How it Works
Canon
Loading...
ColorWave 600
Administration Manual
410 pgs18.5 Mb0
Table of contents
Loading...

Canon PlotWave 750, PlotWave 340, PlotWave 900, PlotWave 500, PlotWave 360 Administration Manual

...
Administration guide
PlotWave - ColorWave Systems
Security information
Copyright and Trademarks
Copyright
Copyright 2012 - 2017 Océ.
Illustrations and specifications do not necessarily apply to products and services offered in each local market. No part of this publication may be reproduced, copied, adapted or transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language in any form or by any means, electronic, mechanical, optical, chemical, manual, or otherwise, without the prior written permission of Océ.
OCÉ MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THE CONTENTS OF THIS PUBLICATION, EITHER EXPRESS OR IMPLIED, EXCEPT AS PROVIDED HEREIN, INCLUDING WITHOUT LIMITATION, THEREOF, WARRANTIES AS TO MARKETABILITY, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OF USE OR NON-INFRINGEMENT. OCÉ SHALL NOT BE LIABLE FOR ANY DIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY NATURE, OR LOSSES OR EXPENSES RESULTING FROM THE USE OF THE CONTENTS OF THIS PUBLICATION.
Océ reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation to notify any person of such revision or changes.
Language
Original instructions that are in British English.
Trademarks
Océ, Océ ColorWave, Océ PlotWave are registered trademarks of Océ-Technologies B.V. Océ is a Canon company.
Adobe, PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Internet Explorer, Microsoft, Windows, Windows Server, Windows Vista are trademarks or registered trademarks of Microsoft Corp. incorporated in the United States and/or other countries.
McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries.
All other trademarks are the property of their respective owners.
Edition 2017-06
GB

Contents

Contents
Chapter 1
Océ Security policy............................................................................................................. 9
The Océ Security policy ................................................................................................................................ 10
Downloads and support for your product....................................................................................................12
Overview of the security features available per Océ System .................................................................... 13
Chapter 2 Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave
300...................................................................................................................................... 19
Security on Océ PlotWave 300/350, PlotWave 900 R1.x and ColorWave 300........................................... 20
Overview...................................................................................................................................................20
Security overview for the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave
900 R1.x and the Océ ColorWave 300 systems ..............................................................................20
System and Network security.................................................................................................................21
Ports - Protocols.................................................................................................................................21
Security Patches................................................................................................................................ 26
Security levels....................................................................................................................................28
Prevent any outgoing connection to the Internet .......................................................................... 31
Security of the USB connection (Océ PlotWave 300/350, Océ ColorWave 300)...........................32
Antivirus ............................................................................................................................................ 33
Roles and Passwords........................................................................................................................ 34
Data Security ........................................................................................................................................... 37
E-Shredding....................................................................................................................................... 37
IPsec (on Océ PlotWave 300/350, Océ PlotWave 900 1.2 and higher 1.x, Océ ColorWave
300)..................................................................................................................................................... 40
Prevent USB Direct Print and Scan to USB (Océ PlotWave 300/350, Océ ColorWave 300).........56
HTTPS with Océ PlotWave 900 R1.x................................................................................................ 58
Smart Inbox management................................................................................................................62
Security on Océ PlotWave 750 and Océ PlotWave 900 R2.x ......................................................................63
Overview...................................................................................................................................................63
Security overview for the Océ PlotWave 750 and the Océ PlotWave 900 R2.x systems.............63
System and Network security.................................................................................................................64
Ports - Protocols.................................................................................................................................64
Security Patches................................................................................................................................ 69
Security levels....................................................................................................................................72
Prevent any outgoing connection to the Internet .......................................................................... 74
Antivirus ............................................................................................................................................ 75
Roles and Passwords........................................................................................................................ 76
Audit log.............................................................................................................................................78
Data Security ........................................................................................................................................... 79
E-Shredding....................................................................................................................................... 79
IPsec ...................................................................................................................................................82
HTTPS (on Océ PlotWave 750 and PlotWave 900 R2.x)................................................................. 88
Smart Inbox management and job management...........................................................................95
Chapter 3
Security on Océ PlotWave 500 and PlotWave 340/360................................................. 97
Overview......................................................................................................................................................... 98
Security overview for the Océ PlotWave 500 and PlotWave 340/360 systems...................................98
3
Contents
System and Network security....................................................................................................................... 99
Ports - Protocols.......................................................................................................................................99
Applications, protocols and ports ................................................................................................... 99
Security Patches.....................................................................................................................................102
Install the Océ Remote patch..........................................................................................................102
Protocol protection................................................................................................................................ 104
Network protocols protection ........................................................................................................104
Prevent any outgoing connection to the Internet ...............................................................................106
Security of the USB connection ...........................................................................................................107
The USB connection on the printer user interface ...................................................................... 107
Antivirus .................................................................................................................................................108
Roles and Passwords.............................................................................................................................109
Roles and profiles............................................................................................................................109
Passwords policy and behaviour in the Océ PlotWave 500 and PlotWave 340/360 systems... 110
Access control........................................................................................................................................ 112
Audit log................................................................................................................................................. 113
Data security................................................................................................................................................. 114
E-Shredding in Océ PlotWave 500 and PlotWave 340/360 systems.................................................. 114
E-shredding presentation................................................................................................................114
Enable the e-shredding in Océ Express WebTools.......................................................................115
E-shredding process and system behaviour.................................................................................117
IPsec ....................................................................................................................................................... 118
IPsec presentation .......................................................................................................................... 118
Configure the IPsec settings in the Océ controller .......................................................................120
Configure the IPsec settings on a workstation or a print server..................................................122
Troubleshooting: Disable 'Access control' and IPsec (Océ PlotWave 500 and PlotWave
340/360 systems)............................................................................................................................. 132
HTTPS .................................................................................................................................................... 134
Encrypt print data and manage the system configuration using HTTPS....................................134
Request and import a CA-signed certificate..................................................................................139
Prevent 'Print from USB' and/or 'Scan to USB' ..................................................................................145
How to prevent 'Print from USB' and/or 'Scan to USB'............................................................... 145
Smart Inbox management and job management...............................................................................146
Chapter 4
Security on Océ PlotWave 345/365 and Océ PlotWave 450/550................................147
Overview....................................................................................................................................................... 148
Security overview for the Océ PlotWave 345, Océ PlotWave 365, Océ PlotWave 450 and Océ
PlotWave 550..........................................................................................................................................148
System and Network security..................................................................................................................... 150
Ports - Protocols.....................................................................................................................................150
Applications, protocols and ports ................................................................................................. 150
Security Patches.....................................................................................................................................154
Install the Océ Remote patch..........................................................................................................154
Protocol protection................................................................................................................................ 156
Network protocols protection ........................................................................................................156
Prevent any outgoing connection to the Internet ...............................................................................158
Security of the USB connection ...........................................................................................................159
The USB connection on the printer user interface ...................................................................... 159
Antivirus .................................................................................................................................................160
Roles and Passwords.............................................................................................................................161
Roles and profiles............................................................................................................................161
Passwords policy and behaviour in the Océ PlotWave 345/365 and Océ PlotWave 450/550....162
Access control........................................................................................................................................ 164
Audit log................................................................................................................................................. 165
Data security................................................................................................................................................. 166
User authentication................................................................................................................................166
Secure printing, copying and scanning operations with the User authentication.....................166
User authentication: the standard workflows............................................................................... 170
4
Contents
Authentication by Smart card ........................................................................................................176
Authentication by Contactless card .............................................................................................. 182
Authentication by user name and password................................................................................ 187
Log out .............................................................................................................................................192
Troubleshooting.............................................................................................................................. 195
Hard disk encryption..............................................................................................................................198
E-Shredding............................................................................................................................................200
E-shredding presentation................................................................................................................200
Enable the e-shredding in Océ Express WebTools.......................................................................201
E-shredding process and system behaviour.................................................................................203
IPsec ....................................................................................................................................................... 204
IPsec presentation .......................................................................................................................... 204
Configure the IPsec settings in the Océ controller .......................................................................206
Configure the IPsec settings on a workstation or a print server..................................................208
Troubleshooting: Disable 'Access control' and IPsec...................................................................218
HTTPS .................................................................................................................................................... 220
Encrypt print data and manage the system configuration using HTTPS....................................220
Request and import a CA-signed certificate..................................................................................225
Scan to Home folder / Print from Home folder....................................................................................231
Troubleshooting.............................................................................................................................. 232
Prevent 'Print from USB' and/or 'Scan to USB' ..................................................................................233
How to prevent 'Print from USB' and/or 'Scan to USB'............................................................... 233
Smart Inbox management and job management...............................................................................234
Chapter 5
Security on Océ ColorWave 550/600/650 (and Poster Printer).................................. 235
Security on Océ ColorWave 550, ColorWave 600 (Poster Printer), ColorWave 650 R2.x (Poster
Printer)...........................................................................................................................................................236
Overview.................................................................................................................................................236
Security overview for the Océ ColorWave 600/650 (Poster Printer) and the Océ ColorWave
550 systems......................................................................................................................................236
System and Network security...............................................................................................................238
Ports - Protocols...............................................................................................................................238
Security Patches.............................................................................................................................. 241
Protocol protection..........................................................................................................................243
Prevent any outgoing connection to the Internet ........................................................................ 244
Security of the USB connection .................................................................................................... 245
Operating System and software protection.................................................................................. 246
Roles and Passwords...................................................................................................................... 247
Access control..................................................................................................................................249
Data Security.......................................................................................................................................... 250
E-Shredding on Océ ColorWave 600 and Océ ColorWave 650 (PP) and Océ ColorWave 550.. 250
IPsec on Océ ColorWave 550 v2.3.1 and higher and Océ ColorWave 650 (PP) v2.3.1 and
higher................................................................................................................................................253
How to prevent 'Print from USB' on Océ ColorWave 550/650 (and PP) .....................................266
Smart Inbox management and job management.........................................................................267
Security on Océ ColorWave 650 R3.x......................................................................................................... 268
Overview.................................................................................................................................................268
Security overview for the Océ ColorWave 650 R3.x system........................................................268
System and Network security...............................................................................................................269
Ports - Protocols...............................................................................................................................269
Security Patches.............................................................................................................................. 272
Protocol protection..........................................................................................................................274
Prevent any outgoing connection to the Internet ........................................................................ 276
Security of the USB connection .................................................................................................... 277
Antivirus .......................................................................................................................................... 278
Roles and Passwords...................................................................................................................... 279
Access control..................................................................................................................................281
Audit log...........................................................................................................................................282
5
Contents
Data security...........................................................................................................................................283
E-Shredding..................................................................................................................................... 283
IPsec .................................................................................................................................................284
HTTPS (on Océ ColoWave 650 R3.x)..............................................................................................290
How to prevent 'Print from USB' on Océ ColorWave 550/650 (and PP) .....................................297
Smart Inbox management and job management.........................................................................298
Chapter 6
Security on Océ ColorWave 500 and Océ ColorWave 700.......................................... 299
Overview....................................................................................................................................................... 300
Security overview for the Océ ColorWave 500 and ColorWave 700 systems...................................300
System and Network security..................................................................................................................... 302
Ports - Protocols.....................................................................................................................................302
Applications, protocols and ports ................................................................................................. 302
Security Patches.....................................................................................................................................306
Install the Océ Remote patch..........................................................................................................306
Protocol protection................................................................................................................................ 308
Network protocols protection ........................................................................................................308
Prevent any outgoing connection to the Internet ...............................................................................310
Security of the USB connection ...........................................................................................................311
The USB connection on the printer user interface ...................................................................... 311
Antivirus .................................................................................................................................................312
Roles and Passwords.............................................................................................................................313
Roles and profiles............................................................................................................................313
Passwords policy and behaviour in the Océ ColorWave 500 and ColorWave 700 systems..... 314
Access control........................................................................................................................................ 316
Audit log................................................................................................................................................. 317
Data security................................................................................................................................................. 318
User authentication................................................................................................................................318
Secure printing, copying and scanning operations with the User authentication.....................318
User authentication: the standard workflows............................................................................... 322
Authentication by Smart card ........................................................................................................328
Authentication by user name and password................................................................................ 334
Log out .............................................................................................................................................339
Troubleshooting.............................................................................................................................. 342
Hard disk encryption..............................................................................................................................345
E-Shredding............................................................................................................................................347
E-shredding presentation................................................................................................................347
Enable the e-shredding in Océ Express WebTools.......................................................................348
E-shredding process and system behaviour.................................................................................350
IPsec ....................................................................................................................................................... 351
IPsec presentation .......................................................................................................................... 351
Configure the IPsec settings in the Océ controller .......................................................................353
Configure the IPsec settings on a workstation or a print server..................................................355
Troubleshooting: Disable 'Access control' and IPsec...................................................................365
HTTPS .................................................................................................................................................... 367
Encrypt print data and manage the system configuration using HTTPS....................................367
Request and import a CA-signed certificate..................................................................................372
Scan to Home folder / Print from Home folder....................................................................................378
Troubleshooting.............................................................................................................................. 379
Prevent 'Print from USB' and/or 'Scan to USB' ..................................................................................380
How to prevent 'Print from USB' and/or 'Scan to USB'............................................................... 380
Smart Inbox management and job management...............................................................................381
Chapter 7
Security on Océ ColorWave 810, Océ ColorWave 900 and Océ ColorWave 910.......383
Overview....................................................................................................................................................... 384
Security overview for the Océ ColorWave 810, Océ ColorWave 900 and Océ ColorWave 910
systems...................................................................................................................................................384
6
Contents
System and Network security..................................................................................................................... 385
Ports - Protocols.....................................................................................................................................385
Applications, protocols and ports ................................................................................................. 385
Security Patches.....................................................................................................................................387
Install the Océ Remote patch..........................................................................................................387
Protocol protection................................................................................................................................ 389
Network protocols protection ........................................................................................................389
Prevent any outgoing connection to the Internet ...............................................................................391
Security of the USB connection ...........................................................................................................392
The USB connection on the printer user interface ...................................................................... 392
Roles and Passwords.............................................................................................................................393
Roles and profiles............................................................................................................................393
Audit log ................................................................................................................................................ 395
Data security................................................................................................................................................. 396
HTTPS .................................................................................................................................................... 396
Encrypt print data and manage the system configuration using HTTPS....................................396
Request and import a CA-signed certificate..................................................................................401
Index.................................................................................................................................407
7
Contents
8
Chapter 1
Océ Security policy

The Océ Security policy

The Océ Security policy
Definition
At Océ, security is an integral part of system development, and the company is taking a proactive approach to the improvement of security-related issues. Océ is working to address security requirements across all of its digital document systems.
For its printing systems connected to the network, Océ strives to ensure the:
- Security of the system on the network
- Security of the data sent to the printers, with a focus on protecting sensitive documents from being captured by un-authorised persons
- Security of the configuration and data on the controller
NOTE
See the available per Océ system.
Table of the security features
System security and security on the network
Faced with system vulnerabilities, viruses, worms and in order to maximise the protection of the Océ print systems from hackers and networking attacks, Océ has reinforced the security of the Océ systems by:
Introducing the Océ Security levels to offer network security protection against virus / worm attacks or system vulnerabilities (on Windows Operating Systems). Once the Security Interface is activated, you can define the level of security according to your system needs. Notice that the higher level of security you set, the fewer printing and scanning functionalities you get.
Implementing network protocols protection features (by use of the Océ Security levels filtering or by configuring each network protocol for firewall filtering)
Protecting the system roles and passwords. The main network and system settings are protected against change. Only authorised users can configure or change these settings
Regularly checking the relevance of Microsoft flaws and delivering security patches whenever it is necessary.
Providing OS and software protection mechanism. The internal system software is protected against alteration
• Make the USB connection secure (on systems with USB slot)
• Restricting the access to the printer to allowed stations only
Allowing the installation of an Antivirus software on the Océ system controller
Being compliant with IPv6 and then benefiting from IPv6 secured assets
on page 13 to get an overview of the security features
NOTE
The availability of the security features depends on the products. See the
security features available per Océ System
Data security
To ensure the security of the print data, Océ has implemented:
The user authentication to allow only the owner of a job to print it or perform actions on it (copy / scan), after authentication on the system user panel. Find all information about the user authentication in the section
scanning operations with the User authentication
The Scan to Home feature that allows an authenticated user to send scanned files from the Océ system directly to the Microsoft Active Directory Home folder.
Chapter 1 - Océ Security policy
10
Overview of the
on page 13.
Secure printing, copying and
on page 318.
The Océ Security policy
The HTTPS (HTTP over SSL) protocol to encrypt the configuration management data, submitted print data and saved scan data.
The disk encryption capability with 2 modes: Normal for the encryption of the used space or Full for the full disk encryption.
The e-shredding feature to overwrite any user data (print/copy/scan) when it is deleted from the system. This feature prevents the recovery of any deleted user data.
The IPsec configuration, that provides authentication, data confidentiality and integrity in the network communication between devices. A strong mechanism of encryption guarantees the confidentiality of the user print and scan data on the network.
• The Smart Inbox and job protection by:
- Limiting and restricting the access to the print and scan job data with the Smart Inbox management capability.
- Managing the visibility of jobs and their availability through job submission tools with the job management settings.
Chapter 1 - Océ Security policy
11

Downloads and support for your product

Downloads and support for your product
Downloads
User guides, printer drivers (for the Océ printers) and other resources can change without prior notice. To stay up-to-date, you are advised to download the latest resources from:
"http://downloads.oce.com"
Before you use your product, you must always download the latest safety information for your product: make sure that you read and understand all safety information in the manual entitled 'Safety Guide' .
Support
For support information please contact your Canon local representative.
Find your local contact for support from:
"http://www.canon.com/support/"
From the Canon support page, you can also download the printer drivers for the Canon printers, their related user guides and other resources.
Chapter 1 - Océ Security policy
12

Overview of the security features available per Océ System

Overview of the security features available per Océ System
Introduction
Find below an overview of the security features for every Océ PlotWave and ColorWave systems.
Security features in all Océ PlotWave systems and in the Océ ColorWave 300, Océ ColorWave 500 and Océ ColorWave 700 systems
Operating System
Océ PlotWave 300 from R1.5 Océ PlotWave 350 from R1.5 Océ ColorWave 300 from R1.5
Windows Embedded Standard 2009
Océ PlotWave 340 Océ PlotWave 345 Océ PlotWave 360 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 500 Océ PlotWave 550 Océ ColorWave 500 Océ ColorWave 700
- Windows Embedded Standard 7 SP1 for: Océ PlotWave 340 Océ PlotWave 360 Océ PlotWave 500
- Windows Embedded Standard 8 64 bit for: Océ PlotWave 345 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 550 Océ ColorWave 500 Océ ColorWave 700
Océ PlotWave 750 Océ PlotWave 900 R2.x
Windows Embedded Standard 7 SP1
Firewall
MS Security flaws / Security patches
Network protocols protection
OS and software in‐ tegrity mechanism
Disk encryption
Yes Yes Yes
Yes Yes Yes
Océ Security levels - 3 levels
- - -
- Yes for:
Yes. Protection config­urable per protocol
Océ PlotWave 345 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 550 Océ ColorWave 500 R4.1 and higher Océ ColorWave 700 R4.1 and higher
Chapter 1 - Océ Security policy
Océ Security levels - 4 levels
-
4
13
Overview of the security features available per Océ System
User authentication
Antivirus
IPv6
SMB authentication
- - By smart card or user name / password for: Océ PlotWave 345 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 550 Océ ColorWave 500 Océ ColorWave 700
- By contactless card for: Océ PlotWave 345/365
1.1 and higher ver­sions Océ PlotWave 450/550
1.1 and higher ver­sions
Compatible with 2 an­tivirus brands
Yes (IPV6 and IPV4 combination)
NTLMV2
Compatible with 2 an­tivirus brands
Yes (IPv6 only or IPv6 and IPv4 combination)
NTLMV2
-
Compatible with 2 an­tivirus brands
Yes (IPv6 only or IPv6 and IPv4 combination)
NTLMV2
Feature to encrypt da‐ ta on the network
Password protection
Data overwrite
Access control
Smart Inbox manage‐ ment
Scan to Home folder
- IPsec for:
Océ PlotWave 300
- IPsec
- HTTPS
- IPsec
- HTTPS Océ PlotWave 350 Océ ColorWave 300
Yes for:
- User settings
- Administration set­tings
- Settings on the print­er user panel
Yes for:
- User settings
- Administration set­tings
- Settings on the print­er user panel
Yes for:
- User settings
- Administration set-
tings
- Settings on the print-
er user panel
E-shredding E-shredding E-shredding
- IP filtering -
- Smart Inbox restric­tion
- Remote view restric­tion
- Yes for:
- Smart Inbox capabili­ty can be disabled
- Remote view restric­tion
- Smart Inbox capabili-
ty can be disabled
- Remote view restric-
tion
-
Océ PlotWave 345 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 550 Océ ColorWave 500 R4.1 and higher Océ ColorWave 700 R4.1 and higher
4
Chapter 1 - Océ Security policy
14
Overview of the security features available per Océ System
Océ Publisher Express access
Control over actions on jobs
Control over Service operations
- Access restriction Access restriction
- Remote action restric­tion
- Operations made by Service under the con­trol of the System Ad­ministrator on: Océ PlotWave 345 Océ PlotWave 365 Océ PlotWave 450 Océ PlotWave 550 Océ ColorWave 500 R4.1 and higher Océ ColorWave 700 R4.1 and higher
Remote action restric­tion
-
Security features in the Océ ColorWave 550, Océ ColorWave 600 (PP) and Océ ColorWave 650 (PP) systems
Océ ColorWave 600 (PP) Océ ColorWave 650 R2.x Océ ColorWave 650 PP Océ ColorWave 550
Océ ColorWave 650 R3.x
Operating System
Firewall
MS Security flaws / Security patches
Network protocols protection
OS and software in‐ tegrity mechanism
Linux and WES 2009 for:
- Océ ColorWave 650 (multifunc­tional)
- Océ ColorWave 550 (multifunc­tional) Linux for:
- Océ ColorWave 650 (printer only)
- Océ ColorWave 550 (printer only)
- Océ ColorWave 600 (PP)
- Océ ColorWave 650 PP
Yes Yes
Yes for Océ ColorWave 650 / 550 (multifunctional) N/A for Océ ColorWave 600 (PP), ColorWave 650 PP, Océ Color­Wave 650 (printer only) and Océ ColorWave 550 (printer only)
Yes. Protection configurable per protocol
Yes -
Windows Embedded Standard 7 SP1
Yes
Yes. Protection configurable per protocol
Antivirus
- Compatible with 2 antivirus brands
Chapter 1 - Océ Security policy
4
15
Overview of the security features available per Océ System
IPv6
SMB authentication
Feature to encrypt da‐ ta on the network
Password protection
Data overwrite
Yes (IPv6 only or IPv6 and IPv4 combination)
NTLMV1 NTLMV2 or NTLMV1 only for:
- Océ ColorWave 550 R2.2.3 and higher
- Océ ColorWave 650 R2.2.3 and higher
IPsec for: Océ ColorWave 550 R2.3.1 and higher Océ ColorWave 650 R2.3.1 and higher Océ ColorWave 650 PP R2.3.1 and higher
Yes for:
- User settings
- Administration settings
- Settings on the printer user panel
E-shredding for: Océ ColorWave 650 R2.0.1 and higher Océ ColorWave 650 PP R2.1 and higher Océ ColorWave 600 R1.5 and high­er Océ ColorWave 600 PP R1.6.1 and higher Océ ColorWave 550 R2.2 and high­er
Yes (IPv6 only or IPv6 and IPv4 combination)
NTLMV2 or NTLMV1
- IPsec
- HTTPS
Yes for:
- User settings
- Administration settings
- Settings on the printer user panel
E-shredding
Access control
Smart Inbox manage‐ ment
Océ Publisher Express access
Actions on jobs
Access restriction to the printer for: Océ ColorWave 550 R2.3.1 and higher Océ ColorWave 650 R2.3.1 and higher Océ ColorWave 650 PP R2.3.1 and higher
- - Smart Inbox capability can be
- Access restriction
Remote action restriction Remote action restriction
IP filtering
disabled
- Remote view restriction
Security features in the Océ ColorWave 810, Océ ColorWave 900 and Océ ColorWave 910 systems
Operating System
Chapter 1 - Océ Security policy
16
Microsoft Windows Embedded Standard 8 64 bit
4
Overview of the security features available per Océ System
Firewall
Network protocols protection
MS security patches
Security logging
Data encryption on the network
Password protection
Océ Publisher Express access
Yes
Yes (per protocol, through firewall)
Océ released patches
Auditing of security related events
HTTPS for administration (Océ Express WebTools) and for job submission through Océ Publisher Express
Yes for:
- User settings
- Administration settings
Access restriction
Chapter 1 - Océ Security policy
17
Overview of the security features available per Océ System
Chapter 1 - Océ Security policy
18
Chapter 2
Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300

Security on Océ PlotWave 300/350, PlotWave 900 R1.x and ColorWave 300

Security on Océ PlotWave 300/350, PlotWave 900 R1.x and ColorWave 300

Overview

Security overview for the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and the Océ ColorWave 300 systems
Introduction
The Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ ColorWave 300 are equipped with the following security features:
Security overview
Operating System
Firewall Yes
Network protocols protection 3 Océ Security Levels
MS Security patches Océ released patches
Antivirus Compatible with 2 Antivirus brands
IPV6 Yes
Data encryption on the network - IPsec for Océ PlotWave 300, Océ PlotWave
Data overwrite E-shredding
Password protection Yes for:
- Windows XP Service Pack 3 for all versions of Océ PlotWave 300, Océ PlotWave 350, and Océ ColorWave 300 prior to R1.5 and Océ PlotWave 900 R1.x
- Windows Embedded Standard 2009 for Océ PlotWave 300 R1.5, Océ PlotWave 350 R1.5, Océ ColorWave 300 R1.5 and higher versions
350, Océ PlotWave 900 from R1.2, and Océ Col­orWave 300
- HTTPS for Océ PlotWave 900
- User settings
- Administration settings
- Settings on the printer user panel*
* Except on Océ PlotWave 900 R1.2.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
20

System and Network security

System and Network security
Ports - Protocols
Applications, protocols and ports used in the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ ColorWave 300 systems
Printing applications: security levels, ports and protocols used by the Océ systems
Application /Function‐ ality
Océ Wide-format Printer Driver for Mi­crosoft Windows (WPD or WPD2)
Océ Adobe® Post­Script® 3™ driver
Océ Publisher Express Océ PlotWave 300/
Océ Publisher Express over SSL
System Supported security lev‐
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ PlotWave 900 x
els (x) and open port
N* M* H*
x
TCP 515
TCP
65200
TCP 80
UDP
515
x
TCP 515xTCP
x
TCP 80xTCP 80
TCP 443xTCP
(1)
x TCP 515 TCP
65200
TCP 80
515
443
(2)
x
TCP
515
x
TCP
515
x
TCP
443
Port used on the controller: protocol
TCP 515: LPR TCP 65200: Océ
back-channel TCP 80: HTTP (for advanced account­ing) UDP 515: Océ proto­col (for printer dis­covery)
TCP 515: LPR
TCP 80: HTTP
TCP 443: HTTPS
(**)
Océ Publisher Select Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
x
TCP 515
TCP
65200
TCP 80
UDP
515
x TCP 515 TCP
65200
TCP 80
TCP 80: HTTP TCP 65200: Océ
back-channel TCP 515: LPR UDP 515: Océ proto­col (for printer dis­covery)
(**)
4
21
Applications, protocols and ports used in the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ ColorWave 300 systems
Application /Function‐
System Supported security lev‐
ality
Océ Publisher Mobile Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ Mobile WebTools Océ PlotWave 350
Océ PlotWave 900 R1.2 and higher
Océ ReproDesk Studio Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Novell NDPS printing Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
els (x) and open port
N* M* H*
x
TCP 515
TCP
4242
ICMP
UDP
515
TCP 21
(4)
x
TCP 80xTCP 80
x
TCP 515
TCP
65200
x
TCP
515
TCP
65200
x
TCP 515xTCP
515
x
TCP
515
Port used on the controller: protocol
TCP 515: LPR TCP 21: FTP
(3)
(4)
TCP 4242: FTP pas­sive mode
(6)
ICMP: ping UDP 515: Océ proto­col (for printer dis­covery)
TCP 80: HTTP
TCP 515: LPR TCP 65200: Océ
back-channel
(**)
TCP 515: LPR
LPR printing (com­mand line)
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x
x
TCP 515xTCP
515
x
TCP
515
TCP 515: LPR
Océ ColorWave 300
FTP printing Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900R1.x Océ ColorWave 300
x
TCP 21
TCP
4242
(5)
x
TCP 21
TCP 21: FTP TCP 4242: FTP
Notes:
• * Levels: N: Normal - M: Medium - H: High
(**)
Océ back-channel is an Océ proprietary protocol used to retrieve information from the
printer (status, media loaded...) and to display it in the application or driver.
(1)
LPR printing with back-channel and advanced accounting
(2)
LPR printing. No back-channel. No advanced accounting
(3)
Océ Publisher Mobile v 2.2 and later for Android, and for Océ Publisher Mobile v 2.3 and
later for iOS
(4)
Only for Océ Publisher Mobile v 2.0 to v 2.2 for iOS
(5)
FTP active mode only
(6)
Data channel for FTP passive mode
(6)
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
22
Applications, protocols and ports used in the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ
ColorWave 300 systems
Scanning / copying applications: security levels, ports and protocols used by the Océ systems
Application /Function‐ ality
Scan to File Remote SMB
Scan to File Remote FTP
Scan data retrieval by FTP
Scan data retrieval from Smart Inbox (Scans)
System Supported security lev‐
els (x) and open port
N* M* H*
Océ PlotWave 300/
x ­PlotWave 350 Océ ColorWave 300
Océ PlotWave 900
x x x ­R1.x
Océ PlotWave 300/
x
(1)
x
(1)
x
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ PlotWave 300/ PlotWave 350/ Plot-
x
TCP 21
TCP
4242
x
TCP 80xTCP 80
(2)
x
TCP 21
Wave 900 R1.x Océ ColorWave 300
Port used on the controller: protocol
-
TCP 21: FTP TCP 4242: FTP
(3)
TCP 80: HTTP
Scan data retrieval from Smart Inbox (Scans) over SSL
Océ Matrix Logic Océ PlotWave 900
Océ PlotWave 900 R1.x
R1.x
x
TCP 443xTCP
443
x
TCP 80
TCP 443
x
TCP 80
TCP
x
TCP
443
x
TCP
443
TCP 443: HTTPS
TCP 80: HTTP TCP 443: HTTPS
443
Notes:
• * Levels: N: Normal - M: Medium - H: High
(1)
FTP passive mode only: the FTP server on the remote workstation must support FTP passive
mode
(2)
FTP active mode only
(3)
Data channel for FTP passive mode
Control management: security levels, ports and protocols used by the Océ systems
Application /Function‐ ality
PING Océ PlotWave 300/
System Supported security lev‐
els (x) and open port
N* M* H*
x x x ICMP PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Port used on the controller: protocol
4
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
23
Applications, protocols and ports used in the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ ColorWave 300 systems
Application /Function‐ ality
System Supported security lev‐
els (x) and open port
N* M* H*
SNMP based applica­tions
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x
UDP
161
Océ ColorWave 300
WSD Océ PlotWave 350 x
TCP 80
UDP 3702
Océ Express WebT­ools
Océ PlotWave 300/ PlotWave 350/ Plot-
TCP 80xTCP 80 Wave 900 R1.x Océ ColorWave 300
Océ Express WebT­ools over SSL
Name resolution
(**)
Océ PlotWave 900 R1.x
Océ PlotWave 300/
TCP 443xTCP
PlotWave 350 Océ ColorWave 300
Océ PlotWave 900 R1.x
Port used on the controller: protocol
x
x
TCP 80
TCP
UDP
3702
UDP
UDP 161: SNMP
x
TCP 80: HTTP UDP 3702: WSD dis-
80
covery
3702
x
x
TCP 80: HTTP
x
TCP 443: HTTPS
TCP
443
443
x Outgoing connec-
tion:
- local port (on con-
x x x
troller): UDP(/TCP) <dynamic value>
- remote port (on DNS server): UDP(/ TCP) 53
DHCP Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ Account Center Advanced accounting (WPD)
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Accounting informa­tion retrieval by FTP
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Browse Océ systems on the network with Windows network neighbourhood
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
x x x Outgoing connec-
tion:
- local port (on con­troller) : UDP 68
- remote port (on DNS server): UDP 67
x
TCP 80: HTTP
TCP 80xTCP 80
x
TCP 21
(1)
x
TCP 21
TCP 21: FTP TCP 4242: FTP
TCP
4242
x
UDP
UDP 137: NetBios over TCP/IP
137
(2)
4
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
24
Applications, protocols and ports used in the Océ PlotWave 300, the Océ PlotWave 350, the Océ PlotWave 900 R1.x and Océ
ColorWave 300 systems
Application /Function‐
System Supported security lev‐
ality
Océ Service Logic Océ PlotWave 300/
PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
IPsec Océ PlotWave 300/
PlotWave 350 Océ ColorWave 300 Océ PlotWave 900 R1.2 and higher
Océ Remote Meter Reading Manager
Océ PlotWave 300/ PlotWave 350/ Plot­Wave 900 R1.x Océ ColorWave 300
Océ Remote Service Océ PlotWave 300
R1.5 and higher PlotWave 350 R1.5 and higher Océ PlotWave 900 R1.x Océ ColorWave 300 R1.5 and higher
Port used on the
els (x) and open port
controller: protocol
N* M* H*
x
TCP 21
(1)
x
TCP 21
TCP 21: FTP TCP 4242: FTP
TCP
4242
x
UDP
UDP 500 UDP 4500
500 UDP 4500
x
UDP 161: SNMP
UDP
161
x x x HTTPS outgoing
connection required: TCP/IP port 443
(2)
(3)
Notes:
• * Levels: N: Normal - M: Medium - H: High
(**)
The name resolution is mainly used to determine the IP address of the scan destination
during Scan fo File operation
(1)
FTP active mode only
(2)
Data channel for FTP passive mode
(3)
TCP/IP port 443 must be opened and must allow response back on the IT infrastructure
firewall.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
25
Security Patches
Security Patches
Install the Océ Remote patch (on Océ PlotWave 300/350, PlotWave 900 R1.x and Océ ColorWave 300)
Introduction
You can install the Océ Remote patches (Security patches) in the following versions of the systems:
• Océ PlotWave 300 1.2.1 and higher
• Océ PlotWave 350 1.0 and higher
• Océ PlotWave 900 1.x
• Océ ColorWave 300 1.2.1 and higher
Before you begin
Find the Océ Security patch from the Océ Downloads website on
Open the product page and go to the Security tab to download the available security patches.
Install the Océ Remote patch
Procedure
Open the Océ Express Webtools
1.
Open the 'Support' tab
2.
http://downloads.oce.com
:
Select 'Update'
3.
The Authentication window opens.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
26
Install the Océ Remote patch (on Océ PlotWave 300/350, PlotWave 900 R1.x and Océ ColorWave 300)
Log in as the System administrator or Power user
4.
All the patches successfully applied (when any) are displayed
Click on the 'Update' icon (top right corner) to open the wizard
5.
Click OK
6.
Browse to the Océ Remote patch and click OK to install it
7.
Click OK to confirm the update
8.
The system restarts to apply the patch.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
27
Security levels
Security levels
Security levels presentation
Introduction
Océ defined 3 levels of security according to the customer needs. The presentation below can help you to select the most suitable level.
High security level
The High level is the most secure mode for printing and scanning.
The compliant applications are based on:
• the LPR protocol for printing
• the HTTPS protocol (Océ PlotWave 900 only) for printing
• the FTP protocol for scanning.
Target:
• This level provides you the most secure mode while using the basic feature for printing and scanning. Only some Océ applications are available. See the
application/functionality
• This security level may also be used when you want to be protected whenever a vulnerability has been discovered and the corresponding patch cannot be yet installed. As soon as the patch can be installed, you can go back to the original security level.
on page 21.
security levels supported per
Medium security level
The Medium level is compliant with all the Océ applications available for printing and scanning which do not present a high risk (as reported by most popular network scanners).
Target:
This level is recommended if you need to be secured while you want to use the Océ applications for printing and/or scanning (you can use the system including more functions than with the High security level).
Normal security level
This mode offers all the functionalities.
Target:
• You can select this level if you want to use some features not covered by MEDIUM security level.
• This level is more dedicated for small network infrastructure where security is less required versus features.
Set the security level in Océ PlotWave 300, Océ PlotWave 350 and Océ ColorWave 300
Introduction
The [Security] wizard on the printer user panel gives the option to check or change the security level of the system.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
28
Before you begin
The System Administrator or a Power User can protect the security settings with a password.
When the protection is activated, you must type the password in the printer user panel before you can change the security level.
Procedure
From the [HOME] screen select the [System] tab.
1.
Select the [Setup] tab.
2.
Use the scroll wheel to go to the [Security]([Configure settings]) wizard.
3.
Protect the security level by a password
Open this section with the confirmation button.
4.
The screen displays the security level and the active network access options:
5.
Two options are possible:
6.
• Press the [Back] key in case you only want to check the security settings.
• Press the [Next >] key in case you want to adapt the security level. Enter the password if requested and follow the wizard to adapt the security level.
Protect the security level by a password
Procedure
Open the Océ Express Webtools in a web browser (http://Printer IP address or hostname)
1.
In the 'Preferences' tab, select 'System settings'
2.
In the 'Printer Properties', goes to 'Password to change security level'
3.
Click on the value to edit it
4.
Log in as the System Administrator or as a Power User
5.
Select 'New'
6.
Type and re-type a numeric password
7.
Confirm to activate the password.
8.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
29
Set the security level in Océ PlotWave 900 R1.1 and higher R1.x versions
Result
You must type the password in the printer user panel when you want change the security level.
Set the security level in Océ PlotWave 900 R1.1 and higher R1.x versions
Introduction
The security user interface is available through the Océ Express WebTools application.
NOTE
You need to be logged on as the System Administrator to access the security level interface and change the security levels.
Procedure
Open the Océ Express Webtools in a web browser (http://Printer IP address or hostname)
1.
On the [Configuration] tab, select [Connectivity]
2.
Go to the Security section
3.
Click on 'Edit' or double click on the value to open the [Security level] window
4.
Set the security level and click 'OK'
5.
Restart the printer when prompted
6.
Result
After you set the Security level to 'High', you must open Océ Express Web Tools by means of the HTTPS protocol: type https://Printer IP address or hostname in the web browser.
Chapter 2 - Security on Océ PlotWave 300/350, PlotWave 750, PlotWave 900 and ColorWave 300
30
Loading...
+ 380 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use