. For details about the displayed items and selectable items, see Web Image Monitor Help. Click [OK]. Click [OK]. If a security warning dialog box appears, read the message, and then click [OK]. "Installed" appears under "Certificate Status" to show that a device certificate for the machine has been installed.
Page 162 7. Enhanced Network Security For the application, click Web Image Monitor Details icon and use the information that appears in "Certificate Details". • The issuing location may not be displayed if you request two certificates at the same time. When you install a certificate, be sure to check the certificate destination and installation procedure.
Page 163 Protection Using Encryption signature. A warning message might also appear if you attempt to access this machine through Web Image Monitor with SSL enabled. To enable authentication from the client computer, install the intermediate certificate on the client computer, and then reestablish connection. •...
Page 164: User Settings For Ssl (Secure Sockets Layer)
7. Enhanced Network Security • The SSL/TLS version and encryption strength settings can be changed, even under [Network Security]. • Depending on the states you specify for "SSL2.0", "SSL3.0", and "TLS", the machine might not be able to connect to an external LDAP server. •...
Page 165 Protection Using Encryption Specifying the SSL/TLS Encryption Mode This can be specified by the network administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication" and p.32 "Logging out Using Administrator Authentication". After installing the device certificate, specify the SSL/TLS encrypted communication mode.
Page 166: Snmpv3 Encryption
7. Enhanced Network Security • The SSL/TLS encrypted communication mode can also be specified using Web Image Monitor. For details, see Web Image Monitor Help. SNMPv3 Encryption This can be specified by the network administrator. For details about logging in and logging out with administrator authentication, see p.30 "Logging in Using Administrator Authentication"...
Page 167 Protection Using Encryption • To encrypt the data transmitted for specifying various settings with an application using SNMPv3, specify [Permit SNMPv3 Communication] on the machine, configure the network administrator's [Encryption Password] setting, and then specify the encryption key in the application. •...
Page 168: Transmission Using Ipsec
7. Enhanced Network Security Transmission Using IPsec This can be specified by the network administrator. For communication security, this machine supports IPsec. IPsec transmits secure data packets at the IP protocol level using the shared key encryption method, where both the sender and receiver retain the same key.
Page 169: Encryption Key Auto Exchange Settings And Encryption Key Manual Settings
Transmission Using IPsec • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically. AH Protocol The AH protocol provides secure transmission through authentication of packets only, including headers.
Page 170: Ipsec Settings
7. Enhanced Network Security Settings 1-4 and Default Setting Using either the manual or auto exchange method, you can configure four separate sets of SA details (such as different shared keys and IPsec algorithms). In the default settings of these sets, you can include settings that the fields of sets 1 to 4 cannot contain.
Page 171 Transmission Using IPsec Security Level Security Level Features Select this level if you want to authenticate the transmission partner and prevent unauthorized data tampering, but not perform data packet encryption. Authentication Only Since the data is sent in cleartext, data packets are vulnerable to eavesdropping attacks.
Page 172 7. Enhanced Network Security Authentication and Low Authentication and High Setting Authentication Only Level Encryption Level Encryption Phase 2 Security Protocol Phase 2 HMAC-MD5-96/ HMAC-MD5-96/ Authentication HMAC-SHA1-96 HMAC-SHA1-96 HMAC-SHA1-96 Algorithm DES/3DES/ Phase 2 Encryption Cleartext (NULL 3DES/AES-128/ AES-128/AES-192/ Algorithm encryption) AES-192/AES-256 AES-256 Phase 2 PFS...
Page 173 Transmission Using IPsec Setting Description Setting Value The IPsec transmission partner's IPv4 or IPv6 address. Specify the address of the IPsec If you are not setting an address Remote Address transmission partner. You can range, enter 32 after an IPv4 also specify an address range.
Page 174 7. Enhanced Network Security Setting Description Setting Value • PSK • Certificate If you specify "PSK", you must then set the PSK text (using Specify the method for ASCII characters). authenticating transmission If you are using "PSK", specify Authentication Method partners.
Page 175 Transmission Using IPsec Setting Description Setting Value Specify the security protocol to be used in Phase 2. To apply both encryption and • ESP Phase 2 authentication to sent data, • AH specify "ESP" or "ESP+AH". Security Protocol • ESP+AH To apply authentication data only, specify "AH".
Page 176 7. Enhanced Network Security Encryption Key Manual Settings Items Setting Description Setting Value • Inactive • IPv4 Specify the address type for Address Type which IPsec transmission is • IPv6 used. • IPv4/IPv6 (Default Settings only) The machine's IPv4 or IPv6 address.
Page 177 Transmission Using IPsec Setting Description Setting Value Specify the same value as your Any number between 256 and SPI (Input) transmission partner's SPI 4095 output value. To apply both encryption and • ESP authentication to sent data, specify "ESP" or "ESP+AH". Security Protocol •...
Page 178: Encryption Key Auto Exchange Settings Configuration Flow
7. Enhanced Network Security Setting Description Setting Value Specify a value within the ranges shown below, according to the encryption algorithm. hexadecimal value 0-9, a-f, A-F • DES, set 16 digits • 3DES, set 48 digits • AES-128, set 32 digits •...
Page 179 Transmission Using IPsec BZM007 • To use a certificate to authenticate the transmission partner in encryption key auto exchange settings, a device certificate must be installed. • After configuring IPsec, you can use "Ping" command to check if the connection is established correctly. However, you cannot use "Ping"...
Page 180 7. Enhanced Network Security Click [OK]. Select [Active] for "IPsec" in "IPsec". Set "Exclude HTTPS Communication" to [Active] if you do not want to use IPsec for HTTPS transmission. Click [OK]. Click [OK]. Click [Logout]. • To change the transmission partner authentication method for encryption key auto exchange settings to "Certificate", you must first install and assign a certificate.
Page 181 Transmission Using IPsec On the [Start] menu, click [Control Panel], click [Performance and Maintenance], and then click [Administrative Tools]. Double-click [Local Security Policy]. Click [IP Security Policies on Local Computer]. In the "Action" menu, click [Create IP Security Policy]. The IP Security Policy Wizard appears. Click [Next].
Page 182 7. Enhanced Network Security Select the protocol type for IPsec, and then click [Next]. Click [Finish]. Click [OK]. Select the IP filter that was just created, and then click [Next]. Select the IPsec security filter, and then click [Edit]. In the "Security Methods" tab, check "Negotiate security" and then click [Add]. Select "Custom"...
Page 183: Encryption Key Manual Settings Configuration Flow
Transmission Using IPsec Encryption Key Manual Settings Configuration Flow This can be specified by the network administrator. BZM008 • Before transmission, SA information is shared and specified by the sender and receiver. To prevent SA information leakage, we recommend that this exchange is not performed over the network. •...
Page 184: Telnet Setting Commands
7. Enhanced Network Security Set items for encryption key manual settings in [Settings 1]. If you want to make multiple settings, select the settings number and add settings. Click [OK]. Select [Active] for "IPsec" in "IPsec". Set "Exclude HTTPS Communication" to [Active] if you do not want to use IPsec for HTTPS communication.
Page 185 Transmission Using IPsec ipsec manual mode To display or specify encryption key manual settings, use the "ipsec manual_mode" command. Display current settings msh> ipsec manual_mode • Displays the current encryption key manual settings. Specify encryption key manual settings msh> ipsec manual_mode {on|off} •...
Page 186 7. Enhanced Network Security • To specify the local or remote address value, specify masklen by entering [/] and an integer 0-32 if you are specifying an IPv4 address. If you are specifying an IPv6 address, specify masklen by entering [/] and an integer 0-128. •...
Page 187 Transmission Using IPsec • If you are setting an ASCII character string, enter it as is. • Not specifying either the authentication algorithm or key displays the current setting. (The authentication key is not displayed.) Encryption algorithm and encryption key setting msh>...
Page 188 7. Enhanced Network Security • To set the local or remote address values, specify masklen by entering [/] and an integer 0-32 when settings an IPv4 address. When setting an IPv6 address, specify masklen by entering [/] and an integer 0-128. •...
Page 189 Transmission Using IPsec Tunnel end point setting msh> ipsec ike {1|2|3|4|default} tunneladdar beginning IP address ending IP address • Enter the separate setting number [1-4] or [default] and specify the tunnel end point beginning and ending IP address. • Not specifying either the beginning or ending address displays the current setting. IKE partner authentication method setting msh>...
Page 190 7. Enhanced Network Security • Specify the group number to be used. • Not specifying a group number displays the current setting. ISAKMP SA (phase 1) validity period setting msh> ipsec ike {1|2|3|4|default} ph1 lifetime validity period • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) validity period.
Page 191 Transmission Using IPsec Reset setting values msh> ipsec ike {1|2|3|4|default|all} clear • Enter the separate setting number [1-4] or [default] and reset the specified setting. Specifying [all] resets all of the settings, including default.
Page 192: Authentication By Ieee802.1X
7. Enhanced Network Security Authentication by IEEE802.1X IEEE802.1X enables authentication in an Ethernet environment. For details, see "Configuring IEEE 802.1X", Network and System Settings Reference.
Page 193: Specifying The Extended Security Functions
8. Specifying the Extended Security Functions This chapter describes the machine's extended security features and how to specify them. Specifying the Extended Security Functions In addition to providing basic security through user authentication and administrator specified access limits on the machine, security can also be increased by encrypting transmitted data and data in the Address Book.
Page 194: Extended Security Settings
8. Specifying the Extended Security Functions Extended Security Settings Driver Encryption Key This can be specified by the network administrator. Encrypt the password transmitted when specifying user authentication. If you register the encryption key specified with the machine in the driver, passwords are encrypted.
Page 195 Specifying the Extended Security Functions Default: [Off] Enhance File Protection This can be specified by the file administrator. By specifying a password, you can limit operations such as printing, deleting, and sending files, and can prevent unauthorized people from accessing the files.
Page 196 8. Specifying the Extended Security Functions The password policy setting is effective only if [Basic Auth.] is specified. This setting lets you specify [Complexity Setting] and [Minimum Character No.] for the password. By making this setting, you can limit the available passwords to only those that meet the conditions specified in "Complexity Setting"...
Page 197 Specifying the Extended Security Functions The administrator can confirm if the updated structure change is permissible or not by checking the firmware version displayed on the control panel screen. If the firmware structure change is not permissible, contact your service representative before logging in. When Change Firmware Structure is set to [Prohibit], administrator authentication must be enabled.
Page 198: Other Security Functions
8. Specifying the Extended Security Functions Other Security Functions This section explains settings for preventing information leaks, and functions that you can restrict to further increase security. Scanner Function Print & Delete Scanner Journal When user authentication is enabled, "Print & Delete Scanner Journal" is automatically set to [Do not Print: Disable Send] in order to prevent personal information in transmission/delivery history from being automatically printed.
Page 199 Other Security Functions Press [Weekly Timer Code]. Press [On]. Using the number keys, enter the weekly timer code. The weekly timer code must be one to eight digits long. Press [OK]. Press the [User Tools] key. Canceling Weekly Timer Code Press the [User Tools] key.
Page 200 8. Specifying the Extended Security Functions Press [Timer Settings]. Press [Weekly Timer Code]. Press [Off], and then press [OK]. Press the [User Tools] key.
Page 201: Limiting Machine Operations To Customers Only
Limiting Machine Operations to Customers Only Limiting Machine Operations to Customers Only The machine can be set so that operation is impossible without administrator authentication. The machine can be set to prohibit operation without administrator authentication and also prohibit remote registration in the Address Book by a service representative.
Page 202 8. Specifying the Extended Security Functions If this item is not visible, press [ Next] to display more settings. Press [On], and then press [OK]. A confirmation message appears. Press [Yes]. Press the [User Tools] key. Canceling Service Mode Lock Before the service representative can carry out an inspection or repair in service mode, the machine administrator must first log in to the machine, release the service mode lock, and then call the service representative.
Page 203 Limiting Machine Operations to Customers Only Press [Off], and then press [OK]. Press the [User Tools] key. The service representative can switch to service mode.
Page 204: Additional Information For Enhanced Security
8. Specifying the Extended Security Functions Additional Information for Enhanced Security This section explains the settings that you can configure to enhance the machine's security. Settings You Can Configure Using the Control Panel Use the control panel to configure the security settings shown in the following table. Menu Item Setting...
Page 205 Additional Information for Enhanced Security Menu Item Setting System Administrator Administrator Select [On], and then select Settings Tools Authentication [Administrator Tools] for "Available Management/File Settings". Management See p.26 "Enabling Administrator Authentication". System Administrator Extended Security/ Prohibit Settings Tools Settings by SNMPv1, See p.191 "Specifying the Extended Security Functions".
Page 206: Settings You Can Configure Using Web Image Monitor
8. Specifying the Extended Security Functions Menu Item Setting System Administrator Machine Data Select [Encrypt], and then select [All Data] Settings Tools Encryption Settings for "Carry over all data or file system data only (without formatting), or format all data" If [Encrypt] is already selected, further encryption settings are not necessary.
Page 207: Settings You Can Configure When Ipsec Is Available/Unavailable
Additional Information for Enhanced Security Category Item Setting Network/ SNMPv3 Function Inactive SNMPv3 To use SNMPv3 functions, set "SNMPv3 Function" to [Active], and set "Permit SNMPv3 Communication" to [Encryption Only]. Because SNMPv3 enforces authentication for each packet, Login log will be disabled as long as SNMPv3 is active.
Page 208 8. Specifying the Extended Security Functions Menu Item Setting System Interface Permit SSL / TLS Ciphertext Only Settings Settings Communication Web Image Monitor settings Category Item Setting Security/IPsec Encryption Key Manual Inactive Settings Security/IPsec Encryption Key Auto Authentication and High Level Encryption Exchange Settings/ Security Level •...
Page 209 Additional Information for Enhanced Security Send the URL of a scanned file to the destination instead of sending the actual file by e-mail. For details about sending the URL of a stored file, see "Sending the URL by E-mail", Scanner Reference.
Page 210 8. Specifying the Extended Security Functions...
Page 211: Troubleshooting
9. Troubleshooting This chapter describes what to do if the machine does not function properly. If Authentication Fails This section explains what to do if a user cannot operate the machine because of a problem related to user authentication. Refer to this section if a user comes to you with such a problem. If a Message is Displayed This section explains how to deal with problems if a message appears on the screen during user authentication.
Page 212 9. Troubleshooting Messages Cause Solutions "Failed to obtain URL." The machine cannot connect to Make sure the server's settings, the server or cannot establish such as the IP address and host communication. name, are specified correctly on the machine. Make sure the host name of the UA Server is specified correctly.
Page 213: If An Error Code Is Displayed
If Authentication Fails Messages Cause Solutions "Administrator Authentication for User administrator privileges To specify basic authentication, User Management must be set to have not been enabled in Windows authentication, LDAP on before this selection can be Administrator Authentication authentication, or Integration made."...
Page 214 9. Troubleshooting Basic Authentication Error Code Cause Solution Make sure no other user is A TWAIN operation occurred B0103-000 logged on to the machine, and during authentication. then try again. 1. A password error occurred. Make sure the password is entered correctly.
Page 215 If Authentication Fails Error Code Cause Solution An authentication error occurred because the Address Wait a few minutes and then try B0207-001 Book is being used at another again. location. A login attempt was made using a login user account that Release the locked out user B0208-000 was disabled with the User...
Page 216 9. Troubleshooting Error Code Cause Solution Recreate the account if the account name contains any of An authentication error these prohibited characters. occurred because the user W0206-003 name contains a space, colon If the account name was (:), or quotation mark ("). entered incorrectly, enter it correctly and log in again.
Page 217 If Authentication Fails Error Code Cause Solution Specify the IP address in the domain name and confirm that authentication is successful. If authentication was successful: 1. If the top-level domain name is specified in the domain name 4. Cannot resolve the domain (such as W0406-104 name.
Page 218 9. Troubleshooting Error Code Cause Solution Specify the IP address in the domain name and confirm that authentication is successful. If authentication was unsuccessful: 1. Make sure that Restrict LM/ NTLM is not set in either "Domain Controller Security Policy" or "Domain Security Policy".
Page 219 If Authentication Fails Error Code Cause Solution 1. Kerberos authentication settings are not correctly configured. Make sure the realm name, KDC (Key Distribution Center) name and corresponding domain name are specified correctly. 2. The KDC and machine timing do not match. Authentication will fail if the difference between the KDC and machine timing is more...
Page 220 9. Troubleshooting Error Code Cause Solution The user group cannot be obtained if the UserPrincipleName 1. The UserPrincipleName (user@domainname.xxx.com) (user@domainname.xxx.com) W0400-105 form is used. form is being used for the login Use "sAMAccountName user name. (user)" to log in, because this account allows you to obtain the user group.
Page 221 If Authentication Fails Error Code Cause Solution 1. The SSL settings on the Make sure the SSL settings on W0400-202 authentication server and the the authentication server and machine do not match. the machine match. If a user enters sAMAccountName as the login 2.
Page 222 9. Troubleshooting Error Code Cause Solution Authentication failed because no more users can be Ask the user administrator to W0612-005 registered. (The number of delete unused user accounts in users registered in the Address the Address Book. Book has reached capacity.) An authentication error occurred because the Address Wait a few minutes and then try...
Page 223 If Authentication Fails Error Code Cause Solution Recreate the account if the account name contains any of An authentication error these prohibited characters. occurred because the user L0206-003 name contains a space, colon If the account name was (:), or quotation mark ("). entered incorrectly, enter it correctly and log in again.
Page 224 9. Troubleshooting Error Code Cause Solution 1. Make sure that a connection test is successful with the current LDAP server configuration. If connection is not successful, there might be an error in the network settings. Check the domain name or DNS settings in "Interface 1.
Page 225 If Authentication Fails Error Code Cause Solution 1. Authentication will fail if the password is left blank in simple authentication mode. To allow blank passwords, contact your service representative. 2. In simple authentication mode, the DN of the login user L0406-202 3.
Page 226 9. Troubleshooting Error Code Cause Solution The login attribute's search criteria might not be specified Failed to obtain user or the specified search L0400-210 information in LDAP search. information is unobtainable. Make sure the login name attribute is specified correctly. Recreate the account if the An authentication error account name contains any of...
Page 227 If Authentication Fails Error Code Cause Solution An authentication error occurred because the Address Wait a few minutes and then try L0707-001 Book is being used at another again. location. Integration Server Authentication Error Code Cause Solution Make sure no other user is A TWAIN operation occurred I0103-000 logged in to the machine, and...
Page 228 9. Troubleshooting Error Code Cause Solution Recreate the account if the account name contains any of An authentication error these prohibited characters. occurred because the user I0206-003 name contains a space, colon If the account name was (:), or quotation mark ("). entered incorrectly, enter it correctly and log in again.
Page 229: If The Machine Cannot Be Operated
If Authentication Fails Error Code Cause Solution The authentication server login 1. Delete the old, duplicated name is the same as a user name or change the login name already registered on the name. I0511-000 machine. (Names are 2. If the authentication server distinguished by the unique has just been changed, delete attribute specified in the LDAP...
Page 230 9. Troubleshooting Condition Cause Solution Cannot connect with the TWAIN User authentication has been Confirm the user name and login driver. rejected. name with the administrator of the network in use if using Windows authentication, LDAP authentication, or Integration Server authentication. Confirm with the user administrator if using basic authentication.
Page 231 If Authentication Fails Condition Cause Solution "Prg. Dest." does not appear on "Restrict Adding of User Registration must be done by the the scanner screen for specifying Destinations" is set to [On] in user administrator. destinations. "Restrict Use of Destinations" under "Extended Security", so only the user administrator can register destinations in the...
Page 232 9. Troubleshooting...
Page 233: 10. Appendix
10. Appendix Supervisor Operations The supervisor can delete an administrator's password and specify a new one. If any of the administrators forgets their password or if any of the administrators changes, the supervisor can assign a new password. If logged in using the supervisor's user name and password, you cannot use normal functions or specify defaults.
Page 234: Logging Out As The Supervisor
10. Appendix The message, "Authenticating... Please wait." appears. Logging out as the Supervisor If administrator authentication has been specified, be sure to log out after completing settings. Press the [Login/Logout] key. Press [Yes]. Changing the Supervisor To do this, you must enable the user administrator's privileges through the settings under "Administrator Authentication Management".
Page 235: Resetting The Administrator's Password
Supervisor Operations Press [Change] for "Login User Name". Enter the login user name, and then press [OK]. Press [Change] for "Login Password". Enter the login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK] twice.
Page 236 10. Appendix Press [Change] for the administrator you wish to reset. Press [Change] for "Login Password". Enter the login password, and then press [OK]. If a password reentry screen appears, enter the login password, and then press [OK]. Press [OK] twice. You will be automatically logged out.
Page 237: User Administrator Settings
User Administrator Settings User Administrator Settings The user administrator settings that can be specified are as follows: System Settings Interface Settings • Network DNS Configuration You can perform a connection test. Administrator Tools • Address Book Management • Address Book: Program / Change / Delete Group •...
Page 238: Adjustment Settings For Operators
10. Appendix Adjustment Settings for Operators Adjustment Settings for Operators All the settings can be specified. To check the effect of adjustment, the administrator can execute adjustment printing. This can only be done from the printer screen. Settings via Web Image Monitor Address Book All the settings can be specified.
Page 239: Machine Administrator Settings
Machine Administrator Settings Machine Administrator Settings The machine administrator settings that can be specified are as follows: System Settings General Features All the settings can be specified. Timer Settings All the settings can be specified. Interface Settings • Network DNS Configuration You can perform a connection test.
Page 240: Copier / Document Server Features
10. Appendix • User Authentication Management You can specify which authentication to use. You can also edit the settings for each function. • Administrator Authentication Management Machine Management • Program / Change Administrator Machine Administrator • Key Counter Management • External Charge Unit Management •...
Page 241: Scanner Features
Machine Administrator Settings Edit All the settings can be specified. Stamp All the settings can be specified. Input / Output All the settings can be specified. Adjust Colour Image All the settings can be specified. Administrator Tools All the settings can be specified. Scanner Features General Settings All the settings can be specified.
Page 242: Maintenance
10. Appendix Maintenance • Auto Colour Calibration All the settings can be specified. • Colour Registration All the settings can be specified. Adjustment Settings for Operators Adjustment Settings for Operators All the settings can be specified. To check the effect of adjustment, the administrator can execute adjustment printing. This can only be done from the printer screen.
Page 243 Machine Administrator Settings Function Reset Timer Permit Firmware Update Permit Firmware Structure Change Display IP Address on Device Display Panel Output Tray Paper Tray Priority Front Cover Sheet Tray Back Cover Sheet Tray Slip Sheet Tray Designation Sheet 1 Tray Designation Sheet 2 Tray Designation Sheet 3 Tray Designation Sheet 4 Tray...
Page 244 10. Appendix SMTP Auth. E-mail Address SMTP Auth. User Name SMTP Auth. Password SMTP Auth. Encryption POP before SMTP POP E-mail Address POP User Name POP Password Timeout setting after POP Auth. POP3/IMAP4 Server Name POP3/IMAP4 Encryption E-mail Notification E-mail Address Receive E-mail Notification E-mail Notification User Name E-mail Notification Password...
Page 245 Machine Administrator Settings • Firmware Update All the settings can be specified. • Program/Change Realm All the settings can be specified. Scanner • General Settings All the settings can be specified. • Scan Settings All the settings can be specified. •...
Page 246 10. Appendix Webpage • Webpage Download Help File Extended Feature Settings • All the settings can be specified.
Page 247: Network Administrator Settings
Network Administrator Settings Network Administrator Settings The network administrator settings that can be specified are as follows: System Settings Interface Settings If DHCP is enabled, the settings that are automatically obtained via DHCP cannot be specified. • Print List • Network All the settings can be specified.
Page 248: Scanner Features
10. Appendix Restrict Use of Simple Encryption • Network Security Level Scanner Features Send Settings • Max. E-mail Size • Divide & Send E-mail Adjustment Settings for Operators Adjustment Settings for Operators All the settings can be specified. To check the effect of adjustment, the administrator can execute adjustment printing. This can only be done from the printer screen.
Page 249 Network Administrator Settings • Program/Change Administrator You can specify the following administrator settings for the network administrator. Login User Name Login Password Encryption Password Scanner • Send Settings Max. E-mail Size Divide & Send E-mail Interface • Interface Settings Ethernet Security Ethernet Speed Network •...
Page 250 10. Appendix • Access Control All the settings can be specified. • SSL/TLS All the settings can be specified. • ssh All the settings can be specified. • Site Certificate All the settings can be specified. • Device Certificate All the settings can be specified. •...
Page 251: File Administrator Settings
File Administrator Settings File Administrator Settings The file administrator settings that can be specified are as follows: System Settings Interface Settings • Network DNS Configuration You can perform a connection test. Administrator Tools • Address Book Management Search Switch Title •...
Page 252: Settings Via Web Image Monitor
10. Appendix Settings via Web Image Monitor Document Server All the settings can be specified. Device Settings • Administrator Authentication Management File Administrator Authentication Available Settings for File Administrator • Program/Change Administrator You can specify the following administrator settings for the file administrator. Login User Name Login Password Encryption Password...
Page 253: Document Server File Permissions
Document Server File Permissions Document Server File Permissions The authorities for using the files stored in the Document Server are as follows. • Read-only (User) = This is a user assigned "Read-only" privilege. • Edit (User) = This is a user assigned "Edit" privilege. •...
Page 254: The Privilege For User Account Settings In The Address Book
10. Appendix The Privilege for User Account Settings in the Address Book The authorities for using the Address Book are as follows: • Abbreviations in the table heads • Read-only (User) = This is a user assigned "Read-only" privilege. • Edit (User) = This is a user assigned "Edit" privilege. •...
Page 255 The Privilege for User Account Settings in the Address Book Read- Edit / Full Edit Registere User only Delete Control Settings d User Admin. (User) (User) (User) (User) Login Password R/W*1 R/W*1 SMTP Authentication R/W*1 R/W*1 Folder Authentication R/W*1 R/W*1 R/W*1 R/W*1 R/W*1...
Page 256 10. Appendix Tab Name: Folder Read- Edit / Full Edit Register only Delete Control Settings User Admin. ed User (User) (User) (User) (User) SMB/FTP/NCP SMB: Path FTP: Server Name FTP: Path FTP: Port Number NCP: Path NCP: Connection Type Tab Name: Add to Group Read- Edit / Full...
Page 257: User Settings - Control Panel Settings
User Settings - Control Panel Settings User Settings - Control Panel Settings This section explains which functions and system settings are available to users when administrator authentication is specified. The administrator's configuration of Menu Protect and Available Settings determines which functions and system settings are available to users. If user authentication is specified, system settings and functions are available to authorized users only, who must log in to access them.
Page 258: System Settings
10. Appendix System Settings When administrator authentication is enabled, the administrator's configuration of Available Settings determines which system settings are available to users. If user authentication is specified, no settings are accessible to unauthorized users or authorized users before logging in. User privileges are as follows: •...
Page 259 System Settings Settings Specified Specified Output: Printer Paper Tray Priority: Copier Paper Tray Priority: Printer Key Repeat ADF Original Table Elevation System Status/ Job List Display Time Interleave Print Status Indicator Z-fold Position Half Fold Position Letter Fold-out Position Letter Fold-in Position Double Parallel Fold Position Gate Fold Position Timer Settings...
Page 260 10. Appendix Settings Specified Specified Set Time Auto Logout Timer Weekly Timer Weekly Timer Code Interface Settings Settings Specified Specified Print List Network Settings Specified Specified Machine IPv4 Address IPv4 Gateway Address IPv6 Stateless Address Autoconfiguration DNS Configuration DDNS Configuration IPsec Domain Name WINS Configuration...
Page 261 System Settings Settings Specified Specified Ethernet Speed Ping Command Permit SNMPv3 Communication Permit SSL / TLS Communication Host Name Machine Name IEEE 802.1X Authentication for Ethernet Restore IEEE 802.1X Authentication to Defaults If you set "Machine IPv4 Address", "DNS Configuration", or "Domain Name" to "Auto-Obtain (DHCP)", you can only display the settings.
Page 262 10. Appendix Settings Specified Specified Auto Specify Sender Name Scanner Resend Interval Time Number of Scanner Resends The passwords for "SMTP Authentication" and "Default User Name / Password (Send)" can be entered or changed but not displayed. Administrator Tools Settings Specified Specified Address Book Management...
Page 263 System Settings Settings Specified Specified Delete All Files in Document Server Program / Change / Delete LDAP Server LDAP Search Auto Off Setting Service Test Call Notify Machine Status Service Mode Lock Auto Erase Memory Setting Erase All Memory Program / Change / Delete Realm Some settings under "Extended Security"...
Page 264: Copier / Document Server Features
10. Appendix Copier / Document Server Features When administrator authentication is enabled, the administrator's configuration of Menu Protect determines which functions and settings are available to users. User privileges are as follows: • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 265 Copier / Document Server Features Settings Level 1 Level 2 Original Type Display Alert Sound: Original left on Exposure Glass Job End Call Switch Original Counter Display Customize Function: Copier Customize Function: Document Server Storage Reproduction Ratio Settings Level 1 Level 2 Shortcut Reduce/Enlarge Reproduction Ratio...
Page 266 10. Appendix Settings Level 1 Level 2 Front Cover Copy in Combine Copy Order in Combine Orientation: Booklet, Magazine Image Repeat Separation Line Double Copies Separation Line Separation Line in Combine Copy on Designating Page in Combine Copy Back Cover Double Copies Position Stamp Preset Stamp...
Page 267 Copier / Document Server Features Settings Level 1 Level 2 Stamp Colour: PRIORITY Stamp Colour: For Your Info. Stamp Colour: PRELIMINARY Stamp Colour: For Internal Use Only Stamp Colour: CONFIDENTIAL Stamp Colour: DRAFT If you select [Level 1], you can only specify "Adjust Stamp Position" and "Stamp Position" in "Stamp Format".
Page 268 10. Appendix Settings Level 1 Level 2 Stamp Format Font Size Duplex Back Page Stamping Position Page Numbering in Combine Stamp on Designating Slip Sheet Stamp Position: P1, P2... Stamp Position: 1/5, 2/5... Stamp Position: -1-, -2-... Stamp Position: P.1, P.2... Stamp Position: 1, 2...
Page 269 Copier / Document Server Features Input / Output Settings Level 1 Level 2 SADF Auto Reset Copy Eject Face Method in Glass Mode Memory Full Auto Scan Restart Sort / Stack Shift Tray Setting Insert Separation Sheet Letterhead Setting Staple Position Punch Type Fold Type Finisher: Staple Position...
Page 270 10. Appendix Settings Level 1 Level 2 A.C.S. Priority Inkjet Output Type...
Page 271: Scanner Features
Scanner Features Scanner Features When administrator authentication is enabled, the administrator's configuration of Menu Protect determines which functions and settings are available to users. User privileges are as follows: • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 272 10. Appendix Settings Level 1 Level 2 Background Density of ADS (Full Colour) Blank Page Detect Send Settings Settings Level 1 Level 2 Compression (Black & White) Compression (Grey Scale / Full Colour) Compression Method for High Compression PDF High Compression PDF Level Insert Additional E-mail Info No.
Page 273: Maintenance
Maintenance Maintenance When administrator authentication is enabled, the administrator's configuration of Available Settings determines which system settings are available to users. If user authentication is specified, no settings are accessible to unauthorized users or authorized users before logging in. User privileges are as follows: •...
Page 274: Adjustment Settings For Operators
10. Appendix Adjustment Settings for Operators Users authorized by user authentication can access all adjustment settings for operators.
Page 275: Tray Paper Settings
Tray Paper Settings Tray Paper Settings When administrator authentication is enabled, the administrator's configuration of Available Settings determines which system settings are available to users. If user authentication is specified, no settings are accessible to unauthorized users or authorized users before logging in. User privileges are as follows: •...
Page 276: User Settings - Web Image Monitor Settings
10. Appendix User Settings - Web Image Monitor Settings This section displays the user settings that can be specified on Web Image Monitor when user authentication is specified. Settings that can be specified by the user vary according to the menu protect level and available settings specifications.
Page 277: Device Settings
Device Settings Device Settings The settings available to the user depend on whether or not administrator authentication is enabled. If administrator authentication is enabled, the settings available to the user depend on whether or not "Available Settings" has been specified. User privileges are as follows: •...
Page 278 10. Appendix Settings Specified Specified Paper Tray Priority: Printer Front Cover Sheet Tray: Tray to set Front Cover Sheet Tray: Apply Duplex Front Cover Sheet Tray: Display Time Back Cover Sheet Tray: Tray to set Back Cover Sheet Tray: Apply Duplex Back Cover Sheet Tray: Display Time Slip Sheet Tray: Tray to set Slip Sheet Tray: Display Time...
Page 279 Device Settings Settings Specified Specified Tray 4: Tray Paper Settings Tray 5: Select Tray Paper Settings Tray 5: Tray Paper Settings Tray 6: Select Tray Paper Settings Tray 6: Tray Paper Settings Custom Paper Settings Specified Specified Program/Change Delete Date/Time Settings Specified Specified...
Page 280 10. Appendix Settings Specified Specified System Auto Reset Timer Copier/Document Server Auto Reset Timer Scanner Auto Reset Timer Auto Logout Timer Weekly Timer Code Weekly Timer Logs Settings Specified Specified Collect Job Logs Job Log Collect Level Collect Access Logs Access Log Collect Level Encrypt Logs Delete All Logs...
Page 281 Device Settings Settings Specified Specified SMTP Port No. SMTP Authentication SMTP Auth. E-mail Address SMTP Auth. User Name SMTP Auth. Password SMTP Auth. Encryption POP before SMTP POP E-mail Address POP User Name POP Password Timeout setting after POP Auth. POP3/IMAP4 Server Name POP3/IMAP4 Encryption POP3 Reception Port No.
Page 282 10. Appendix Settings Specified Specified SMB Password FTP User Name FTP Password NCP User Name NCP Password The passwords for "SMB Password", "FTP Password", and "NCP Password" can be entered or changed but not displayed. User Authentication Management Settings Specified Specified User Authentication Management User Code Authentication - User Code Authentication Settings...
Page 283: Scanner
Scanner Scanner If you have enabled administrator authentication, the menu protection setting determines which functions and settings are available. User privileges are as follows: • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 284 10. Appendix Send Settings Settings Level 1 Level 2 Compression (Black & White) Compression (Gray Scale/Full Color) High Compression PDF Level Compression Method for High Compression PDF Insert Additional E-mail Info No. of Digits for Single Page Files Stored File E-mail Method Default E-mail Subject Default Settings for Normal Screens on Device Settings...
Page 285: Interface
Interface Interface The settings available to the user depend on whether or not administrator authentication is enabled. If administrator authentication is enabled, the settings available to the user depend on whether or not "Available Settings" has been specified. User privileges are as follows: •...
Page 286: Network
10. Appendix Network The settings available to the user depend on whether or not administrator authentication is enabled. If administrator authentication is enabled, the settings available to the user depend on whether or not "Available Settings" has been specified. User privileges are as follows: •...
Page 287 Network Settings Not Specified Specified DNS Server RSH/RCP sftp WSD (Device) WSD (Scanner) IPv6 Settings Specified Specified IPv6 Host Name Domain Name Stateless Address Manual Configuration Address DHCPv6-lite DDNS Default Gateway Address DNS Server RSH/RCP sftp WSD (Scanner)
Page 288 10. Appendix NetWare Settings Specified Specified NetWare Logon Mode File Server Name NDS Tree Frame Type NCP Delivery Protocol Settings Specified Specified Workgroup Name Computer Name Comment Notify Print Completion Bonjour Settings Specified Specified Bonjour Computer Name Location...
Page 289: Webpage
Webpage Webpage The settings available to the user depend on whether or not administrator authentication is enabled. If administrator authentication is enabled, the settings available to the user depend on whether or not "Available Settings" has been specified. User privileges are as follows: •...
Page 290: Trademarks
10. Appendix Trademarks Adobe, Acrobat, and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Bonjour and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries. ®...
Page 291 Trademarks ® ® Microsoft Windows 7 Home Premium ® ® Microsoft Windows 7 Professional ® ® Microsoft Windows 7 Ultimate ® ® Microsoft Windows 7 Enterprise • The product names of Windows Server 2003 are as follows: ® ® Microsoft Windows Server 2003 Standard Edition ®...
Page 292 10. Appendix...
Page 293: Index
INDEX Enabling/disabling protocols......Encrypt Address Book......... Access Control............. Encryption key............. Access permission for stored files......Encryption Key Auto Exchange Settings..168, Address Book access permission......Address Book Privileges........Encryption Key Manual Settings....168, 181 Adjustment Settings for Operators... 236, 240, Enhance File Protection........
Page 294 Service Mode Lock..........Setting up the Machine......... Machine administrator.......... Settings by SNMPv1, v2........Machine administrator settings......SNMPv3.............. Maintenance..........240, 271 SSL (Secure Sockets Layer)........ Manuals for This Machine........SSL / TLS configuration........Menu Protect..........117, 118 SSL / TLS encryption........... Supervisor..........
Page 296 D075-7537...

This manual is also suitable for:

Pro c751ex

Ricoh Pro C651EX Operating Instructions Manual

1 Getting Started

2 Configuring Administrator Authentication

3 Configuring User Authentication

4 Protecting Data from Information Leaks

5 Securing Information Sent over the Network or Stored on Hard Disk

6 Managing Access to the Machine

7 Enhanced Network Security

8 Specifying the Extended Security Functions

9 Troubleshooting

10 Appendix

Quick Links

Operating Instructions

Related Manuals for Ricoh Pro C651EX

Summary of Contents for Ricoh Pro C651EX

This manual is also suitable for:

Table of Contents