Improving the Security of this Machine (For Administrators)

[IPsec Settings]

Specify parameters required for IPsec communication.

You can configure IKE (Internet Key Exchange), SA (Security Association), IPsec peer, or IPsec protocol settings.

[IKE Settings]

Configure settings required to create a common key for IPsec.

For details, refer to Here.

[IPsec SA Settings]

Configure SA (Security Association) required for encrypted communication.

For details, refer to Here.

[Peer]

Register the peer of this machine to use IPsec.

For details, refer to Here.

[Protocol Setting]

Specify a protocol used for IPsec communication.

For details, refer to Here.

[Enable IPsec]

Configure settings to enable use of IPsec on this machine. Also, specify the policy for IPsec communication. For details, refer to Here.

[Communication Check]

Select this option to confirm IPsec communication error logs.

For details, refer to Here.

[Enable]/[Disable]

Select whether to specify an IP address that denies access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IP addresses that deny access using the following format.

• Entry example: "192.168.1.1 - 192.168.1.10"

• If a single IP address is allowed to access, you can only enter the address in one side of the range.

[Enable]/[Disable]

Select whether to specify an IP address that allows access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IP addresses that allow access using the following format.

• Entry example: "192.168.1.1 - 192.168.1.10"

• If a single IP address is allowed to access, you can only enter the address in one side of the range.

[ON]/[OFF]

Select whether to use IEEE802.1x authentication.

[OFF] is specified by default.

[Auth. Status]

Displays the status of IEEE802.1x authentication on this machine.

[Reset Job Settings]

Reset the current setting.

[Certificate Verification Level Settings]

To verify the certificate, select items to be verified.

• [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

• [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

• [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

[Password]

Enter a new administrator password (using up to 64 characters).

[Password Confirmation]

Retype the new administrator password for confirmation.

[Level 1]

Open up the following settings to the users.

• [Low Power Mode Settings]

• [Sleep Mode Settings]

• [Auto Zoom (Platen)]

• [Auto Zoom (ADF)]

• [Specify Default Tray when APS Off]

• [Tri-Fold Print Side]

• [Automatic Image Rotation]

[Level 2]

Open up the following settings to the users.

• Settings that are opened up to users in [Level 1]

• [Print/Fax Output Settings]

• [Output Tray Settings]

• [AE Level Adjustment]

• [Blank Page Print Settings]

• [Page Number Print Position]

• [Change E-Mail Address]

• [Print Jobs During Copy Operation]

[Prohibit]

The settings are not opened up to users.

[Prohibit] is specified by default.

[Enable]/[Invalid]

Select whether to enable Password Rules. Before enabling Password Rules, change the current password to the one that complies with the password rules.

[Invalid] is specified by default.

Once Password Rules is enabled, the following rules are applied to any password that is configured on this machine.

• The minimum number of characters set in [Set Minimum Password Length] (default: 12)

• Passwords are case sensitive.

• A password consisting of a string of identical characters cannot be used.

• The previous password cannot be used.

The password rules are applied to:

• Administrator Password

• User Password

• Account Password

• User Box Password

• User Box Administrator Password

• Secure Print Document Password

• WebDAV Server Password

• SNMP Password

• Remote panel server password

• Encryption Passphrase

[Set Minimum Password Length]

If you enable Password Rules, change the minimum number of characters for a password, as required.

[Prohibited Functions When Auth. Errorr]

Select the severity of penalties applied if an incorrect password is entered during the authentication process.

• [Mode 1]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds.

• [Mode 2]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds. The number of times, authentication fails is also counted and if the failure count reaches a predetermined value, the authentication operation is prohibited and the machine is set into an access lock state.

[Mode 1] is specified by default.

[Release]

Select an item to be released from Access Lock during authentication failure.

[Release Time Settings]

If necessary, change the time that elapses before an access lock state in the Administrator Setting mode is canceled.

If a predetermined time has elapsed after the machine was restarted, an access lock state is canceled.

[5] minutes is specified by default.

[Mode 1]

Displays all files when the ID and password specified in the printer driver are entered. Select a desired file and print it.

[Mode 1] is specified by default.

[Mode 2]

Displays all files when the ID specified in the printer driver are entered. To print, select your desired file, then enter the appropriate password for each file.

[Allow All]

Allows the direct input of destinations.

[Allow All] is specified by default.

[Individual Allowance]

Select whether to allow direct input for each function.

[Restrict]

Prohibits the direct input of destinations. Hides [Direct Input] in the main screen in fax/scan mode.

[Job History]

Specify whether to hide personal information, such as destination and file name, in [Job History] in the [Job List] screen.

The default is [No] (without user authentication/account track) or [Yes] (with user authentication/account track).

[Display Settings]

When you have selected [Yes], select items you want to hide.

• [Mode 1]: Destination, file name, and user box name

• [Mode 2]: Destination, file name, and user box name, and user name

[Public User]/[User Authentication]/[Authentication Track]

Select how to display items you specified in [Display Settings] per Public User, User Authentication, and Authentication Track.

• [Mode 1]: Hide all display items.

• [Mode 2]: Hide only display items other than for login user/login account.

• [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.

• [Mode 4]: Show all display items.

[Current Job]

Specify whether to hide personal information, such as destination and file name, in [In Progress] in the [Job List] screen.

The default is [No] (without user authentication/account track) or [Yes] (with user authentication/account track).

[Display Settings]

When you have selected [Yes], select items you want to hide.

• [Mode 1]: Destination, file name, and user box name

• [Mode 2]: Destination, file name, and user box name, and user name

[Public User]/[User Authentication]/[Authentication Track]

Select how to display items you specified in [Display Settings] per Public User, User Authentication, and Authentication Track.

• [Mode 1]: Hide all display items.

• [Mode 2]: Hide only display items other than for login user/login account.

• [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.

• [Mode 4]: Show all display items.

[User Authentication/Account Track] - [General Settings] - [User Authentication]

Set to [Authenticate].

[Security Settings] - [Administrator Password]

Set a password complying with password rules.

[Security Settings] - [HDD Settings] - [HDD Encryption Setting]

Enable the HDD Encryption.

In Web Connection, register the certificate.

For details, refer to Here.

[Management Function Choice]

[CE Password]

[CE Authentication]

[HDD]

These items must be configured by your service representative. For details, contact your service representative.

[System Settings] - [Restrict User Access] - [Restrict Access to Job Settings] - [Registering and Changing Addresses]

Set to [Restrict].

[User Authentication/Account Track] - [General Settings] - [Public User Access]

Set to [Restrict].

[User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [User Name List]

Set to [OFF].

[User Authentication/Account Track] - [Print without Authentication]

Set to [Restrict].

[User Authentication/Account Track] - [User/Account Common Setting] - [Counter Remote Control]

Set to [Restrict].

[User Authentication/Account Track] - [Print Simple Auth.] - [Authentication Setting]

Set to [Restrict].

[Network Settings] - [FTP Settings] - [FTP Server Settings]

Set to [OFF].

[Network Settings] - [E-mail Settings] - [S/MIME Communication Settings]

• [Automatically Obtain Certificates] is set to [No].

• [3DES] is set if [E-Mail Text Encryption Method] has been set to one of [RC2-40], [RC2-64], [RC2-128], and [DES].

[Network Settings] - [SNMP Settings] - [SNMP v1/v2c Settings] - [Write Setting]

Set to [Invalid].

[Network Settings] - [SNMP Settings] - [SNMP v3 Settings]

[Security Level] for read and write allowed users is set to [auth-password/priv-password].

The Security Level can be changed to [auth-password].

[Network Settings] - [TCP Socket Settings] - [TCP Socket] - [Use SSL/TLS]

Set to [ON].

[Network Settings] - [WebDAV Settings] - [WebDAV Server Settings] - [SSL Setting]

Set to [SSL Only].

[Network Settings] - [Web Browser Setting]

Set to [Invalid].

[Network Settings]-[Remote Panel Settings]

• [Client Settings]: Set to [OFF].

• [Server Setting]: Set to [OFF].

[System Connection] - [OpenAPI Settings] - [SSL/Port Settings] - [SSL Setting]

Set to [SSL Only].

[Security Settings] - [User Box Administrator Setting]

Set to [Restrict].

[Security Settings] - [Security Details] - [Password Rules]

Set to [Enable].

If [Enable] cannot be selected for the Password Rules, you cannot enable the Enhanced Security Mode.

[Security Settings] - [Security Details] - [Prohibited Functions When Authentication Error]

• [Prohibited Functions When Authentication Error] is set to [Mode 2] and [No. of Tries] is set to [3]. No. of tries can be changed in the range between [1] and [3].

• [Release Time Settings]: Limited to [5] minutes. This value cannot be less than five minutes.

[Security Settings] - [Security Details] - [Confidential Document Access Method]

Set to [Mode 2].

[Security Settings] - [Security Details] - [Print Data Capture]

Set to [Restrict].

[Security Settings] - [Security Details] - [Hide Personal Information (MIB)]

Set to [ON].

[Security Settings] - [Security Details] - [Initialize]

If you select [Network Settings] and start it, the Enhanced Security Mode is canceled

[Remote Access Setting] - [Import/Export User Data]

Set to [Restrict].

[Maintenance] - [Import/Export] in Web Connection

The password must be configured.

[Security] - [PKI Settings] - [Device Certificate Setting] in Web Connection

[Remove Certificate] is hidden.

[Security] - [PKI Settings] - [SSL Setting] in Web Connection

• [Mode using SSL/TLS]: Set to [Admin. Mode and User Mode].

• [Encryption Strength]: If it has been set to [AES-256, 3DES-168, RC4-128, DES-56, RC4-40] or [AES-256, 3DES-168, RC4-128], it is changed to [AES-256, 3DES-168].

[Security] - [PKI Settings] - [Protocol Setting] in Web Connection

[Protocol 1]: [SSL], [Protocol 2]: The certificate is registered in the [http Server].

Remote Diagnosis System

Some functions may be disabled. For details, contact your service representative.

[Security Settings] - [Image Log Transfer Settings]

Set to [OFF].

Preview Secure Document User Box

Only the list is displayed before the password authentication is performed.

[Yes]/[No]

Specify whether to automatically delete data stored on the hard disk or in the memory by overwriting.

[No] is specified by default.

[Overwrite Method]

Select the method for deleting data stored on the hard disk or memory by overwriting.

• [Mode 1]: Overwrites with 0x00.

• [Mode 2]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with letter "A" (0x61) - Verifies

[Mode 1] is specified by default.

[Encryption Priority]/[Overwrite Priority]

When setting [Overwrite HDD Data] with [HDD Encryption Setting] in combination, select the preferred option for deleting data stored on the hard disk.

• [Encryption Priority]: Overwrites data using a method different from [Mode 1] and [Mode 2] of [Overwrite Method]. To set [Overwrite HDD Data], select [Encryption Priority].

• [Overwrite Priority]: Overwrites data using the method specified at [Overwrite Method].

When changing this setting, you need to formatting the hard disk after restarting this machine. Before you attempt to change the setting, be aware that data may be deleted.

[Encryption Priority] is specified by default.