Loading...
User’s Guide [Security Operations]
2007. 2 Ver. 1.03
Contents
Contents
1 |
Security |
|
|
|
1.1 |
Introduction ....................................................................................... |
1-2 |
|
|
Compliance with the ISO15408 Standard ..................................... |
1-2 |
|
|
Operating Precautions ................................................................... |
1-2 |
|
|
INSTALLATION CHECKLIST .......................................................... |
1-3 |
|
1.2 |
Security Functions ............................................................................ |
1-5 |
|
1.2.1 |
Check Count Clear Conditions ...................................................... |
1-6 |
|
1.3 |
Data to be Protected ........................................................................ |
1-7 |
|
1.4 |
Precautions for Operation Control .................................................. |
1-8 |
|
|
Roles and Requirements of the Administrator ............................... |
1-8 |
|
|
Password Usage Requirements ..................................................... |
1-8 |
|
|
Network Connection Requirements for the Machine ..................... |
1-9 |
|
|
User information control server control requirements ................... |
1-9 |
|
|
Security function operation setting operating requirements .......... |
1-9 |
|
|
Operation and control of the machine ......................................... |
1-10 |
|
|
Machine Maintenance Control ..................................................... |
1-10 |
|
1.5 |
Miscellaneous ................................................................................. |
1-11 |
|
|
Password Rules ........................................................................... |
1-11 |
|
|
Precautions for Use of Various Types of Applications ................. |
1-11 |
|
|
Types of Data Cleared by Overwrite All Data Function ................ |
1-12 |
2 Administrator Operations
2.1 |
Accessing the Administrator Setting Mode ................................... |
2-2 |
2.1.1 |
Accessing the Administrator Setting mode ................................... |
2-2 |
|
<From the Control Panel> .............................................................. |
2-3 |
|
<From PageScope Web Connection> ........................................... |
2-5 |
2.2 |
Enhancing the Security Function .................................................... |
2-8 |
2.2.1 |
Items cleared by HDD Format ..................................................... |
2-11 |
2.2.2 |
Setting the Enhanced Security mode .......................................... |
2-11 |
|
<Setting can be made only from the control panel> ................... |
2-11 |
2.3 |
Preventing Unauthorized Access .................................................. |
2-15 |
2.3.1 |
Setting Prohibit Function When Auth. Error ................................. |
2-15 |
|
<Setting can be made only from the control panel> ................... |
2-15 |
2.4 |
Canceling the Operation Prohibited State ................................... |
2-17 |
|
|
|
C250 |
|
x-1 |
|
|
|
|
Contents |
|
|
|
|
|
2.4.1 |
Performing Release Setting .......................................................... |
2-17 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-17 |
2.5 |
Setting the Authentication Method ................................................ |
2-19 |
||
2.5.1 |
Setting the Authentication Method ............................................... |
2-19 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-19 |
2.6 |
System Auto Reset Function .......................................................... |
2-22 |
||
2.6.1 |
Setting the System Auto Reset function ....................................... |
2-22 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-22 |
2.7 |
User Setting Function ..................................................................... |
2-25 |
||
2.7.1 |
Making user setting ...................................................................... |
2-26 |
||
|
|
|
<From the Control Panel> ............................................................ |
2-26 |
|
|
|
<From PageScope Web Connection> .......................................... |
2-30 |
2.8 |
User Box Function ........................................................................... |
2-32 |
||
2.8.1 |
Setting the User Box ..................................................................... |
2-32 |
||
|
|
|
<From the Control Panel> ............................................................ |
2-32 |
|
|
|
<From PageScope Web Connection> .......................................... |
2-37 |
2.8.2 |
Changing the user attributes ........................................................ |
2-39 |
||
|
|
|
<From the Control Panel> ............................................................ |
2-39 |
|
|
|
<From PageScope Web Connection> .......................................... |
2-43 |
2.9 |
Changing the Administrator Password ......................................... |
2-47 |
||
2.9.1 |
Changing the Administrator Password ......................................... |
2-47 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-47 |
|
|
2.10 Protecting Data in the HDD ............................................................ |
2-51 |
|
2.10.1 |
Setting the HDD Lock Password .................................................. |
2-52 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-52 |
2.10.2 |
Changing the HDD Lock Password .............................................. |
2-55 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-55 |
2.10.3 |
Setting the Encryption Key (encryption word) .............................. |
2-58 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-58 |
2.10.4 |
Changing the Encryption Key ....................................................... |
2-65 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-65 |
|
|
2.11 Overwrite All Data Function ............................................................ |
2-68 |
|
2.11.1 |
Setting the Overwrite All Data function ......................................... |
2-69 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
2-69 |
2.12 |
SNMP Setting Function ................................................................... |
2-72 |
||
2.12.1 |
Changing the auth-password and priv-password ........................ |
2-72 |
||
|
|
|
<From the Control Panel> ............................................................ |
2-72 |
|
|
|
|
|
|
x-2 |
|
C250 |
|
Contents
|
|
<From PageScope Web Connection> ......................................... |
2-77 |
|
2.12.2 |
SNMP access authentication function ......................................... |
2-79 |
|
2.12.3 |
SNMP v3 setting function ............................................................ |
2-79 |
|
2.12.4 |
SNMP network setting function ................................................... |
2-80 |
|
2.13 |
TCP/IP Setting Function ................................................................. |
2-81 |
|
2.13.1 |
Setting the IP Address ................................................................. |
2-81 |
|
|
<From the Control Panel> ............................................................ |
2-81 |
|
|
<From PageScope Web Connection> ......................................... |
2-82 |
|
2.13.2 |
Registering the DNS Server ......................................................... |
2-83 |
|
|
<From the Control Panel> ............................................................ |
2-83 |
|
|
<From PageScope Web Connection> ......................................... |
2-84 |
|
2.14 |
NetWare Setting Function .............................................................. |
2-85 |
|
2.14.1 |
Making the NetWare Setting ........................................................ |
2-85 |
|
|
<From the Control Panel> ............................................................ |
2-85 |
|
|
<From PageScope Web Connection> ......................................... |
2-86 |
|
2.15 |
SMB Setting Function .................................................................... |
2-87 |
|
2.15.1 |
Setting the NetBIOS Name .......................................................... |
2-87 |
|
|
<From the Control Panel> ............................................................ |
2-87 |
|
|
<From PageScope Web Connection> ......................................... |
2-88 |
|
2.16 |
AppleTalk Setting Function ........................................................... |
2-89 |
|
2.16.1 |
Making the AppleTalk Setting ...................................................... |
2-89 |
|
|
<From the Control Panel> ............................................................ |
2-89 |
|
|
<From PageScope Web Connection> ......................................... |
2-90 |
|
2.17 |
E-Mail Setting Function .................................................................. |
2-91 |
|
2.17.1 |
Setting the SMTP Server (E-Mail Server) ..................................... |
2-91 |
|
|
<From the Control Panel> ............................................................ |
2-91 |
|
|
<From PageScope Web Connection> ......................................... |
2-92 |
3 |
User Operations |
|
|
|
3.1 |
User Authentication Function .......................................................... |
3-2 |
|
3.1.1 |
Performing user authentication ...................................................... |
3-2 |
|
|
<From the Control Panel> .............................................................. |
3-3 |
|
|
<From PageScope Web Connection> ........................................... |
3-6 |
|
3.2 |
Change Password Function ............................................................ |
3-8 |
|
3.2.1 |
Performing Change Password ....................................................... |
3-8 |
|
|
<From the Control Panel> .............................................................. |
3-8 |
|
|
<From PageScope Web Connection> ......................................... |
3-12 |
|
3.3 |
Secure Print Function ..................................................................... |
3-14 |
|
|
|
|
C250 |
|
|
x-3 |
|
|
|
|
Contents |
|
|
|
|
|
3.3.1 |
Accessing the Secure Print ........................................................... |
3-15 |
||
|
|
|
<Setting can be made only from the control panel> .................... |
3-15 |
3.4 |
User Box Function ........................................................................... |
3-19 |
||
3.4.1 |
Setting the User Box ..................................................................... |
3-19 |
||
|
|
|
<From the Control Panel> ............................................................ |
3-19 |
|
|
|
<From PageScope Web Connection> .......................................... |
3-25 |
3.4.2 |
Changing the User Box Password and user attributes ................ |
3-28 |
||
|
|
|
<From the Control Panel> ............................................................ |
3-28 |
|
|
|
<From PageScope Web Connection> .......................................... |
3-33 |
3.4.3 |
Accessing the User Box and User Box file ................................... |
3-38 |
||
|
|
|
<From the Control Panel> ............................................................ |
3-39 |
|
|
|
<From PageScope Web Connection> .......................................... |
3-41 |
|
4 Application Software |
|
||
4.1 |
PageScope Data Administrator ........................................................ |
4-2 |
||
4.1.1 |
Gaining access from PageScope Data Administrator .................... |
4-3 |
||
|
|
|
< From the PC> .............................................................................. |
4-3 |
4.1.2 |
Setting the user authentication method .......................................... |
4-6 |
||
|
|
|
< From the PC> .............................................................................. |
4-6 |
4.1.3 |
Making the user settings ................................................................. |
4-8 |
||
|
|
|
< From the PC> .............................................................................. |
4-8 |
4.2 |
PageScope Box Operator ............................................................... |
4-10 |
||
4.2.1 |
Accessing User Box ...................................................................... |
4-10 |
||
|
|
|
< From the PC> ............................................................................ |
4-10 |
4.2.2 |
Creating a User Box ...................................................................... |
4-14 |
||
|
|
|
< From the PC> ............................................................................ |
4-14 |
4.2.3 |
Changing User Box properties (user attributes) ........................... |
4-16 |
||
|
|
|
< From the PC> ............................................................................ |
4-16 |
4.2.4 |
Accessing the User Box file .......................................................... |
4-20 |
||
|
|
|
< From the PC> ............................................................................ |
4-20 |
4.3 |
PageScope Job Spooler ................................................................. |
4-21 |
||
4.3.1 |
Accessing the User Box ............................................................... |
4-22 |
||
|
|
|
< From the PC> ............................................................................ |
4-22 |
4.4 |
HDD TWAIN driver ........................................................................... |
4-28 |
||
4.4.1 |
Accessing from the HDD TWAIN driver ........................................ |
4-28 |
||
|
|
|
< From the PC> ............................................................................ |
4-28 |
4.5 |
PageScope Direct Print .................................................................. |
4-31 |
||
|
|
|
|
|
|
x-4 |
|
C250 |
|
Contents
4.5.1 |
Printing through PageScope Direct Print ..................................... |
4-31 |
|
< From the PC> ............................................................................ |
4-31 |
C250 |
x-5 |
Contents
x-6 |
C250 |
Security Chapter 1
1 Security
Security Chapter 1
1 |
Security |
|
1 Security
1.1Introduction
Thank you for purchasing our product.
This User’s Guide contains the operating procedures and precautions to be used when using the security functions offered by the bizhub C250 machine. To ensure the best possible performance and effective use of the machine, read this manual thoroughly before using the security functions. The Administrator of the machine should keep this manual for ready reference. The manual should be of great help in finding solutions to operating problems and questions.
This User’s Guide (Ver. 1.03) describes bizhub C250/ineo+ 250 Multi Function Peripheral Control Software (MFP Controller: 4038-0100-GM0-08-000).
Compliance with the ISO15408 Standard
When the Enhanced security mode on this machine is set to [ON], more enhanced security functions are available.
The security functions offered by the bizhub C250 machine comply with ISO/ IEC15408 (level: EAL3).
Operating Precautions
The machine gives an alarm message or an alarm sound (peep) when a wrong operation is performed or a wrong entry is made during operation of the machine. (No “peep” alarm sound is issued if Key Accept Sound/Key Refuse Sound in Sound Setting of Accessibility Setting is set to [OFF].) If the alarm message or alarm sound is given, perform the correct operation or make the correct entry according to the instructions given by the message or other means.
The Administrator of the machine should make sure that each individual general user exits from the current mode to return to the basic screen whenever the access to that mode is completed or if the user leaves the machine with the mode screen left displayed.
The Administrator of the machine should exit from the current mode to return to the basic screen whenever the access to that mode is completed or if he or she leaves the machine with the mode screen left displayed.
The PageScope Web Connection functions can be used only if the setting is made to accept “Cookie.”
1-2 |
C250 |
Security |
1 |
|
INSTALLATION CHECKLIST
This Installation Checklist contains items that are to be check by the Service Engineer installing this machine.
The Service Engineer should check the following items, then explain each checked item to the Administrator of the machine.
To Service Engineer
Make sure that each of these items is properly carried out by checking the box on the right of each item.
1. Perform the following steps before installing this machine. |
Completed |
Check with the Administrator to determine if the security functions of this machine should be enhanced. If the functions should be enhanced, check the following.
If the security functions are not to be enhanced, quit the operation without checking the following.
I swear that I would never disclose information as it relates to the settings of this machine to anybody, or perform malicious or intentional act during setup and service procedures for the machine.
When giving the User’s Guide Security Operations to the Administrator of the machine, check that the User’s Guide is the security-compatible version and explain to the Administrator that it is security-compatible.
2.After this machine is installed, refer to the Service Manual and perform the following steps.
Check that the Firmware version (MFP Controller, CheckSum) indicated in the
Service Manual matches the values shown in the Firmware Version screen. If there is a mismatch in the Firmware version number, explain to the Administrator of the machine that upgrading of the Firmware is necessary and perform upgrading of the Firmware.
Set CE Authentication to [ON] and set the CE Password.
Check that CS Remote Care is set to RAM Clear Set, Management Function
Choice to Unset, HDD to Installed, and Image Controller Setting to
Controller0.
3.After this machine is installed, refer to this User’s Guide and perform the following steps.
Check that the Administrator Password has been set by the Administrator of the machine.
Check that the HDD Lock Password or Encryption Key, or both, have been set by the Administrator of the machine.
Check that User Authentication has been set to [ON (MFP)] or [ON (External Server)] (Active Directory only) by the Administrator of the machine.
Check that the self-signed certificate for SSL communications has been registered by the Administrator of the machine.
Let the Administrator of the machine set Enhanced Security Mode to [ON].
The languages, in which the contents of the User’s Guide Security Operations have been evaluated, are Japanese and English.
Explain the way how to get the manual in the language, in which it is evaluated.
Explain to the administrator that the settings for the security functions for this machine have been specified.
Security Chapter 1
C250 |
1-3 |
Security Chapter 1
1 |
Security |
|
When the above steps have been properly carried out, the Service Engineer should make a copy of this page and give the original of this page to the Administrator of the machine. The copy should be kept at the corresponding Service Representative for filing.
Product Name |
|
Company Name |
User Division Name |
Person in charge |
|
|
|
|
|
Customer |
|
|
|
|
|
|
|
|
|
Service Representative |
|
- |
|
|
|
|
|
|
|
1-4 |
C250 |
Security |
1 |
|
1.2Security Functions
Setting the Enhanced Security Mode to [ON] will validate the security function of this machine. For details of the settings of different security functions to be changed by turning [ON] the Enhanced Security Mode, see “Enhancing the Security Function” on page 2-8.
Setting the Enhanced Security Mode to [ON] will enhance the authentication function. Access control is then provided through password authentication for any access to the Administrator Setting mode, User Authentication mode, User Box, a User Box data file, and a Secure Print file. Access is thereby granted only to the authenticated user.
A password that can be set must meet the requirements of the Password Rules. The machine does not accept setting of an easily decipherable password. For details of the Password Rules, see “Password Rules” on
page 1-11.
If a wrong password is entered, during password authentication, a predetermined number of times (once to three times) set by the Administrator of the machine or more, the machine determines that it is unauthorized access through Prohibit Function When Auth. Error, prohibiting any further entry of the password. By prohibiting the password entry operation, the machine prevents unauthorized use or removal of data, thereby ensuring secured used of the machine.
To cancel the password entry operation prohibited condition, the Administrator must perform the Release Setting. When the Administrator performs the Release Setting for the operation prohibited condition, a sound operation control in utmost security is achieved under the control of the Administrator.
Setting the HDD Lock Password provides the following security function. That is, even if the HDD is illegally replaced with another, the HDD authentication function prohibits access to the HDD, when the HDD Lock Password is yet to be set or there is a mismatch in the passwords. In addition, should the HDD be removed unawares, the HDD Lock Password locks the HDD protecting data contained in the HDD. Furthermore, by mounting the optional Security Kit SC-503 and setting the Encryption Key, the data stored in the HDD is encrypted, thereby protecting the data in the HDD. Note, however, that the HDD Lock Password and Encryption Key do not prevent the HDD from being physically removed. Make sure of a good operation control.
When the machine is to be discarded, or use of a leased machine is terminated at the end of the leasing contract, the Overwrite All Data function overwrites and erases all data stored in all spaces of the HDD. The function also resets all passwords saved in the NVRAM to factory settings, preventing leak of data. For details of items to be cleared by Overwrite All Data function, see “Types of Data Cleared by Overwrite All Data Function” on page 1-12.
Security Chapter 1
C250 |
1-5 |
Security Chapter 1
1 |
Security |
|
1.2.1Check Count Clear Conditions
The following are the conditions for clearing or resetting the check count of the number of wrong entries at the time of authentication by the Enhanced Security mode.
<Administrator Setting Mode>
-Authentication of Administrator Setting mode is successful.
-The machine is restarted.
<User Authentication Mode>
-User Authentication mode is successful.
-Release of Prohibit Functions When Auth. Error is executed.
-The machine is restarted.
<Secure Print>
-Authentication of Secure Print is successful.
-Release of Prohibit Functions When Auth. Error is executed.
-The machine is restarted.
<Box>
-Authentication of User Box is successful.
-Authentication for execution of change of User Box Name and User Box Password is successful.
-Release of Prohibit Functions When Auth. Error is executed.
-The machine is restarted.
<SNMP Password (auth-Password, priv-Password)>
-Authentication of SNMP is successful.
-Release of Prohibit Functions When Auth. Error is executed.
-The machine is restarted.
1-6 |
C250 |
Security |
1 |
|
1.3Data to be Protected
The underlying concept of this machine toward security is “to protect data that can be disclosed against the intention of users.”
The following types of image files that have been stored in the machine and made available for use by its users are protected while the machine is being used.
-Image files stored by Secure Print
-Image files stored in Personal User Box and Public User Box
The following types of data stored in the HDD are protected when use of a leased machine is terminated at the end of the leasing contract, the machine is to be discarded, or when the HDD is stolen.
-Image files stored by Secure Print
-Image files stored in Personal User Box and Public User Box
-Image files of a job in the queue
-Image files other than Secure Print file and User Box file
-Data files left in the data space used as image files
-Temporary data files generated during print image file processing
-Destination recipient data (e-mail address, telephone number)
Security Chapter 1
C250 |
1-7 |
Security Chapter 1
1 |
Security |
|
1.4Precautions for Operation Control
This machine and the data handled by this machine should be used in an office environment that meets the following conditions.
Roles and Requirements of the Administrator
The Administrator should take full responsibility for controlling the machine, thereby ensuring that no improper operations are performed.
<To Achieve Effective Security>
-A person who is capable of taking full responsibility for controlling the machine should be appointed as the Administrator to make sure that no improper operations are performed.
-When using an SMTP server (mail server) or an DNS server, each server should be appropriately managed by the Administrator and should be periodically checked to confirm that settings have not been changed without permission.
Password Usage Requirements
The Administrator must control the Administrator Password, HDD Lock Password, Encryption Key, auth-Password, and priv-Password appropriately so that they may not be leaked. These passwords should not be ones that can be easily guessed. The user, on the other hand, should control the User Box Password, Secure Print Password, and User Password appropriately so that they may not be leaked. Again, these passwords should not be ones that can be easily guessed. For the Public User Box shared among a number of users, the User Box Password should be appropriately controlled so that it may not be leaked to anyone who is not the user of the Public User Box.
<To Achieve Effective Security>
-Make absolutely sure that only the Administrator knows the Administrator Password, HDD Lock Password, Encryption Key, auth-Password, and priv-Password.
-The Administrator must change the Administrator Password, HDD Lock Password, Encryption Key, auth-Password, and priv-Password at regular intervals.
-The Administrator should make sure that any number that can easily be guessed from birthdays, employee identification numbers, and the like is not set for the Administrator Password, HDD Lock Password, Encryption Key, auth-Password, and priv-Password.
-If a User Password or User Box Password has been changed, the Administrator should have the corresponding user change the password as soon as possible.
-If the Administrator Password has been changed by the Service Engineer, the Administrator should change the Administrator Password as soon as possible.
1-8 |
C250 |
Security |
1 |
|
|
1 |
|
- The Administrator should have users ensure that the User Authentication, |
Chapter |
|
|
||
Secure Print, and User Box are known only by the user concerned. |
|
|
- The Administrator should make sure that only the users who share a Pub- |
|
|
lic User Box know the password set for it. |
|
|
- The Administrator should have users change the passwords set for the |
Security |
|
User Authentication and User Box at regular intervals. |
||
|
||
- The Administrator should make sure that any user does not set any num- |
|
|
ber that can easily be guessed from birthdays, employee identification |
|
|
numbers, and the like for the passwords set for the User Authentication, |
|
|
Secure Print, and User Box. |
|
|
Network Connection Requirements for the Machine |
|
|
Packets being transmitted over the LAN installed in the office, in which the |
|
|
machine is installed, should be protected from unauthorized manipulation. If |
|
|
the LAN is to be connected to an outside network, no unauthorized attempt |
|
|
to establish connection from the external network should be permitted. |
|
<To Achieve Effective Security>
-If the LAN, in which the machine is installed, is connected to an outside network, install a firewall or similar network device to block any access to the machine from the outside network and make the necessary settings.
-Configure the LAN installed in the office, in which the machine is installed, by using a switching hub and other devices to ensure that the packets are protected from unauthorized manipulation.
-Provide an appropriate network control at all times to make sure that no other copying machine is connected without prior notice to the office LAN to which this machine is connected.
User information control server control requirements
The server administrator is required to apply patches and control accounts for the user information control server connected to the LAN within the office, in which this machine is installed, to ensure operation control that achieves appropriate access control.
Security function operation setting operating requirements
The Administrator should make sure of correct operation control so that the machine is used with the Enhanced Security mode set to [ON].
C250 |
1-9 |
Security Chapter 1
1 |
Security |
|
Operation and control of the machine
The Administrator of the machine should perform the following operation control.
-The Administrator of the machine should log off from the Administrator Setting mode whenever the operation in the Administrator Setting mode is completed. The Administrator of the machine should also make sure that each individual user logs off from the User Authentication mode after the operation in the User Authentication mode is completed, including operation of the Secure Document file, User Box, and User Box file.
-The Administrator of the machine should set the HDD Lock Password according to the environment, in which this machine is used. If the machine is mounted with the optional Security Kit SC-503, the Administrator should also set either the HDD Lock Password or Encryption Key.
Machine Maintenance Control
The Administrator of the machine should perform the following maintenance control activities.
-Provide adequate control over the machine to ensure that only the Service Engineer is able to perform physical service operations on the machine.
-Provide adequate control over the machine to ensure that any physical service operations performed on the machine by the Service Engineer are overseen by the Administrator of the machine.
1-10 |
C250 |
Security |
1 |
|
1.5Miscellaneous
Password Rules
According to certain Password Rules, registration of a password consisting of a string of a single character or change of a password to one consisting of a string of a single character is rejected for the User Password, Administrator Password, User Box Password, Secure Print Password, HDD Lock Password, and Encryption Key. For the Administrator Password, HDD Lock Password, and Encryption Key, the same password as that currently set is not accepted.
Study the following table for more details of the number of digits and characters that can be used for each password.
Types of passwords |
No. of digits |
Characters |
||
User Password |
8 digits or more |
• |
Numeric characters: 0 to 9 |
|
|
|
• Alpha characters: upper and lower case let- |
||
Administrator Password |
8 digits |
|||
|
ters |
|||
|
|
• |
Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <, |
|
|
|
|
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~ |
|
|
|
Selectable from among a total of 92 characters |
||
|
|
|
|
|
User Box Password |
|
• |
Numeric characters: 0 to 9 |
|
|
|
• Alpha characters: upper and lower case let- |
||
Secure Print Password |
|
|||
|
|
ters |
||
|
|
• |
Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <, |
|
|
|
|
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, SPACE |
|
|
|
Selectable from among a total of 93 characters |
||
|
|
|
|
|
HDD Lock Password |
20 digits |
• |
Numeric characters: 0 to 9 |
|
|
|
• Alpha characters: upper and lower case let- |
||
Encryption Key |
|
|||
|
|
ters |
||
|
|
• Symbols: !, #, $, %, &, ', *, +, -, ., /, =, ?, @, ^, |
||
|
|
|
_, `, {, |, }, ~ |
|
|
|
Selectable from among a total of 83 characters |
||
|
|
|
|
|
auth-Password |
8 digits or more |
• |
Numeric characters: 0 to 9 |
|
|
|
• Alpha characters: upper and lower case let- |
||
priv-Password |
|
|||
|
|
ters |
||
|
|
• |
Symbols: !, #, $, %, &, ', (, ), *, ,, -, ., /, :, ;, <, |
|
|
|
|
=, >, ?, @, [, \, ], ^, _, `, {, |, }, ~, ", +, SPACE |
|
|
|
Selectable from among a total of 95 characters |
||
|
|
|
|
|
Precautions for Use of Various Types of Applications
When PageScope Web Connection or an application of various other types is used, the password control function of the application stores the password that has been entered in your PC. If you want the password not stored, disable the password control function of the application.
When using the PageScope Web Connection or an application of various other types, use one that shows “*” or “●” for the password entered.
Security Chapter 1
C250 |
1-11 |
Security Chapter 1
1 |
Security |
|
2
Note
Do not use HDD Backup Utility if this machine is used.
Types of Data Cleared by Overwrite All Data Function
The Overwrite All Data function clears the following types of data.
Types of Data Cleared |
Description |
User registration data |
Deletes all user-related data that has been registered |
|
|
Box registration data/file |
Deletes all User Box-related information and files saved |
|
in User Box |
|
|
Secure Print Document ID/Password/ |
Deletes all Secure Document-related information and |
file |
files saved |
|
|
Image files |
• Image files saved other than Secure Print files and |
|
User Box files |
|
• Image files of jobs in job queue state |
|
|
Destination recipient data files |
Deletes all destination recipient data including e-mail |
|
addresses and telephone numbers |
|
|
HDD Lock Password |
Clears the currently set password |
|
|
Encryption Key |
Clears the currently set Encryption Key |
|
|
Administrator Password |
Clears the currently set password, resetting it to the |
|
factory setting |
|
|
SNMP Password |
Clears the currently set password, resetting it to the |
|
factory setting (MAC address) |
|
|
Network Setting |
Clears the currently set network settings (DNS Server |
|
setting, IP Address setting, SMTP Server setting, Net- |
|
Ware Setting, NetBIOS setting and AppleTalk Printer |
|
Name setting), resetting it to the factory setting |
|
|
1-12 |
C250 |
2 Administrator Operations
Administrator Operations Chapter 2
Administrator Operations Chapter 2
|
2 |
Administrator Operations |
|
|
2 Administrator Operations
2.1Accessing the Administrator Setting Mode
This machine implements authentication of the user of the Administrator Setting mode function through the 8-digit Administrator Password that verifies the identity as the Administrator of the person who accesses the function.
During the authentication procedure, the Administrator Password entered for the authentication purpose appears as “*” or “●” on the display.
When the Enhanced Security mode is set to [ON], the number of times in which authentication fails is counted.
2.1.1Accessing the Administrator Setting mode
The machine does not accept access to the Administrator Setting mode under any of the following conditions. Wait for some while before attempting to gain access to the Administrator Setting mode again.
- The Administrator Setting mode has been logged on to through access made from the PC.
- A remote operation is being performed from an application on the PC. - There is a job being executed by the machine.
- There is a reserved job (timer TX, fax redial waiting, etc.) in the machine. - Immediately after the main power switch has been turned ON.
- A malfunction code is displayed on the machine.
2
Note
Make sure that none of the general users of the machine will know the Administrator Password.
If the Administrator Password is forgotten, it must be set again by the Service Engineer. Contact your Service Representative.
Do not leave the machine with the Administrator Setting mode setting screen left shown on the display. If it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Setting mode.
While you are logging onto the Administrator Setting mode using PageScope Web Connection, any operations from the machine’s control panel are disabled.
2-2 |
C250 |
Administrator Operations |
2 |
|
When accessing the Administrator Setting mode from the control panel, if you have already logged on to the Administrator Setting mode using PageScope Web Connection, the machine displays a message that tells not to turn off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Setting mode once again.
When accessing the Administrator Setting mode from the control panel, if [Export to the device] operation is being executed using the PageScope Data Administrator, the machine displays a message that tells not to turn off the power because of the remote operation being performed and rejects any operation on the control panel. Wait until the message disappears before attempting to access the Administrator Setting mode once again.
<From the Control Panel>
1 Press the [Utility/Counter] key.
2 Touch [Administrator Setting].
?Is it possible to gain access to the Administrator Setting mode while a job is being executed?
%The machine does not accept access to the Administrator Setting mode while a job is being executed. Wait until the execution of the job is completed before attempting to access the Administrator Setting mode again.
Administrator Operations Chapter 2
C250 |
2-3 |
Administrator Operations Chapter 2
|
2 |
Administrator Operations |
|
|
3 Enter the 8-digit Administrator Password from the keyboard and keypad.
–Press the [C] key to clear all characters.
–Touch [Delete] to delete the last character entered.
–Touch [Shift] to show the upper case/symbol screen.
–Touch [Cancel] to go back to the screen shown in step 2.
4 Touch [OK].
? What happens if a wrong Administrator Password is entered?
%If a wrong Administrator Password is entered, a message appears saying that there is a mismatch in the Administrator Passwords and entry of the Administrator Password will be prohibited for five sec. Wait for some while before entering the correct Administrator Password.
%If the Enhanced Security mode is set to [ON], entry of a wrong password is counted as unauthorized access. If a wrong Administrator Password is entered a predetermined number of times (once to three times) set by the Administrator of the machine or more, a message appears saying that the machine accepts no more Administrator Passwords because of unauthorized access for any subsequent entry of the Administrator Password. The machine is then set into an access lock state. To cancel the access lock state, turn off, and then turn on, the main power switch of the machine. When the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. If there is no wait period between turning the main power switch off, then on again, the machine may not function properly.
Here is the sequence, through which the main power switch and
sub power switch are turned on and off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch → Turn on the sub power switch
5 Press the [Utility/Counter] key to log off from the Administrator Setting mode.
2-4 |
C250 |
Administrator Operations |
2 |
|
<From PageScope Web Connection>
1 Start the Web browser.
2 Enter the IP address of the machine in the address bar.
3 Press the [Enter] key to start PageScope Web Connection.
4 Click the Administrator radio button and [Login].
Administrator Operations Chapter 2
5 Enter the 8-digit Administrator Password in the “Administrator Password” box.
?What is the Administrator Password used for accessing the Administrator Setting mode via the PageScope Web Connection?
%When accessing the Administrator Setting mode using the PageScope Web Connection, enter the same Administrator Password as that for the machine.
6 Click the [OK].
? What happens if a wrong Administrator Password is entered?
C250 |
2-5 |
|
2 |
Administrator Operations |
|
|
|
|
|
% If a wrong Administrator Password has been entered, the machine |
|
|
gives a message that tells that authentication has not been suc- |
|
|
cessful. In this case, click [OK] and enter the correct Administrator |
|
|
Password in the “Administrator Password” box. |
2 |
% |
If the Enhanced Security mode is set to [ON], entry of a wrong pass- |
|
Chapter |
|||
|
word is counted as unauthorized access. If a wrong Administrator |
||
|
Password is entered a predetermined number of times (once to |
||
|
three times) set by the Administrator of the machine or more, a |
||
|
|
message appears saying that the machine accepts no more Admin- |
|
|
|
||
Operations |
|
istrator Passwords because of unauthorized access for any subse- |
|
|
quent entry of the Administrator Password. The machine is then set |
||
|
into an access lock state. To cancel the access lock state, turn off, |
||
|
and then turn on, the main power switch of the machine. When the |
||
|
main power switch is turned off, then on again, wait at least 10 sec- |
||
|
onds to turn it on after turning it off. If there is no wait period be- |
||
Administrator |
|
||
|
tween turning the main power switch off, then on again, the |
||
|
machine may not function properly. |
||
|
Here is the sequence, through which the main power switch and |
||
|
sub power switch are turned on and off: |
||
|
Turn off the sub power switch → Turn off the main power switch → |
Turn on the main power switch → Turn on the sub power switch
? What if you fail to log on to the Administrator Setting mode?
%If you have already logged on to the Administrator Setting mode from the control panel or using PageScope Web Connection, the machine displays a message that tells that another administrator has previously logged on and rejects any attempt to log on to the Administrator Setting mode using the PageScope Web Connection. Click [OK] and wait for some while before attempting to access the Administrator Setting mode once again.
%If [Export to the device] operation is being executed using the PageScope Data Administrator, the machine displays a message that tells you cannot log on to the mode because of the remote operation being performed and rejects any attempts to the Administrator Setting mode via the PageScope Web Connection. Click [OK] and wait for some while before attempting to access the Administrator Setting mode once again.
?Is it possible to gain access to the Administrator Setting mode while a job is being executed?
%If an attempt is made to log on to the Administrator Setting mode while a job is being executed, the machine gives a message that tells that it is now impossible to log on to the Administrator Setting mode. Click [OK] and try logging on to the Administrator Setting mode after the execution of the job is completed.
2-6 |
C250 |
Administrator Operations |
2 |
|
7 |
Click the [Logout]. |
8 |
Click the [OK]. |
|
This allows you to log off from the Administrator Setting mode. |
2 |
|
Note
If you have logged on to the Administrator Setting mode using the PageScope Web Connection and if you close the web browser without clicking [Logout], the touch panel of the machine remains locked for 70 sec.
Administrator Operations Chapter 2
C250 |
2-7 |
Administrator Operations Chapter 2
|
2 |
Administrator Operations |
|
|
2.2Enhancing the Security Function
When access to the Administrator Setting mode by the Administrator of the machine via the control panel is authenticated, the machine enables setting of the Enhanced Security mode that allows settings for enhancing each of different security functions to be converted all at once.
In the Enhanced Security mode, the machine allows selection of whether to use the Enhanced Security mode or not. If the Enhanced Security mode is set to [ON], a count is taken of the number of unauthorized accesses to the Administrator Setting mode, User Authentication, SNMP authentication, all Secure Prints, and all User Boxes. A function is also set that determines whether each password meets predetermined requirements. The security function is thus enhanced in the Enhanced Security mode.
The following settings must first be made before the Enhanced Security mode is set to [ON].
2
Note
First, set the Encryption Key. To set the Encryption Key, HDD Format must first be executed. Execution of the HDD Format clears various setting values. For details of items that are cleared by HDD Format, see “Items cleared by HDD Format” on page 2-11.
If both the HDD Lock Password and Encryption Key have been set, it is not possible to cancel the setting of either one of these.
If initialization is executed by the Service Engineer, set the Administrator Password and turn [ON] the Administrator Setting mode again.
Settings to be Made in |
Description |
Advance |
|
Administrator Password |
An 8-digit password that meets the Password Rules. |
|
The factory setting is “12345678.” |
|
|
User Authentication |
Set to either [ON (MFP)] or [ON (External Server)] (Active Directory). |
|
|
HDD Lock Password, En- |
Set the 20-digit HDD Lock Password or Encryption Key, or both. |
cryption Key |
(Encryption Key can be set only when the Security Kit SC-503 is |
|
mounted). |
|
|
Certificate for SSL |
Register the self-signed certificate for SSL communications. |
|
|
2-8 |
C250 |
Administrator Operations |
2 |
|
Settings to be Made in |
Description |
|
Advance |
|
|
Image Controller Setting |
Calls for setting made by the Service Engineer. For details, ask |
|
|
your Service Representative. |
|
Management Function |
||
|
||
Choice |
|
|
|
|
|
CE Password |
|
|
|
|
|
CE Authentication |
|
|
|
|
|
CS Remote Care |
|
|
|
|
|
HDD |
|
|
|
|
Setting the Enhanced Security mode to [ON] changes the setting values of the following functions.
Function Name |
Factory Setting |
When Enhanced Security mode is set to [ON] |
Password Rules |
OFF |
ON (not to be changed) |
|
|
|
Prohibit Function When |
Mode 1 |
Mode 2 (not to be changed) |
Auth. Error |
|
Three times is set. |
|
|
* In association with Secure Document Access |
|
|
Method, the method is changed from authenti- |
|
|
cation using Secure Document ID and pass- |
|
|
word (Mode 1) to that using the password with |
|
|
the secure document first narrowed down by |
|
|
Secure Document ID (Mode 2). |
|
|
|
Public User Access |
Restrict |
Restrict (not to be changed) |
|
|
|
User Name List |
OFF |
OFF (not to be changed) |
|
|
|
Print Without Authenti- |
Restrict |
Restrict (not to be changed) |
cation |
|
|
|
|
|
User Box Admin. Setting |
Restrict |
Restrict (not to be changed) |
|
|
|
SSL |
OFF |
ON (not to be changed) |
|
|
|
FTP Server |
ON |
OFF (not to be changed) |
|
|
|
SNMPv1/v2c |
Read/Write en- |
Only Read is enabled (not to be changed) |
|
abled |
|
|
|
|
SNMP v3 Security Level |
auth/priv-pass- |
The security level can be selected from among |
and auth/priv-password |
word |
[auth-password] and [auth/priv-password]. |
|
|
An 8-digit-or-more auth-password and priv- |
|
|
password can both be set. |
|
|
|
Print Data Capture |
Allow |
Restrict (not to be changed) |
|
|
|
Network Setting Clear |
Enabled |
Restrict |
|
|
|
Incorrect User Box No. |
Print (Show Error Message can be changed, but |
|
Entry |
|
the function cannot be changed to Auto Create |
|
|
User Box) |
|
|
|
Administrator Operations Chapter 2
C250 |
2-9 |
Administrator Operations Chapter 2
|
2 |
Administrator Operations |
|
|
2
Reminder
When Password Rules is set to [ON], the characters and the number of digits used for each password are restricted. For details of Password Rules, see “Password Rules” on page 1-11.
2-10 |
C250 |
Administrator Operations |
2 |
|
2.2.1Items cleared by HDD Format
Following are the items that are cleared by HDD Format.
Whenever HDD Format is executed, be sure to set the Enhanced Security mode to [ON] again.
Types of Data Cleared |
Description |
Enhanced Security Mode |
Set to [OFF] |
|
|
User Authentication |
Set to [OFF] |
|
|
Public User Access |
Set to [Restrict] |
|
|
User Name List |
Set to [OFF] |
|
|
Print Without Authentication |
Set to [Restrict] |
|
|
User registration data |
Deletes all user-related data that has been registered |
|
|
Box registration data/file |
Deletes all User Box-related information and files saved in User |
|
Box |
|
|
Secure Print Document ID/ |
Deletes all Secure Document-related information and files saved |
Password/file |
|
|
|
Destination recipient data |
Deletes all destination recipient data including e-mail addresses |
files |
and telephone numbers |
|
|
2.2.2Setting the Enhanced Security mode
2
Note
When the main power switch is turned off, then on again, wait at least 10 seconds to turn it on after turning it off. if there is no wait period between turning the main power switch off, then on again, the machine may not function properly.
Here is the sequence, through which the main power switch and sub power switch are turned on and off:
Turn off the sub power switch → Turn off the main power switch → Turn on the main power switch → Turn on the sub power switch
Do not leave the machine with the Administrator Setting mode setting screen left shown on the display. If it is absolutely necessary to leave the machine, be sure first to log off from the Administrator Setting mode.
<Setting can be made only from the control panel>
0For the procedure to call the Administrator Setting mode to the display, see “Accessing the Administrator Setting mode” on page 2-2.
1 Call the Administrator Setting Mode to the screen from the control panel.
Administrator Operations Chapter 2
C250 |
2-11 |
Loading...