Dell C5765DN MFP User Manual
Dell™ C7765dn/Dell™ C5765dn
Security Function Supplementary Guide
Regulatory Model: C7765dn/C5765dn
Information in this document is subject to change without notice.
© 2014 Dell Inc. All rights reserved.
This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information
herein; these changes will be incorporated in later editions. Improvements or changes in the products or the programs described
may be made at any time.
For Dell technical support and downloads, visit dell.com/support or contact Dell's ProSupport Help Desk for assistance by calling
1-866-516-3115, or by e-mailing imaging_Solutions_Support_CAC@dell.com.
Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.
Trademarks used in this text: Dell and the DELL logo are trademarks of Dell Inc.; Microsoft, Windows, and Windows Server are
either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries; RSA and BSAFE
are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries.
XML Paper Specification (XPS): This product may incorporate intellectual property owned by Microsoft Corporation. The terms
and conditions upon which Microsoft is licensing such intellectual property may be found at http://go.microsoft.com/fwlink/
?LinkId=52369.
TM
Nuance
Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or
their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
The printer software uses some of the codes defined by the Independent JPEG Group.
OCR © 1994-2014 Nuance Communications. All Rights Reserved.
SD Logo is a trademark of SD-3C, LLC.
As for RSA BSAFE
This printer includes RSA® BSAFE® Cryptographic software from EMC Corporation.
____________________
UNITED STATES GOVERNMENT RESTRICTED RIGHTS
This software and documentation are provided with RESTRICTED RIGHTS. Use, duplication or disclosure by the Government is
subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS
252.227-7013 and in applicable FAR provisions: Dell Inc., One Dell Way, Round Rock, Texas, 78682, USA.
September 2014 Rev. A00
Table of Contents
Table of Contents.....................................................................................................................3
Before Using the Security Features.......................................................................................5
Preface...................................................................................................................................5
Security Features .................................................................................................................6
Settings for the Secure Operation ...................................................................................6
For Optimized Performance of Security Features........................................................ 7
Confirm the Machine ROM Version and the System Clock .......................................9
Settings for the Secure Operation 1
(Initial Settings Procedures Using Control Panel) ........................................................... 11
Authentication for entering System Administration mode....................................... 11
Set Use Passcode Entry for Control Panel Login........................................................ 11
Set Overwrite Hard Disk................................................................................................... 11
Set Data Encryption ..........................................................................................................12
Set Authentication.............................................................................................................12
Set Private Print..................................................................................................................13
Set Store & Send Link........................................................................................................ 13
Set Direct Fax......................................................................................................................14
Set Self Test ........................................................................................................................14
Set Software Download ...................................................................................................14
Table of Contents
Settings for the Secure Operation 2
(Initial Settings Procedures Using Dell Printer Configuration Web Tool) ...................15
Preparations for settings on the Dell Printer Configuration Web Tool..................15
Change the System Administrator’s Passcode............................................................15
Set Maximum Login Attempts.........................................................................................15
Set Access Control............................................................................................................ 15
Set User Passcode Minimum Length ............................................................................16
Set SMB................................................................................................................................16
Set WebDAV........................................................................................................................16
Set IPP .................................................................................................................................. 17
Set SSL/TLS ......................................................................................................................... 17
Set Service Representative Restricted Operation ....................................................... 17
Set Audit Log ......................................................................................................................18
Configuring Machine Certificates ..................................................................................18
Set IPSec..............................................................................................................................18
Set SNMPv3.........................................................................................................................19
Set S/MIME......................................................................................................................... 20
Set WSD (Scan)...................................................................................................................21
Set LDAP Server .................................................................................................................21
Set Kerberos Server........................................................................................................... 21
Settings for the Secure Operation 3 (Regular Review by Audit Log) .......................... 22
Import the Audit Log........................................................................................................ 22
User Authentication .............................................................................................................. 24
Appendix.................................................................................................................................. 25
3
4
Before Using the Security Features
This section describes the security features and items to be confirmed.
Preface
This guide describes the setup procedures related to security.
This guide is mainly intended for the manager and system administrator of the
organization where the machine is installed.
This guide also describes useful information for general users about the operations
related to security features.
For other product information, refer to the following documents:
Model Guide Manual Part#
Before Using the Security Features
Dell C7765dn
Color Multifunction Printer
Dell C5765dn
Color Laser Multifunction Printer
Note • The hash values of the PDF files are described in the Security Target disclosed at the Dell
(http://www.dell.com/support/home/us/en/04/Products/) and JISEC
(http://www.ipa.go.jp/security/jisec/jisec_e/) websites. Please check that the hash values
of the respective manuals are correct.
• The Manual Part# may be updated when the manual content is updated.
User’s Guide KB3206EN0-5
Smart Card Reader Installation
and Configuration Guide
User’s Guide KB3211EN0-4
Smart Card Reader Installation
and Configuration Guide
KE3037EN0-3
KE3038EN0-2
The security features of the Dell C7765dn Color Multifunction Printer are supported
by the following ROM versions.
• Controller ROM: Ver. 2.205.5
•IOT ROM: Ver. 41.1.0
•ADF ROM: Ver. 12.5.0
The security features of the Dell C5765dn Color Laser Multifunction Printer are
supported by the following ROM versions.
• Controller ROM: Ver. 2.205.1
•IOT ROM: Ver. 3.0.2
• ADF ROM: Ver. 11.1.0
• Fax ROM: Ver. 100.19.0
Important • The machine has obtained IT security certification for Common Criteria EAL3. This certifies
that the target of evaluation has been evaluated based on the certain evaluation criteria
and methods, and that it conforms to the security assurance requirements. Your ROM and
guidance may not be the certified version because they may have been updated along
with machine improvements.
5
Security Features
Dell C7765dn and C5765dn have the following security features:
• Hard Disk Data Overwrite
• Hard Disk Data Encryption
• User Authentication
• System Administrator's Security Management
• Customer Engineer Operation Restriction
• Security Audit Log
• Internal Network Data Protection
•Self Test
•FAX Flow Security
Settings for the Secure Operation
For the effective use of the security features, the System Administrator (Machine
Administrator) must configure settings by referring to the following sections.
• Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel)
(P.11)
• Settings for the Secure Operation 2 (Initial Settings Procedures Using Dell Printer
Configuration Web Tool) (P.15)
• Settings for the Secure Operation 3 (Regular Review by Audit Log) (P.22)
Below is the list of setting items and their values that need to be set.
• Passcode Entry for Control Panel Login (For Dell C7765dn)/
Passcode Entry from Control Panel (For Dell C5765dn)
Set to [On].
• Overwrite Hard Disk
Set to [1 Overwrite] or [3 Overwrites].
• Data Encryption
Set to [On], and then enter an encryption key of 12 characters.
• Authentication
Set to [Login to Local Accounts] or [Login to Remote Accounts].
•Private Print
Set to [According to Print Accounting] or [Save as Private Charge Print Job].
• Store & Send Link
Set to disabled.
•Direct Fax
Set to [Disabled] when remote authentication is used.
•Self Test
Set to [On].
•Software Download
Set to [Disabled].
• System Administrator Passcode
Change the default passcode to another passcode of 9 or more characters.
6
Before Using the Security Features
• Maximum Login Attempts
Set to [5] times.
•Access Control
Set to [Locked] for [Device Access] and [Lock All] for [Service Access].
• User Passcode Minimum Length
Set to [9] characters.
•SMB
Set to disabled for [NetBEUI].
•WebDAV
Set to disabled (when remote authentication is used).
•IPP
Set to enabled.
• SSL/TLS
Set to enabled.
• Service Representative Restricted Operation
Set to [Enabled], and enter a passcode of 9 or more characters.
•Audit Log
Set to enabled.
•IPSec
Set to enabled.
•SNMP v1/v2c
Set to enabled.
•SNMP v3
Set to enabled.
•S/MIME
Set to enabled.
•WSD (Scan)
Set to disabled.
•LDAP Server
Set the LDAP Server information.
• Kerberos Server
Set the Kerberos Server information.
Important • Security will not be assured if the above settings are not properly configured.
• The Fax Flow Security feature requires no special setting.
• When you set Data Encryption to [On], enter an encryption key of 12 characters.
For Optimized Performance of Security Features
The management organization needs to follow the instructions below:
• Assign appropriate personnel as machine and system administrators, provide
training, and ensure proper oversight.
• The manager and system administrators need to train users about the TOE
operation and precautions according to the policies of their organization and the
product guidance.
• The machine needs to be placed in a secure or monitored area where the machine
is protected from unmanaged physical access.
7
• If the machine is on the internal network that connects to external networks,
configure the network properly to block any unauthorized external access.
• Set passcode and encryption key according to the following rules.
- Do not use an easily guessable passcode.
- A passcode needs to contain both numeric and alphabetic characters.
• Administrators need to set the account policies on the remote authentication
server as follows.
- Set password policy to 9 or more characters.
- Set account lockout policy to 5 times.
• Users need to set a user ID and a passcode in [Accounting Configuration] via the
printer driver.
• For secure operation, all of the remote trusted IT products that communicate with
the machine must implement the communication protocol in accordance with
industry standard practice with respect to RFC/other standard compliance (SSL/
TLS, IPSec, SNMP v3, S/MIME) and must work as advertised.
SSL/TLS
For the SSL client (Web browser) and the SSL server that communicate with the
machine, select a data encryption suite from the following:
• SSL_RSA_WITH_RC4_128_SHA
• SSL_RSA_WITH_3DES_EDE_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
(The recommended browser is Microsoft
®
Internet Explorer® 6/7/8/9)
S/MIME
For the machine and E-mail clients, select an Encryption Method/Message Digest
Algorithm from the following:
• 3Key Triple-DES/168bit, AES/128bit, AES/192bit, AES/256bit
• SHA1, SHA256
IPSec
For the IPSec host that communicates with the machine, select an Encryption
Method/ Message Digest Algorithm from the following:
•AES(128bit)/SHA1
•3Key Triple-DES(168bit)/SHA1
SNMP v3
The encryption method of SNMPv3 is DES/56bit or AES 128bit. Set [Message Digest
Algorithm] to [SHA1].
8
Before Using the Security Features
Important
• While you are using Dell Printer Configuration Web Tool, do not access other web
sites, and do not use other applications.
• When you change [Authentication Type] or prior to disposing the machine, initialize
the hard disk by resetting [Data Encryption] and changing [encryption key].
• For preventing SSL vulnerability, set the machine address in the proxy exclusion list of
browser.
With this setting, you can prevent man-in-the-middle attack because the machine
will communicate directly with the remote browser bypassing the proxy server.
Confirm the Machine ROM Version and the System Clock
Before making initial settings, the System Administrator (Machine Administrator)
needs to check the machine ROM version and system clock.
To check from the Control Panel
1
Press the <Machine Status> button on the control panel.
2
Select [Software Version] on the [Machine Information] screen.
You can identify the software versions of the components of the machine on the
screen.
To check from the Print Report
1
Press the <Machine Status> button on the control panel.
2
Select [Print Reports] on the [Machine Information] screen.
3
Select [Printer Reports].
4
Select [Configuration Report].
5
Press the <Start> button on the control panel.
To check the System Clock
1
Press the <Log In/Out> button on the control panel.
2
Enter the System Administrator's ID and the passcode if prompted.
3
Select [Enter].
4
Select [Tools].
5
Select [System Settings].
6
Select [Common Service Settings].
7
Select [Machine Clock/Timers].
If you need to change the time and date, follow the remaining steps:
8
Select the required option.
9
Select [Change Settings].
10
Change the required setting.
9
Loading...