Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information
Operating Instructions Security Reference Getting Started Administrators/Authentication and its Application Users/Authentication and its Application Protecting Document Data Information from Leaks Managing Access to the Machine Enhanced Network Security Specifying the Extended Security Functions Troubleshooting Appendix Read this manual carefully before you use this machine and keep it handy for future reference. For safe and correct use, be sure to read the Safety Information in "About This Machine"...
Manuals for This Machine Read this manual carefully before you use this machine. Refer to the manuals that are relevant to what you want to do with the machine. • Media differ according to manual. • The printed and electronic versions of a manual have the same contents. •...
Page 4
Security Reference This manual is for administrators of the machine. It explains security functions that you can use to prevent unauthorized use of the machine, data tampering, or information leakage. Be sure to read this manual when setting the enhanced security functions, or user and administrator authentication. Other manuals •...
TABLE OF CONTENTS Manuals for This Machine..........................1 Notice..................................9 Important.................................9 How to Read This Manual..........................10 Symbols................................10 Display................................10 IP Address..............................11 Note................................11 Laws and Regulations............................12 Legal Prohibition............................12 1. Getting Started Before Using the Security Functions........................13 Setting Up the Machine...........................14 Enhanced Security............................16 Glossary................................17 Security Measures Provided by this Machine....................18 Using Authentication and Managing Users....................18 Ensuring Information Security........................18 Limiting and Controlling Access........................19...
Page 6
Changing the Administrator........................32 Using Web Image Monitor.........................34 3. Users/Authentication and Its Application Users..................................35 About User Authentication..........................36 Authentication Setting Procedure........................37 Enabling User Authentication..........................39 User Code Authentication..........................40 Specifying User Code Authentication......................40 Basic Authentication............................46 Specifying Basic Authentication........................46 Authentication Information Stored in the Address Book................51 Specifying Login User Name and Login Password...................51 Specifying Authentication Information to Log on..................54 Windows Authentication..........................58...
Page 7
4. Protecting Document Data Information from Leaks Preventing Unauthorized Copying.........................97 Unauthorized Copy Prevention........................98 Data Security for Copying..........................99 Printing Limitations.............................100 Notice.................................100 Printing with Unauthorized Copy Prevention and Data Security for Copying........101 Preventing Data Leaks Due to Unauthorized Transmission................103 Restrictions on Destinations........................103 Protecting the Address Book.........................105 Address Book Access Permission......................105 Encrypting Data in the Address Book......................108...
Page 8
Setting the SSL / TLS Encryption Mode....................147 SNMPv3 Encryption..........................149 Transmission Using IPsec..........................152 Encryption and Authentication by IPsec....................152 Encryption Key Auto Exchange Settings and Encryption Key Manual Settings........153 IPsec Settings.............................154 Encryption Key Auto Exchange Settings Configuration Flow..............161 Encryption Key Manual Settings Configuration Flow................166 telnet Setting Commands..........................167 Authentication by telnet..........................175 "authfree"...
Page 9
Machine Administrator Settings........................200 System Settings............................200 Copier Features............................201 Facsimile Features.............................202 Printer Features............................202 Settings via Web Image Monitor......................203 Settings via SmartDeviceMonitor for Admin...................206 Network Administrator Settings........................207 System Settings............................207 Settings via Web Image Monitor......................207 Settings via SmartDeviceMonitor for Admin...................209 File Administrator Settings..........................210 System Settings............................210 Settings via Web Image Monitor......................210 User Administrator Settings...........................211 System Settings............................211...
Page 10
INDEX ................................245...
Notice Important In no event will the company be liable for direct, indirect, special, incidental, or consequential damages as a result of handling or operating the machine. For good copy quality, the supplier recommends that you use genuine toner from the supplier. The supplier shall not be responsible for any damage or expense that might result from the use of parts other than genuine parts from the supplier with your office products.
How to Read This Manual Symbols This manual uses the following symbols: Indicates points to pay attention to when using the machine, and explanations of likely causes of paper misfeeds, damage to originals, or loss of data. Be sure to read these explanations. Indicates supplementary explanations of the machine's functions, and instructions on resolving user errors.
Reading the Display and Using Keys BLR001S 1. [Escape] key Press to cancel an operation or return to the previous display. 2. [OK] key Press to set a selected item or entered numeric value. 3. Scroll keys Press to move the cursor to each direction one by one. When [ ][ ][ ], or [ ] key appears in this manual, press the scroll key of the same direction.
Laws and Regulations Legal Prohibition Do not copy or print any item for which reproduction is prohibited by law. Copying or printing the following items is generally prohibited by local law: bank notes, revenue stamps, bonds, stock certificates, bank drafts, checks, passports, driver's licenses. The preceding list is meant as a guide only and is not inclusive.
1. Getting Started This chapter describes the machine's security features and how to specify initial security settings. Before Using the Security Functions • If the security settings are not specified, the machine may be damaged by malicious attackers. 1. To prevent this machine being stolen or willfully damaged, etc., install it in a secure location. 2.
1. Getting Started Setting Up the Machine This section explains how to enable encryption of transmitted data and configure the administrator account. If you want higher security, make the following setting before using the machine. Turn the machine on. Press the [User Tools/Counter] key. Press [System Settings] using [ ] or [ ], and then press the [OK] key.
Page 17
Setting Up the Machine • p.34 "Using Web Image Monitor" • p.142 "Protection Using Encryption" • p.26 "Registering the Administrator"...
1. Getting Started Enhanced Security This machine's security functions can be enhanced by managing the machine and its users using the improved authentication functions. By specifying access limits for the machine's functions and the documents and data stored in the machine, information leaks and unauthorized access can be prevented.
Glossary Glossary Administrator There are four types of administrators according to administrative function: machine administrator, network administrator, file administrator, and user administrator. We recommend that only one person takes each administrator role. In this way, you can spread the workload and limit unauthorized operation by a single administrator. Basically, administrators make machine settings and manage the machine;...
1. Getting Started Security Measures Provided by this Machine Using Authentication and Managing Users Enabling Authentication To control administrators' and users' access to the machine, perform administrator authentication and user authentication using login user names and login passwords. To perform authentication, the authentication function must be enabled.
Security Measures Provided by this Machine Preventing Data Leaks Due to Unauthorized Transmission You can specify in the Address Book which users are allowed to send files using the fax function. You can also limit the direct entry of destinations to prevent files from being sent to destinations not registered in the Address Book.
1. Getting Started • p.117 "Limiting Available Functions" Enhanced Network Security Preventing Unauthorized Access You can limit IP addresses or disable ports to prevent unauthorized access over the network and protect the Address Book, and default settings. For details about preventing unauthorized access, see "Preventing Unauthorized Access".
2. Administrators/Authentication and Its Application Administrators Administrators manage user access to the machine and various other important functions and settings. When an administrator controls limited access and settings, first select the machine's administrator, enable the authentication function, and then use the machine. When the authentication function is enabled, the login user name and login password are required in order to use the machine.
2. Administrators/Authentication and Its Application Machine Administrator This is the administrator who mainly manages the machine's default settings. You can set the machine so that the default for each function can only be specified by the machine administrator. By making this setting, you can prevent unauthorized people from changing the settings and allow the machine to be used securely by its many users.
About Administrator Authentication About Administrator Authentication There are four types of administrators: user administrator, machine administrator, network administrator, and file administrator. For details about each administrator, see "Administrators". BBC005S 1. User Administrator This administrator manages personal information in the Address Book. You can register/delete users in the Address Book or change users' personal information.
2. Administrators/Authentication and Its Application Enabling Administrator Authentication To control administrators' access to the machine, perform administrator authentication using login user names and passwords. When registering an administrator, you cannot use a login user name already registered in the Address Book. Administrators are handled differently from the users registered in the Address Book.
Page 27
Enabling Administrator Authentication • If you have enabled Administrator Authentication Management, make sure not to forget the administrator login user name and login password. If an administrator login user name or login password is forgotten, a new password must be specified using the supervisor's authority. For instructions on registering the supervisor, see "Supervisor Operations".
2. Administrators/Authentication and Its Application Select [On] using [ ] or [ ], and then press the [OK] key. [Items] appears. Select the settings to manage from [Items] using [ ], and then press the [OK] key. The selected settings will be unavailable to users. [Items] varies depending on the administrator.
Page 29
Enabling Administrator Authentication For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication". Press the [User Tools/Counter] key. Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key.
Page 30
2. Administrators/Authentication and Its Application Select [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4] using [ ] or [ ], and then press the [OK] key. Press [Exit]. Select [Admin. Detailed Settings] using [ ] or [ ], and then press the [OK] key. Select the setting you want to specify using [ ] or [ ], and then press the [OK] key.
Page 31
Enabling Administrator Authentication Select [Login Password] using [ ] or [ ], and then press the [OK] key. Enter the login password, and then press the [OK] key. Follow the password policy to make the login password more secure. If a password reentry screen appears, enter the login password, and then press the [OK] key.
2. Administrators/Authentication and Its Application If a password reentry screen appears, enter the encryption password, and then press the [OK] key. Press [Exit] three times. You will be automatically logged off. Press the [User Tools/Counter] key. • You can use up to 32 alphanumeric characters and symbols when registering login user names and login passwords.
Enabling Administrator Authentication Press [Login]. Enter the login user name, and then press the [OK] key. When you log on to the machine for the first time as the administrator, enter "admin". Enter the login password, and then press the [OK] key. If assigning the administrator for the first time, press the {OK} key without entering login password.
2. Administrators/Authentication and Its Application Press [Logout]. Press [Yes]. Changing the Administrator Change the administrator's login user name and login password. You can also assign administrator authority to the login user names [Administrator 1] to [Administrator 4]. To combine the authorities of multiple administrators, assign multiple administrators to a single administrator.
Page 35
Enabling Administrator Authentication Select [Program/Change Admin.] using [ ] or [ ], and then press the [OK] key. Select [Permissions] using [ ] or [ ], and then press the [OK] key. Select the administrator, and then press the [OK] key. Select [Administrator 1], [Administrator 2], [Administrator 3] or [Administrator 4] using [ ] or [ ], and then press the [OK] key.
2. Administrators/Authentication and Its Application Select the administrator you want to change settings using [ ] or [ ], and then press the [OK] key, and re-enter the setting. Press [Exit] three times. You will be automatically logged off. Press the [User Tools/Counter] key. •...
3. Users/Authentication and Its Application Users A user performs normal operations on the machine, such as copying and printing. Users are managed using the personal information in the machine's Address Book, and can use only the functions they are permitted to access by administrators. By enabling user authentication, you can allow only people registered in the Address Book to use the machine.
3. Users/Authentication and Its Application About User Authentication This machine has an authentication function to prevent unauthorized access. By using login user name and login password, you can specify access limits for individual users and groups of users. BBC004S 1. User A user performs normal operations on the machine, such as copying and printing.
Authentication Setting Procedure Authentication Setting Procedure Specify administrator authentication and user authentication according to the following chart: Administrator Authentication Specifying Administrator Privileges See "Enabling Administrator Authentication". See "Specifying Administrator Privileges". Registering the Administrator See "Registering the Administrator". User Authentication Specifying User Authentication See "Enabling User Authentication".
Page 40
3. Users/Authentication and Its Application • p.69 "LDAP Authentication" • p.78 "Integration Server Authentication"...
Enabling User Authentication Enabling User Authentication To control users' access to the machine, perform user authentication using login user names and passwords. There are five types of user authentication methods: User Code authentication, Basic authentication, Windows authentication, LDAP authentication, and Integration Server authentication. To use user authentication, select an authentication method on the control panel, and then make the required settings for the authentication.
3. Users/Authentication and Its Application User Code Authentication This is an authentication method for limiting access to functions according to a user code. The same user code can be used by more than one user. For details about specifying user codes, see "Authentication Information", General Settings Guide.
Page 43
User Code Authentication Select [User Code Auth.] using [ ] or [ ], and then press the [Details] key. If you do not want to use user authentication management, select [Off]. Select [Restrict Functions] using [ ] or [ ], and then press the [OK] key. Select which of the machine's functions you want to limit using [ ] or [ ], and then press the [ ] key.
Page 44
3. Users/Authentication and Its Application If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)". • p.117 "Limiting Available Functions" • p.42 "Selecting Entire or Simple (All)" • p.43 "Selecting Simple (Limitation)" • p.87 "Printer Job Authentication" Selecting Entire or Simple (All) If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 45
User Code Authentication Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface (Sim.)], [USB (Sim.)] and the clients' IPv4 address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticated printer drivers or without any printer driver.
Page 46
3. Users/Authentication and Its Application Enter the End IPv4 Address, and then press the [OK] key. Be sure the number you enter for End IPv4 Address is larger than that for Start IPv4 Address. Select [Parallel Interface (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key.
Page 47
User Code Authentication Press [Exit]. Press the [OK] key. Press the [User Tools/Counter] key.
3. Users/Authentication and Its Application Basic Authentication Specify this authentication method when using the machine's Address Book to authenticate each user. Using Basic authentication, you can not only manage the machine's available functions but also limit access to the personal data in the Address Book. Under Basic authentication, the administrator must specify the functions available to each user registered in the Address Book.
Page 49
Basic Authentication Select [Basic Auth.] using [ ] or [ ], and then press [Details]. If you do not want to use user authentication management, select [Off]. Select [Function Permissions] using [ ] or [ ], and then press the [OK] key. Select which of the machine's functions you want to permit using [ ] or [ ], and then press the [ ] key.
Page 50
3. Users/Authentication and Its Application If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)". • p.30 "Logging on Using Administrator Authentication" • p.31 "Logging off Using Administrator Authentication" • p.117 "Limiting Available Functions" • p.48 "Selecting Entire or Simple (All)" •...
Page 51
Basic Authentication Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface (Sim.)], [USB (Sim.)] and the clients' IPv4 address range in which printer job authentication is not required. Specify this setting if you want to print using unauthenticated printer drivers or without any printer driver.
Page 52
3. Users/Authentication and Its Application Enter the End IPv4 Address, and then press the [OK] key. Be sure the number you enter for End IPv4 Address is larger than that for Start IPv4 Address. Select Select [Parallel Interface (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key.
Basic Authentication Press [Exit]. Press the [OK] key. Press the [User Tools/Counter] key. Authentication Information Stored in the Address Book This can be specified by the user administrator. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 54
3. Users/Authentication and Its Application Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Address Book Management] using [ ] or [ ], and then press the [OK] key. Select [Program/Change] using [ ] or [ ], and then press the [OK] key.
Page 55
Basic Authentication Press the [OK] key. Press [Details]. Select [Auth. Info] using [ ] or [ ], and then press the [OK] key. Select [Login Authent.Info] using [ ] or [ ], and then press the [OK] key. Select [Login User Name] using [ ] or [ ], and then press the [OK] key. Enter the login name, and then Press the [OK] key.
3. Users/Authentication and Its Application Select [Login Password] using [ ] or [ ], and then press the [OK] key. Enter the login password, and then Press the [OK] key. Re-enter the login password, and then Press the [OK] key. Press the [Escape] key two times.
Page 57
Basic Authentication If you do not want to use the login user name and password specified in [Address Book Management] for "Folder Authentication", or "LDAP Authentication", see "Address Book" General Settings Guide. For details about specifying login user name and login password, see "Specifying Login User Name and Login Password".
Page 58
3. Users/Authentication and Its Application Enter the registration number you want to program using the number keys or the Quick Dial keys, and then press the [OK] key. By pressing [Search], you can search by Name, Display Destination List, Registration No., User Code and Fax Destination.
Page 59
Basic Authentication Select [Use Auth. Info at Login] using [ ] or [ ], and then press the [OK] key. For folder authentication, select [Use Auth. Info at Login] in "Folder Authentication". For LDAP authentication, select [Use Auth. Info at Login] in "LDAP Authentication". Press the [Escape] key.
3. Users/Authentication and Its Application Windows Authentication Specify this authentication when using the Windows domain controller to authenticate users who have their accounts on the directory server. Users cannot be authenticated if they do not have their accounts in the directory server.
Windows Authentication • If you have created a new user in the domain controller and selected "User must change password at next logon", log on to the machine from the computer to change the password before logging on from the machine's control panel. •...
Page 62
3. Users/Authentication and Its Application Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [User Auth. Management] using [ ] or [ ], and then press the [OK] key. Select [Windows Auth.] using [ ] or [ ], and then press [Details]. If you do not want to use user authentication management, select [Off].
Page 63
Windows Authentication You also need to register in the machine the functions available to the global group members. Create global groups in the machine by entering the names of the global groups registered in the Windows Server. (Keep in mind that group names are case sensitive.) Then specify the machine functions available to each group.
Page 64
3. Users/Authentication and Its Application Select which of the machine's functions you want to permit using [ ] or [ ], and then press the [ ] key. The box next to a selected item is checked. To deselect the item, press [ ]. Windows Authentication will be applied to the selected functions.
Page 65
Windows Authentication Select [Windows Auth.] using [ ] or [ ], and then press [Details]. Select [Printer Job Authentication] using [ ] or [ ], and then press the [OK] key. Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)". If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation)".
Page 66
3. Users/Authentication and Its Application Select [Entire] or [Simple (All)] using [ ] or [ ], and then press the [OK] key. Press [Exit]. Press the [OK] key. Press the [User Tools/Counter] key. • Under Windows Authentication, you can select whether or not to use secure sockets layer (SSL) authentication.
Page 67
Windows Authentication If you select [Simple (Limitation)], you can print even with unauthenticated printer drivers or devices. Specify this setting if you want to print with a printer driver or device that cannot be identified by the machine or if you do not require authentication for printing.
Page 68
3. Users/Authentication and Its Application Select [Parallel Interface (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key. Select [USB (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key.
Page 69
Windows Authentication • Under Windows Authentication, you can select whether or not to use secure sockets layer (SSL) authentication. • To automatically register user information such as fax numbers under Windows authentication, it is recommended that communication between the machine and domain controller be encrypted using SSL.
Page 70
3. Users/Authentication and Its Application The top page of Web Image Monitor appears. Click [Login]. The network administrator can log on. Enter the login user name and password. Click [Configuration], and then click [Device Certificate] under "Security". The Device Certificate page appears. Check the radio button next to the number of the certificate you want to install.
LDAP Authentication LDAP Authentication Specify this authentication method when using the LDAP server to authenticate users who have their accounts on the LDAP server. Users cannot be authenticated if they do not have their accounts on the LDAP server. The Address Book stored in the LDAP server can be registered to the machine, enabling user authentication without first using the machine to register individual settings in the Address Book.
3. Users/Authentication and Its Application You do not have to enter the user name if the LDAP server supports "Anonymous Authentication". • Password You do not have to enter the password if the LDAP server supports "Anonymous Authentication". • When you select Cleartext authentication, LDAP Simplified authentication is enabled. Simplified authentication can be performed with a user attribute (such as cn, or uid), instead of the DN.
Page 73
LDAP Authentication Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [User Auth. Management] using [ ] or [ ], and then press the [OK] key. Select [LDAP Auth.] using [ ] or [ ], and then press [Details].
Page 74
3. Users/Authentication and Its Application Select the LDAP server to be used for LDAP authentication using [ ] or [ ], and then press the [OK] key. Select [Login Name Attribute] using [ ] or [ ], and then press the [OK] key. Enter the login name attribute, and then press the [OK] key.
Page 75
LDAP Authentication of a user registered in the machine, the two instances are treated as referring to the same user. You can enter an attribute such as "serialNumber" or "uid". Additionally, you can enter "cn" or "employeeNumber", provided it is unique. If you do not specify the Unique Attribute, an account with the same user information but with a different login user name will be created in the machine.
Page 76
3. Users/Authentication and Its Application • p.30 "Logging on Using Administrator Authentication" • p.31 "Logging off Using Administrator Authentication" • p.74 "Selecting Entire or Simple (All)" • p.75 "Selecting Simple (Limitation)" • p.87 "Printer Job Authentication" Selecting Entire or Simple (All) If you select [Entire], you cannot print using a printer driver or a device that does not support authentication.
Page 77
LDAP Authentication • p.117 "Limiting Available Functions" Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface (Sim.)], [USB (Sim.)] and the clients' IPv4 address range in which printer job authentication is not required.
Page 78
3. Users/Authentication and Its Application Enter the End IPv4 Address, and then press the [OK] key. Be sure the number you enter for End IPv4 Address is larger than that for Start IPv4 Address. Select [Parallel Interface (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key.
Page 79
LDAP Authentication Press the [OK] key. Press the [User Tools/Counter] key. • p.117 "Limiting Available Functions"...
3. Users/Authentication and Its Application Integration Server Authentication To use Integration Server authentication, you need a server on which ScanRouter software that supports authentication is installed. For external authentication, the Integration Server authentication collectively authenticates users accessing the server over the network, providing a server-independent, centralized user authentication system that is safe and convenient.
Page 81
Integration Server Authentication Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [User Auth. Management] using [ ] or [ ], and then press the [OK] key. Select [Integration Svr.
Page 82
3. Users/Authentication and Its Application Enter the server name, and then press the [OK] key. Enter the IPv4 address or host name. Select [Authentication Type] using [ ] or [ ], and then press the [OK] key. Select the authentication system for external authentication using [ ] or [ ], and then press the [OK] key.
Page 83
Integration Server Authentication Select [Obtain URL] using [ ] or [ ], and then press the [OK] key. The machine obtains the URL of the server specified in "Server Name". If "Server Name" or the setting for enabling SSL is changed after obtaining the URL, the "URL" will be not obtained.
Page 84
3. Users/Authentication and Its Application Select which of the machine's functions you want to permit using [ ] or [ ], and then press the [ ] key. The box next to a selected item is checked. To deselect the item, press [ ]. Integration Server Authentication will be applied to the selected functions.
Page 85
Integration Server Authentication Select [Integration Svr. Auth.] using [ ] or [ ], and then press [Details]. Select [Printer Job Authentication] using [ ] or [ ], and then press the [OK] key. Select the "Printer Job Authentication" level. If you select [Entire] or [Simple (All)], proceed to "Selecting Entire or Simple (All)". If you select [Simple (Limitation)], proceed to "Selecting Simple (Limitation) ".
Page 86
3. Users/Authentication and Its Application Press [Exit]. Press the [OK] key. Press the [User Tools/Counter] key. Selecting Simple (Limitation) If you select [Simple (Limitation)], you can specify clients for which printer job authentication is not required. Specify [Parallel Interface (Sim.)], [USB (Sim.)] and the clients' IPv4 address range in which printer job authentication is not required.
Page 87
Integration Server Authentication Select [IPv4 Address 1], [IPv4 Address 2], [IPv4 Address 3], [IPv4 Address 4] or [IPv4 Address 5] using [ ] or [ ], and then press the [OK] key. Enter the Start IPv4 Address, and then press the [OK] key. You can specify the IPv4 address range to which this setting is applied.
Page 88
3. Users/Authentication and Its Application Select [USB (Sim.)] using [ ] or [ ], and then press the [OK] key. Select [Apply] using [ ] or [ ], and then press the [OK] key. Press [Exit]. Press the [OK] key. Press the [User Tools/Counter] key.
Printer Job Authentication Printer Job Authentication This section explains Printer Job Authentication. Printer Job Authentication Levels and Printer Job Types This section explains the relationship between printer job authentication levels and printer job types. Depending on the combination of printer job authentication level and printer job type, the machine may not print properly.
Page 90
3. Users/Authentication and Its Application • [Simple (All)] The machine authenticates printer jobs and remote settings that have authentication information, and cancels the jobs and settings that fail authentication. Printer jobs and settings without authentication information are performed without being authenticated.
If User Authentication is Specified If User Authentication is Specified When user authentication (User Code Authentication, Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authentication) is set, the authentication screen is displayed. Unless a valid user name and password are entered, operations are not possible with the machine. Log on to operate the machine, and log off when you are finished operations.
3. Users/Authentication and Its Application Login (Using the Control Panel) Use the following procedure to log in when Basic Authentication, Windows Authentication, LDAP Authentication, or Integration Server Authentication is enabled. Enter a login user name, and then press the [OK] key. Enter a login password, and then press the [OK] key.
If User Authentication is Specified Login (Using a Printer Driver) When Basic Authentication, Windows Authentication, or LDAP Authentication is set, make encryption settings in printer properties on the printer driver, and then specify a login user name and password. For details, see the printer driver Help.
Page 94
3. Users/Authentication and Its Application Setting Item Description Setting Values Default Setting Specify whether or not • Active Lockout to enable the lockout • Inactive • Inactive function. Specify the number of authentication Number of Attempts attempts to allow 1-10 Before Lockout before applying lockout.
Page 95
If User Authentication is Specified Click [Login]. The machine administrator can log on. Enter the login user name and login password. Click [Configuration], and then click [User Lockout Policy] under "Security". The User Lockout Policy page appears. Set "Lockout" to [Active]. In the drop down menu, select the number of login attempts to permit before applying lockout.
3. Users/Authentication and Its Application Auto Logout This can be specified by the machine administrator. When using user authentication management, the machine automatically logs you off if you do not use the control panel within a given time. This feature is called "Auto Logout". Specify how long the machine is to wait before performing Auto Logout.
Page 97
If User Authentication is Specified Enter "60" to "999" (seconds) using the number keys, and then press the [OK] key. If you do not want to specify [Auto Logout Timer], select [Off]. Press the [User Tools/Counter] key. • If a paper jam occurs or a print cartridge runs out of ink, the machine might not be able to perform the Auto Logout function.
3. Users/Authentication and Its Application Authentication Using an External Device To authenticate using an external device, see the device manual. For details, contact your sales representative.
4. Protecting Document Data Information from Leaks This chapter describes how to protect document data and information transmitted through the network from unauthorized viewing and modification. Preventing Unauthorized Copying In Printer Features, using the printer driver, you can embed a pattern in the printed copy to discourage or prevent unauthorized copying.
4. Protecting Document Data Information from Leaks Unauthorized Copy Prevention Using the printer driver, you can embed mask and pattern (for instance, a warning such as "No Copying") in the printed document. If the document is copied, faxed or scanned by a copier or multifunction printer, the embedded pattern appears clearly on the copy, discouraging unauthorized copying.
Preventing Unauthorized Copying Data Security for Copying Using the printer driver to enable the data security for copying function, you can print a document with an embedded pattern of hidden text. Such a document is called a data security for copying document. If a data security for copying document is copied using a copier or multi-function printer with the Copy Data Security Unit, protected pages are grayed out in the copy, preventing confidential information from being copied.
4. Protecting Document Data Information from Leaks • You can also embed pattern in a document protected by data security for copying. However, if such a document is copied using a copier or multi-function printer with the Copy Data Security Unit, the copy is grayed out, so the embedded pattern does not appear on the copy.
Preventing Unauthorized Copying 2. The supplier is not liable for any damage caused by using or not being able to use unauthorized copy prevention and data security for copying. Printing with Unauthorized Copy Prevention and Data Security for Copying This section describes Printing with Unauthorized Copy Prevention and Data Security for Copying. Specifying Printer Settings for Unauthorized Copy Prevention (Printer Driver Setting) Using the printer driver, specify the printer settings for unauthorized copy prevention.
Page 104
4. Protecting Document Data Information from Leaks Specifying Data Security for Copying (Machine Setting) This can be specified by the machine administrator. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication". To use this function, the Copy Data Security Unit must be installed.
Preventing Data Leaks Due to Unauthorized Transmission Preventing Data Leaks Due to Unauthorized Transmission This section describes Preventing Data Leaks Due to Unauthorized Transmission. If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user.
Page 106
4. Protecting Document Data Information from Leaks Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Extended Security] using [ ] or [ ], and then press the [OK] key. Select [Restrict Use of Dest.] using [ ] or [ ], and then press the [OK] key. Select [On] using [ ] or [ ], and then press the [OK] key.
Protecting the Address Book Protecting the Address Book If user authentication is specified, the user who has logged on will be designated as the sender to prevent data from being sent by an unauthorized person masquerading as the user. To protect the data from unauthorized reading, you can also encrypt the data in the Address Book. Address Book Access Permission This can be specified by the registered user.
Page 108
4. Protecting Document Data Information from Leaks Select [Program/Change] using [ ] or [ ], and then press the [OK] key. Enter the registration number you want to program using the number keys or the Quick Dial keys, and then press the [OK] key. By pressing [Search], you can search by Name, Display Destination List, Registration No., User Code and Fax Destination.
Page 109
Protecting the Address Book Select [Dest.Protect: Permissions] using [ ] or [ ], and then press the [OK] key. Press [Program]. Select the users or groups to register. You can select more than one user. By pressing [All], you can select all the users. Press the [OK] key.
4. Protecting Document Data Information from Leaks • p.30 "Logging on Using Administrator Authentication" • p.31 "Logging off Using Administrator Authentication" Encrypting Data in the Address Book This can be specified by the user administrator. You can encrypt the data in the Address Book using the extended security function, "Encrypt Address Book". For details about this and other extended security functions, see "Specifying the Extended Security Functions".
Page 111
Protecting the Address Book Select [Encrypt Address Book] using [ ] or [ ], and then press the [OK] key. Select the setting you want to change using [ ] or [ ], and then press [Enc.Key]. Enter the encryption key, and then press the [OK] key. Enter the encryption key using up to 32 alphanumeric characters.
Page 112
4. Protecting Document Data Information from Leaks Do not switch the main power off during encryption, as doing so may corrupt the data. Encrypting the data in the Address Book may take a long time. The time it takes to encrypt the data in the Address Book depends on the number of registered users. The machine cannot be used during encryption.
5. Managing Access to the Machine This chapter describes how to prevent unauthorized access to and modification of the machine's settings. Preventing Modification of Machine Settings This section describes Preventing Modification of Machine Settings. The administrator type determines which machine settings can be modified. Users cannot change the administrator settings.
Menu Protect Menu Protect The administrator can also limit users' access permission to the machine's settings. The machine's [System Settings] menu and the printer's regular menus can be locked so they cannot be changed. This function is also effective when management is not based on user authentication. For a list of settings that users can specify according to the Menu Protect level, see "User Settings - Control Panel Settings", or "User Settings - Web Image Monitor Settings".
Page 116
5. Managing Access to the Machine Select [Menu Protect] using [ ] or [ ], and then press the [OK] key. Select the menu protect level using [ ] or [ ], and then press the [OK] key. Press the [User Tools/Counter] key. Fax Functions To specify [Menu Protect] in [Fax Features], set [Machine Management] to [On] in [Admin.
Page 117
Menu Protect Select the menu protect level using [ ] or [ ], and then press the [OK] key. Press the [User Tools/Counter] key. Printer Functions To specify [Menu Protect] in [Printer Features], set [Machine Management] to [On] in [Admin. Auth. Management] in [Administrator Tools] in [System Settings].
Page 118
5. Managing Access to the Machine Press the [User Tools/Counter] key.
Limiting Available Functions Limiting Available Functions To prevent unauthorized operation, you can specify who is allowed to access each of the machine's functions. Available Functions Specify the available functions from the copier, fax, scanner, and printer functions. Specifying Which Functions are Available This can be specified by the user administrator.
Page 120
5. Managing Access to the Machine Select [Program/Change] using [ ] or [ ], and then press the [OK] key. Enter the registration number you want to program using the number keys or the Quick Dial keys, and then press the [OK] key. By pressing [Search], you can search by Name, Display Destination List, Registration No.
Page 121
Limiting Available Functions Select [Function Permissions] using [ ] or [ ], and then press the [OK] key. Select which of the machine's functions you want to permit using [ ] or [ ], and then press the [ ] key. Press the [OK] key.
5. Managing Access to the Machine Managing Log Files 1. Log information To view the log, Web SmartDeviceMonitor is required. The following log information is stored in the machine's memory: • Job log Stores information about user file-related activities, such as copying, printing, sending and receiving faxes, and sending scanned files.
Page 123
Managing Log Files Press the [User Tools/Counter] key. Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Transfer Log Setting] using [ ] or [ ], and then press the [OK] key. Select [Off] using [ ] or [ ], and then press the [OK] key.
Page 124
5. Managing Access to the Machine Press the [User Tools/Counter] key. Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Delete All Logs] using [ ] or [ ], and then press the [OK] key.
Managing Log Files Using Web SmartDeviceMonitor to Manage Log Files For details about using Web SmartDeviceMonitor to manage Log Files, see the manual supplied with the Using Web SmartDeviceMonitor. Using Web Image Monitor to Manage Log Files This can be specified by the machine administrator. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Page 126
5. Managing Access to the Machine Select [Collect Job Logs] to specify Job Log settings, or select [Collect Access Logs] to specify Access Log settings, and then select [Active]. Specify the recording levels for either [Job Log Collect Level] or [Access Log Collect Level]. The settings shown for "Job Log Collect Settings Listed by Function Type"...
Page 127
Managing Log Files Delete All Logs Follow steps 1 to 4 in " Specify Log Collect Settings ". Click [Delete] under "Delete All Logs". Click [OK]. All job logs and device access log records are cleared. Click [Logout]. • On this page, "Delete All Logs" does not appear if either [Collect Job Logs] or [Collect Access Logs] are not set to [Active].
6. Enhanced Network Security This chapter describes how to increase security over the network using the machine's functions. Preventing Unauthorized Access You can limit IP addresses, disable ports and protocols, or use Web Image Monitor to specify the network security level to prevent unauthorized access over the network and protect the Address Book, stored files, and default settings.
6. Enhanced Network Security Click [OK]. Access control is set. Click [Logout]. Enabling/Disabling Protocols This can be specified by the network administrator. Specify whether to enable or disable the function for each protocol. By making this setting, you can specify which protocols are available and so prevent unauthorized access over the network.
Page 131
Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition You can restrict personal information • SmartDeviceMonitor from being displayed by for Admin making settings on the • Web control panel using SmartDeviceMonitor "Restrict Display of User Information".*1 Functions that require sftp cannot be used.
Page 132
6. Enhanced Network Security Protocol Port Setting Method Disabled Condition • Web SmartDeviceMonitor SMB printing functions via TCP/IP, as well as UDP:137 • telnet NetBIOS designated UDP:138 functions on the WINS server cannot be used. Functions that require SNMPv1, v2 cannot be •...
Page 133
Preventing Unauthorized Access Protocol Port Setting Method Disabled Condition "Restrict Display of User Information".*1 LPR functions cannot be used. • Web Image Monitor You can restrict • telnet personal information • SmartDeviceMonitor TCP:515 from being displayed by for Admin making settings on the •...
Page 134
6. Enhanced Network Security Protocol Port Setting Method Disabled Condition You can attempt to TCP:10021 • telnet update firmware via FTP. • Control Panel • Web Image Monitor Cannot print with • telnet NetWare. NetWare (IPX/SPX) • SmartDeviceMonitor SNMP over IPX cannot for Admin be used.
Page 135
Preventing Unauthorized Access • p.177 "Specifying the Extended Security Functions" • p.30 "Logging on Using Administrator Authentication" • p.31 "Logging off Using Administrator Authentication" Making Settings Using the Control Panel Press the [User Tools/Counter] key. Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Interface Settings] using [ ] or [ ], and then press the [OK] key.
Page 136
6. Enhanced Network Security Select the protocol you want to specify, and then press the [OK] key. Select [Inactive] using [ ] or [ ], and then press the [OK] key. Press the [User Tools/Counter] key. Making Settings Using Web Image Monitor Open a Web browser.
Preventing Unauthorized Access Specifying Network Security Level This can be specified by the network administrator. This setting lets you change the security level to limit unauthorized access. You can make network security level settings on the control panel, as well as Web Image Monitor.
Page 138
6. Enhanced Network Security Select [Network Security Level] using [ ] or [ ], and then press the [OK] key. Select the network security level using [ ] or [ ], and then press the [OK] key. Select [Level 0], [Level 1], or [Level 2]. Press the [User Tools/Counter] key.
Page 139
Preventing Unauthorized Access Status of Functions under each Network Security Level Tab Name:TCP/IP Function Level 0 Level 1 Level 2 TCP/IP Active Active Active HTTP> Port 80 Open Open Open IPP> Port 80 Open Open Open IPP> Port 631 Open Open Close SSL/TLS>...
Page 140
6. Enhanced Network Security Tab Name:NetWare Function Level 0 Level 1 Level 2 NetWare Active Active Inactive Tab Name:SNMP Function Level 0 Level 1 Level 2 SNMP Active Active Active Permit Settings by SNMPv1 and v2 SNMPv1 / v2 Function Active Active Inactive...
Encrypting Transmitted Passwords Encrypting Transmitted Passwords Prevent login passwords and IPP authentication passwords from being revealed by encrypting them for transmission. Also, encrypt the login password for administrator authentication and user authentication. Driver Encryption Key Encrypt the password transmitted when specifying user authentication. To encrypt the login password, specify the driver encryption key on the machine and on the printer driver installed in the user's computer.
Page 142
6. Enhanced Network Security Select [Extended Security] using [ ] or [ ], and then press the [OK] key. Select [Driver Encryption Key] using [ ] or [ ], and then press the [OK] key. "Driver Encryption Key" is one of the extended security functions. For details about this and other security functions, see "Specifying the Extended Security Functions".
Encrypting Transmitted Passwords • p.177 "Specifying the Extended Security Functions" IPP Authentication Password This can be specified by the network administrator. Specify the IPP authentication passwords for the machine using Web Image Monitor. By making this setting, you can encrypt IPP authentication passwords for transmission to prevent them from being analyzed.
6. Enhanced Network Security Protection Using Encryption Establish encrypted transmission on this machine using SSL, SNMPv3, and IPsec. By encrypting transmitted data and safeguarding the transmission route, you can prevent sent data from being intercepted, analyzed, and tampered with. SSL (Secure Sockets Layer) Encryption This can be specified by the network administrator.
Page 145
Protection Using Encryption 2. The device certificate and public key are sent from the machine to the user's computer. 3. Create a shared key from the user's computer, and then encrypt it using the public key. 4. The encrypted shared key is sent to the machine. 5.
Page 146
6. Enhanced Network Security Enter "http://(the machine's IP address or host name)/" in the address bar. When entering an IPv4 address, do not begin segments with zeros. For example: If the address is "192.168.001.010", you must enter it as "192.168.1.10" to connect to the machine. The top page of Web Image Monitor appears.
Page 147
Protection Using Encryption Click [Configuration], and then click [Device Certificate] under "Security". The "Device Certificate" page appears. Check the radio button next to the number of the certificate you want to request. Click [Request]. Make the necessary settings. Click [OK]. "Requesting"...
Page 148
6. Enhanced Network Security Click [Configuration], and then click [Device Certificate] under "Security". The "Device Certificate" page appears. Check the radio button next to the number of the certificate you want to install. Click [Install]. Enter the contents of the device certificate. In the "Certificate Request"...
Protection Using Encryption User Settings for SSL (Secure Sockets Layer) If you have installed a device certificate and enabled SSL (Secure Sockets Layer), you need to install the certificate on the user's computer. The network administrator must explain the procedure for installing the certificate to users. If a warning dialog box appears while accessing the machine using Web Image Monitor or IPP, start the Certificate Import Wizard and install a certificate.
Page 150
6. Enhanced Network Security Setting the SSL / TLS Encryption Mode This can be specified by the network administrator. After installing the device certificate, specify the SSL/TLS encrypted communication mode. By making this setting, you can change the security level. For details about logging on and logging off with administrator authentication, see "Logging on Using Administrator Authentication", "Logging off Using Administrator Authentication".
Protection Using Encryption Select the encrypted communication mode using [ ] or [ ], and then press the [OK] key. Select [Ciphertext Only], [Ciphertext Priority], or [Ciphertext / Clear Text] as the encrypted communication mode. Press the [User Tools/Counter] key. •...
Page 152
6. Enhanced Network Security Select [Interface Settings] using [ ] or [ ], and then press the [OK] key. Select [Network] using [ ] or [ ], and then press the [OK] key. Select [Permit SNMPv3 Communictn.] using [ ] or [ ], and then press the [OK] key. Select [Encryption Only] using [ ] or [ ], and then press the [OK] key.
Page 153
Protection Using Encryption • p.26 "Registering the Administrator"...
6. Enhanced Network Security Transmission Using IPsec This can be specified by the network administrator. For communication security, this machine supports IPsec. IPsec transmits secure data packets at the IP protocol level using the shared key encryption method, where both the sender and receiver retain the same key.
Transmission Using IPsec • For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. If you use the encryption key auto exchange method, the authentication algorithm and authentication key are specified automatically. AH Protocol The AH protocol provides secure transmission through authentication of packets only, including headers.
6. Enhanced Network Security Settings 1-4 and Default Setting Using either the manual or auto exchange method, you can configure four separate sets of SA details (such as different shared keys and IPsec algorithms). In the default settings of these sets, you can include settings that the fields of sets 1 to 4 cannot contain.
Page 157
Transmission Using IPsec Security Level Security Level Features Since the data is sent in cleartext, data packets are vulnerable to eavesdropping attacks. Do not select this if you are exchanging sensitive information. Select this level if you want to encrypt the data packets as well as authenticate the transmission partner and prevent unauthorized Authentication and Low Level packet tampering.
Page 159
Transmission Using IPsec Setting Description Setting Value • apply Security Policy Specify how IPsec is handled. • bypass • discarded • Transport • Tunnel (Tunnel beginning address - Tunnel ending address) Specify the encapsulation If you specify "Tunnel", you mode. Encapsulation Mode must then specify the "Tunnel (auto setting)
Page 160
6. Enhanced Network Security Setting Description Setting Value Specify the encryption Phase 1 algorithm to be used in phase • DES Encryption Algorithm • 3DES (auto setting) Select the Diffie-Hellman group • 1 Phase 1 number used for IKE encryption •...
Page 161
Transmission Using IPsec Setting Description Setting Value (auto setting) • 14 Specify the time period for Specify a period (in seconds) Phase 2 which the SA settings in phase from 300 (5min.) to 172800 Validity Period 2 are valid. (48 hrs.). Encryption Key Manual Settings Items Setting Description...
Page 162
6. Enhanced Network Security Setting Description Setting Value the beginning point as you set in "Local Address". Specify the same value as your Any number between 256 and SPI (Output) transmission partner's SPI input 4095 value. Specify the same value as your Any number between 256 and SPI (Input) transmission partner's SPI...
Transmission Using IPsec Setting Description Setting Value • AES-128 • AES-192 • AES-256 Specify a value within the ranges shown below, according to the encryption algorithm. hexadecimal value 0-9, a-f, A-F • DES, set 16 digits • 3DES, set 48 digits •...
Page 164
6. Enhanced Network Security BBD004S • To use a certificate to authenticate the transmission partner in encryption key auto exchange settings, a device certificate must be installed. • After configuring IPsec, you can use "Ping" command to check if the connection is established correctly. However, you cannot use "Ping"...
Page 165
Transmission Using IPsec Click [Edit] under "Encryption Key Auto Exchange Settings". Make encryption key auto exchange settings in [Settings 1]. If you want to make multiple settings, select the settings number and add settings. Click [OK]. Select [Active] for "IPsec". Set "Exclude HTTPS Transmission"...
Page 166
6. Enhanced Network Security Specifying IPsec Settings on the Computer Specify exactly the same settings for IPsec SA settings on your computer as are specified by the machine's security level on the machine. Setting methods differ according to the computer's operating system. The example procedure shown here uses Windows XP when the Authentication and Low Level Encryption Security level is selected.
Page 167
Transmission Using IPsec In [Name], enter an IP Filter name, and then click [Add]. The IP Filter Wizard appears. Click [Next]. Select "My Address" in "Source Address", and then click [Next]. Select "A specific IP address" in "Destination Address", enter the machine's IP address, and then click [Next].
6. Enhanced Network Security and "User Setting" appears, you must set the same the group number for "Phase 1 Diffie-Hellman Group" and "Phase 2 PFS" on the machine to establish IPsec transmission. Encryption Key Manual Settings Configuration Flow This section explains the procedure for specifying encryption key manual settings. This can be specified by the network administrator.
Transmission Using IPsec The top page of Web Image Monitor appears. Click [Login]. The network administrator can log on. Enter the login user name and login password. Click [Configuration], and then click [IPsec] under "Security". The IPsec settings page appears. Select [Active] for "Encryption Key Manual Settings".
Page 170
6. Enhanced Network Security • Encryption key auto exchange settings, IKE setting 1-4 values • Encryption key auto exchange settings, IKE default setting values Display current settings portions msh> ipsec -p • Displays IPsec settings information in portions. ipsec manual mode To display or specify encryption key manual settings, use the "ipsec manual_mode"...
Page 171
Transmission Using IPsec Disable settings msh> ipsec manual {1|2|3|4|default} disable • To disable the settings 1-4, specify the setting number [1-4]. • To disable the default settings, specify [default]. Specify the local/remote address for settings 1-4 msh> ipsec manual {1|2|3|4} {ipv4|ipv6} local address remote address •...
Page 172
6. Enhanced Network Security Tunnel end point setting msh> ipsec manual {1|2|3|4|default} tunneladdar beginning IP address ending IP address • Enter the separate setting number [1-4] or [default] and specify the tunnel end point beginning and ending IP address. • Not specifying either the beginning or ending address displays the current settings. Authentication algorithm and authentication key settings msh>...
Page 173
Transmission Using IPsec • To display the default setting, specify [default]. • Not specifying any value displays all of the settings. Disable settings msh> ipsec manual {1|2|3|4|default} disable • To disable the settings 1-4, specify the number [1-4]. • To disable the default settings, specify [default]. Specify the local/remote address for settings 1-4 msh>...
Page 174
6. Enhanced Network Security • If you specify [require], data will not be transmitted when IPsec cannot be used. If you specify [use], data will be sent normally when IPsec cannot be used. When IPsec can be used, IPsec transmission is performed. •...
Page 175
Transmission Using IPsec • Not specifying the hash algorithm displays the current setting. ISAKMP SA (phase 1) encryption algorithm setting msh> ipsec ike {1|2|3|4|default} ph1 encrypt {des|3des} • Enter the separate setting number [1-4] or [default] and specify the ISAKMP SA (phase 1) encryption algorithm.
Page 176
6. Enhanced Network Security IPsec SA (phase 2) PFS setting msh> ipsec ike {1|2|3|4|default} ph2 pfs {none|1|2|14} • Enter the separate setting number [1-4] or [default] and specify the IPsec SA (phase 2) Diffie- Hellman group number. • Specify the group number to be used. •...
Authentication by telnet Authentication by telnet This section explains Authentication by telnet. When using telnet, the default login name for administrator login is "admin" and the password is blank. For details on how to login to telnet, see "Using telnet", Network Guide.
6. Enhanced Network Security Authentication by IEEE802.1X IEEE802.1X enables authentication in an Ethernet environment. For details, see "Using telnet", Network and System Settings Guide.
7. Specifying the Extended Security Functions This chapter describes the machine's extended security features and how to specify them. Specifying the Extended Security Functions In addition to providing basic security through user authentication and administrator specified access limits on the machine, security can also be increased by encrypting transmitted data and data in the Address Book.
7. Specifying the Extended Security Functions Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Extended Security] using [ ] or [ ], and then press the [OK] key. Press the setting you want to change using [ ] or [ ], and then press the [OK] key. Change the setting, and then press the [OK] key.
Page 181
Specifying the Extended Security Functions The available fax destinations are limited to the destinations registered in the Address Book. A user cannot directly enter the destinations for transmission. The destinations searched by "Search LDAP" can be used. For details about preventing unauthorized transmission, see "Preventing Data Leaks Due to Unauthorized Transmission".
Page 182
7. Specifying the Extended Security Functions • Off Settings by SNMP v1 and v2 This can be specified by the network administrator. When the machine is accessed using the SNMPv1, v2 protocol, authentication cannot be performed, allowing machine administrator settings such as the paper setting to be changed.
Page 183
Specifying the Extended Security Functions If you select [Access Privilege], users who canceled a copy or print job in progress and the machine administrator can operate the machine. Even if you select [Login Privilege] and log on to the machine, you cannot cancel a copy or print job in progress if you are not authorized to use the copy and printer functions.
Page 184
7. Specifying the Extended Security Functions Change Firmware Structure This can be specified by the machine administrator. Specify whether to prevent changes in the machine's firmware structure. The Change Firmware Structure function detects when the SD card is inserted, removed or replaced. If you select [Prohibit], the machine stops during startup when a firmware structure change is detected and a message requesting administrator login is displayed.
Other Security Functions Other Security Functions This section explains settings for preventing information leaks, and functions that you can restrict to further increase security. Fax Function Not Displaying Destinations and Senders in Reports and Lists In [Fax Features], you can specify whether to display destinations and sender names by setting "Switch 4, Bit No.
7. Specifying the Extended Security Functions Limiting Machine Operation to Customers Only The machine can be set so that operation is impossible without administrator authentication. The machine can be set to prohibit operation without administrator authentication and also prohibit remote registration in the Address Book by a service representative.
Limiting Machine Operation to Customers Only Select [Service Mode Lock] using [ ] or [ ], and then press the [OK] key. Select [On] using [ ] or [ ], and then press the [OK] key. A confirmation message appears. Press [Yes].
Page 188
7. Specifying the Extended Security Functions Select [System Settings] using [ ] or [ ], and then press the [OK] key. Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Service Mode Lock] using [ ] or [ ], and then press the [OK] key. Select [Off] using [ ] or [ ], and then press the [OK] key.
8. Troubleshooting This chapter describes what to do if the machine does not function properly. Authentication Does Not Work Properly This section explains what to do if a user cannot operate the machine because of a problem related to user authentication.
Page 190
8. Troubleshooting Messages Cause Solutions "Failed to obtain URL." The machine cannot connect to Make sure the server's settings, the server or cannot establish such as the IP address and host communication. name, are specified correctly on the machine. Make sure the host name of the UA Server is specified correctly.
Authentication Does Not Work Properly • p.37 "Authentication Setting Procedure" Machine Cannot Be Operated If the following conditions arise while users are operating the machine, provide the instructions on how to deal with them. Condition Cause Solution Cannot perform the following: User authentication has been Confirm the user name and login rejected.
Page 192
8. Troubleshooting Condition Cause Solution Cannot authenticate using the Authentication is not possible Wait until editing of the Address TWAIN driver. while the machine is editing the Book data is complete. Address Book data. After starting "User Management "Restrict Use of Simple Set "Restrict Use of Simple Tool"...
Page 193
Authentication Does Not Work Properly Condition Cause Solution For details about enabling [All Users], see "Specifying Access Permission for Stored Files". User authentication is enabled, User authentication may have Re-enable user authentication, yet destinations specified using been disabled while [All Users] is and then enable [All Users] for the machine do not appear.
9. Appendix Supervisor Operations The supervisor can delete an administrator's password and specify a new one. If any of the administrators forgets their password or if any of the administrators changes, the supervisor can assign a new password. If logged on using the supervisor's user name and password, you cannot use normal functions or specify defaults.
9. Appendix Enter a login user name, and then press the [OK] key. When you assign the administrator for the first time, enter "supervisor". Enter a login password, and then press the [OK] key. When you assign the administrator for the first time, press the [OK] key without entering login password.
Page 197
Supervisor Operations To do this, you must enable the user administrator's privileges through the settings under [Admin. Auth. management]. For details, see "Specifying Administrator Privileges". Press the [User Tools/Counter] key. Press [Login]. Log on as the supervisor. You can log on in the same way as an administrator. Select [System Settings] using [ ] or [ ], and then press the [OK] key.
Page 198
9. Appendix Select [Supervisor] using [ ] or [ ], and then press the [OK] key. Select [Login User Name] using [ ] or [ ], and then press the [OK] key. Enter the login user name, and then press the [OK] key. Select [Login Password] using [ ] or [ ], and then press the [OK] key.
Supervisor Operations Press [Exit] three times. You will be automatically logged off. Press the [User Tools/Counter] key. • p.24 "Specifying Administrator Privileges" • p.193 "Supervisor Operations" Resetting an Administrator's Password This section describes how to reset the administrators' passwords. For details about logging on and logging off as the supervisor, see "Supervisor Operations". Press the [User Tools/Counter] key.
Page 200
9. Appendix Select [Administrator Tools] using [ ] or [ ], and then press the [OK] key. Select [Program/Change Admin.] using [ ] or [ ], and then press the [OK] key. Select [Admin. Detailed Settings] using [ ] or [ ], and then press the [OK] key. Select the administrator you wish to reset using [ ] or [ ], and then press the [OK] key.
Page 201
Supervisor Operations If a password reentry screen appears, enter the login password, and then press the [OK] key. Press [Exit] three times. You will be automatically logged off. Press the [User Tools/Counter] key. • p.193 "Supervisor Operations"...
9. Appendix Machine Administrator Settings The machine administrator settings that can be specified are as follows: System Settings The following settings can be specified. General Features All the settings can be specified. Tray Paper Settings All the settings can be specified. Timer Settings All the settings can be specified.
Machine Administrator Settings • Program / Change / Delete LDAP Server Name Server Name Search Base Port Number Use Secure Connection (SSL) Authentication User Name Password Connection Test Search Conditions Search Options • LDAP Search • Program / Change / Delete Realm •...
9. Appendix Stamp All the settings can be specified. Input / Output All the settings can be specified. Adjust Colour Image All the settings can be specified. Administrator Tools All the settings can be specified. Facsimile Features The following settings can be specified. General Settings/Adjust All the settings can be specified.
Machine Administrator Settings • Menu Protect • List / Test Print Lock • 4 Colour Graphic Mode System The following settings can be specified. • Print Error Report • Auto Continue • Memory Overflow • Rotate by 180 Degrees • Duplex •...
Page 206
9. Appendix Location Protect Printer Display Panel Permit Firmware Update Permit Firmware Structure Change Display IP Address on Device Display Panel Output Tray Paper Tray Priority • Paper All the settings can be specified. • Date/Time All the settings can be specified. •...
Page 207
Machine Administrator Settings All the settings can be specified. • Host Interface All the settings can be specified. • PCL Menu All the settings can be specified. • Tray Parameters (PCL) All the settings can be specified. • Virtual Printer Settings All the settings can be specified.
9. Appendix Settings via SmartDeviceMonitor for Admin The following settings can be specified. Device Properties • Reset Device • Reset Current Job • Refresh User Management Tool The following settings can be specified. • User Counter Information • Access Control List...
Network Administrator Settings Network Administrator Settings The network administrator settings that can be specified are as follows: System Settings The following settings can be specified. Interface Settings If DHCP is set to On, the settings that are automatically obtained via DHCP cannot be specified. •...
Page 210
9. Appendix • Program/Change Administrator You can specify the following administrator settings for the network administrator. Login User Name Login Password Encryption Password Interface Settings • Ethernet Security Network • IPv4 All the settings can be specified. • IPv6 All the settings can be specified. •...
Network Administrator Settings • Site Certificate All the settings can be specified. • Device Certificate All the settings can be specified. • IPsec All the settings can be specified. • IEEE 802.1X (WPA/WPA2) All the settings can be specified. Webpage All the settings can be specified.
9. Appendix File Administrator Settings The file administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Administrator Authentication Management File Management • Program / Change Administrator File Administrator • Extended Security Enhance File Protection Settings via Web Image Monitor The following settings can be specified.
User Administrator Settings User Administrator Settings The user administrator settings that can be specified are as follows: System Settings The following settings can be specified. Administrator Tools • Address Book Management • Progrm./Change/Delete Group • Address Book : Print List •...
9. Appendix Webpage • Download Help File Settings via SmartDeviceMonitor for Admin The following settings can be specified. Address Management Tool All the settings can be specified. User Management Tool • Restrict Access To Device • Reset User Counters • Add New User •...
The Privilege for User Account Settings in the Address Book The Privilege for User Account Settings in the Address Book The authorities for using the Address Book are as follows: The authority designations in the list indicate users with the following authorities. •...
Page 216
9. Appendix *1 You can only enter the password. Auth. Protect Read- Edit / Edit Full Registere User only Delete Settings Control d User Admin. (User) (User) (User) Register as Dest. Protect Obj. Dest. Protect: Permission Fax Settings Read- Edit / Edit Full Register...
User Settings - Control Panel Settings User Settings - Control Panel Settings This section explains which functions and system settings are available to users when administrator authentication is specified. The administrator's configuration of Menu Protect and Available Settings determines which functions and system settings are available to users. If user authentication is specified, system settings and functions are available to authorized users only, who must log in to access them.
9. Appendix Copier Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. •...
Printer Features Printer Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 220
9. Appendix Settings Level 1 Level 2 Memory Overflow Rotate by 180 Degrees Duplex Copies Blank Page Print Sub Paper Size Page Size Letterhead Setting Bypass Tray Setting Priority Edge to Edge Print Tray Switching Extended Auto Tray Switching Host Interface Settings Level 1 Level 2...
Page 221
Printer Features Settings Level 1 Level 2 Symbol Set Courier Font Extend A4 Width Append CR to LF Resolution...
9. Appendix Facsimile Features When administrator authentication is specified, the administrator's configuration of Menu Protect determines which functions and settings are available to users. If user authentication is specified, functions and settings are available to authorized users only, who must log in to access them. The following settings can be specified by someone who is not an administrator.
Page 223
Facsimile Features Administrator Tools Settings Level 1 Level 2 Print Journal Print TX Standby File List Memory Lock Forwarding Parameter Setting Program Special Sender Program Memory Lock ID Select Dial/Push Phone G3 Analog Line...
9. Appendix System Settings When administrator authentication is specified, the administrator's configuration of Available Settings determines which system settings are available to users. If user authentication is specified, system settings are available to authorized users only, who must log in to access them. •...
Page 225
System Settings Tray Paper Settings Settings Tray Paper Size: Tray 1-4 Printer Bypass Paper Size Paper Type: Bypass Tray Paper Type: Tray 1-4 Ppr Tray Priority:Copier Ppr Tray Priority:Fax Ppr Tray Priority:Printer Timer Settings Settings Auto Off Timer Panel Off Timer System Auto Reset Timer Copier Auto Reset Timer Facsimile Auto Reset Timer...
Page 226
9. Appendix Settings Machine IPv4 Address*1 IPv4 Gateway Address IPv6 Stateless Setting DNS Configuration*1 DDNS Configuration IPsec Domain Name*1 WINS Configuration*1 Effective Protocol NCP Delivery Protocol NW Frame Type SMB Computer Name SMB Work Group Ethernet Speed IEEE 802.1X Auth.(Ethernet) Restr.
Page 227
System Settings Administrator Tools Settings Address Book Management Prgrm. /Change/Delete Group Address Book:Print List Display / Print Counter Disp./Print User Counter User Auth. Management Admin.Auth.Management Key Counter Management Extended Security Prog/Chnge/Del LDAP Server *6 LDAP Search Prog./Change/Delete Realm AOF(Always On) Energy Saver Level Service Mode Lock Delete All Logs...
9. Appendix User Settings - Web Image Monitor Settings This section displays the user settings that can be specified on Web Image Monitor when user authentication is specified. Settings that can be specified by the user vary according to the menu protect level and available settings specifications.
Device Settings Device Settings The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 230
9. Appendix Settings Tray2 : Paper Size Tray2 : Custom Paper Size Tray2 : Paper Type Tray2 : Apply Auto Paper Select Tray2 : Apply Duplex Tray3 : Paper Size Tray3 : Custom Paper Size Tray3 : Paper Type Tray3 : Apply Auto Paper Select Tray3 : Apply Duplex Tray4 : Paper Size Tray4 : Custom Paper Size...
Page 231
Device Settings Settings Time Zone Timer Settings Auto Off Timer Panel Off Timer System Auto Reset Timer Copier Auto Reset Timer Facsimile Auto Reset Timer Scanner Auto Reset Timer Printer Auto Reset Timer Auto Logout Timer Logs Settings Collect Job Logs Job Log Collect Level Collect Access Logs Access Log Collect Level...
Page 232
9. Appendix User Authentication Management Settings User Authentication Management User Code Authentication - Printer Job Authentication User Code Authentication - Available Function Basic Authentication - Printer Job Authentication Basic Authentication - Available Function Windows Authentication - Printer Job Authentication Windows Authentication - SSL Windows Authentication - Kerberos Authentication Windows Authentication - Domain Name...
Page 233
Device Settings Settings Integration Server Authentication - Authentication Type Integration Server Authentication - Domain Name Integration Server Authentication - Group Settings for Integration Server Authentication LDAP Server Settings LDAP Search Program/Change/Delete...
9. Appendix Printer If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 235
Printer Settings Level 1 Level 2 Orientation Form Lines Font Source Font Number Point Size Font Pitch Symbol Set Courier Font Extend A4 Width Append CR to LF Resolution Virtual Printer Settings Settings Level 1 Level 2 Details Select Virtual Printer...
9. Appendix If you have specified administrator authentication, the available functions and settings depend on the menu protect setting. The following settings can be specified by someone who is not an administrator. • Abbreviations in the table columns R/W (Read and Write) = Both reading and modifying the setting are available. R (Read) = Reading only.
Page 237
Parameter Settings Settings Level 1 Level 2 Just Size Printing Combine 2 Originals Journal Immediate Transmission Result Report Communication Result Report Memory Storage Report SEP Code RX Result Report SEP Code RX Reserve Report LAN-Fax Result Report Inclusion of Part of Image...
9. Appendix Interface The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Network Network The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
Page 240
9. Appendix Settings DIPRINT sftp WSD (Device) WSD (Printer) WSD (Printer) / IPP Timeout RHPP IPv6 Settings IPv6 Host Name Domain Name Stateless Address Manual Configuration Address DCHPv6-lite DDNS Default Gateway Address DNS Server RSH/RCP DIPRINT sftp...
Page 241
Network Settings WSD (Device) WSD (Printer) WSD (Printer) / IPP Timeout RHPP NetWare Settings NetWare Print Server Name Logon Mode File Server Name NDS Tree NDS Context Name Operation Mode Remote Printer No. Job Timeout Frame Type Print Server Protocol NCP Delivery Protocol Settings Workgroup Name...
Webpage Webpage The settings available to the user depend on whether or not administrator authentication has been specified. If administrator authentication has been specified, the settings available to the user depend on whether or not "Available Settings" has been specified. •...
9. Appendix Functions That Require Options The following functions require certain options and additional functions. • Data security for copying function Copy Data Security Unit...
Trademarks Trademarks ® ® ® ® ® Microsoft , Windows , Windows NT , Windows Server , and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Adobe, Acrobat and Acrobat Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Page 246
9. Appendix ® ® Microsoft Windows Vista Home Premium ® ® Microsoft Windows Vista Home Basic * The product names of Windows Server 2003 are as follows: ® ® Microsoft Windows Server 2003 Standard Edition ® ® Microsoft Windows Server 2003 Enterprise Edition ®...