High Security Mode Management Guide
Contents
1. Enable SSL Enable SMTP Client Enable SSL Verify with imported CA The secure setting is Verify with imported CA certification s certification s or Accept all certificates without CA Authentication AUTO Be sure to confirm that one of CRAM MD5 Digest MD5 Kerberos or NTLM IWA is applied to your use environment SMTP Server Enable SMTP Server Disable POP3 Network Service Enable SSL Verify with imported CA certification s FTP Client Enable SSL Verify with imported CA certification s FTP Server Enable FTP Server Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable Enable SSL Enable SNMP Network Service Enable SNMP V1 V2 Disable Enable SNMP V3 Enable Web Services Setting Enable SSL Enable Web Services Print Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable Web Services Scan Disable SLP Session Enable SLP Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable SMB Session SMB Server Protocol Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable Bonjour Enable Bonjour Enable Although Enable is set by default in the same manner as the normal security m2. OME100078P0 MULTIFUNCTIONAL DIGITAL COLOR SYSTEMS MULTIFUNCTIONAL DIGITAL SYSTEMS High Security Mode Management Guide TOSHIBA TEC CORPORATION 1 11 1 OSAKI SHINAGAWA KU TOKYO 141 8562 JAPAN QUALITY SERVICE R100520J1416 TTEC 2012 2015 TOSHIBA TEC CORPORATION All rights reserved Ver16 F 2015 01 Patent http www toshibatec co jp en patent
3. Enable Use Password Authentication for Print Job Disable Do not change the setting to Enable 18 Precautions on the Initial Values Password Policy Sub Menu Item Policy for Users Initial value for the high security mode Remarks Minimum Password 8 digits Length Requirements to Enable Apply Lockout Setting Enable Same as in the Normal Security Mode Number of Retry 3 times Lockout Time 2 minutes Available Period Disable Same as in the Normal Security Mode Expiration day s 90 days Policy for Administrator Auditor Minimum Password 8 digits Length Requirements to Enable Apply Lockout Setting Enable Same as in the Normal Security Mode Number of Retry 3 times Lockout Time 2 minutes Available Period Disable Same as in the Normal Security Mode Expiration day s 90 days Policy for e Filing Boxes Template Groups Templates SecurePDF SNMPv3 Cloning Secure Receive Minimum Password 8 digits Length Requirements to Enable Apply Lockout Setting Enable Same as in the Normal Security Mode Number of Retry 3 times Lockout Time 2 minutes Precautions on the Initial Values 19 FC 2050C 2550C FC 2555C 3055C 3555C 4555C 5055C FC 287CS 287CSL 347CS 347CSL 407CS DP 4710S 5210S FC 5560C 6560C 6570C DP 2072 2572 3072 3572 4572 5072 DP 5570 6570 7570 8570
4. by an administrator to allow a user access is treated as a temporary one To use the equipment you need to register your password after accessing it with the temporary one The security level is insufficient if you continue to use the temporary password Register your password as soon as possible E Conditions when a temporary password is used A user temporary password is used in the following cases Forthe first time to log in to the equipment after being registered by an administrator When an administrator resets the user s password When the user information password imported by an administrator is plain text When an administrator resets users passwords they must be so notified and prompted to change them to ones of their own choosing Tip To prevent user information exported from an equipment from being altered it is hashed If you change the password for the exported user information plain text is used for the password ll Operation by a user when a temporary password is used If your password can be registered when accessing Registering your password on the control panel Enter the user name and a temporary password in the User Authentication menu When you press OK in the confirmation screen for the temporary password the password entry screen appears Enter the temporary password in OLD PASSWORD Enter your new password in NEW PASSWORD and RETYPE NEW PASSWORD and then press OK The new password is
5. registered and you can log in to the equipment Registering your password in TopAccess When you access the equipment from TopAccess the log in screen appears Enter the user name and a temporary password in the log in screen and then press Login When the registration screen appears enter your new password in NEW PASSWORD and RETYPE NEW PASSWORD and then press SAVE The new password is registered and you can log in to TopAccess If you cannot register a new password when accessing the equipment In the following utilities an error occurs when you try to log in to the equipment with a temporary password Therefore a new password cannot be registered either Before using these utilities register a new password on the control panel or in TopAccess Remote Scan driver e e Filing Web Utility 12 Temporary Password HOLD FAX In the high security mode when an email to which a FAX Internet FAX or image is received it is not automatically output These jobs are stored in the HOLD FAX queue and only a user having the Fax Received Print privilege can print the job Tip If a job is in the HOLD FAX queue the MEMORY RX lamp blinks cn 09 0 O E ACCESS CLE PRINT DATA Printing a job in the HOLD FAX queue 1 Log in to the equipment as a user having the Fax Received Print privilege 2 Press the PRINT button on the control panel r
6. temporary password is used 12 Operation by a user when a temporary password is used ssssssssssseee 12 HOLD i e A Eaa aaa Read d aana pipaa taniyan eiaa 13 THE INITIAL VALUES Precautions on the Initial Values eese nennen nennen nn nnne nn nnne ar nana aa 16 Logglriglliz i ie tor re iie RUND PN UD rues 16 EA A AA 16 CONTENTS 3 4 CONTENTS THE HIGH SECURITY MODE Precautions on Using the High Security Mode uunsssssennennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 6 Confirmation of thiemode rre a ii 7 Operational conditions E 8 Precautions on Using the High Security Mode This operation mode protects customers important information against unauthorized access to the equipment and leakage The following are the security functions when you operate the equipment complying with IEEE Std 2600 1TM 2009 User Authentication Setting function Role Management function Encryption function of data to be written in HDD Log collecting and browsing function e Overwriting function of the specified data in HDD when jobs are completed or the power is turned ON Communication function with SSL or TLS Integrity Check function Management functions such as Log Passwords User Password Policy Date amp Time Auto Clear Session Timer Enable disable of SSL LTS 1 The function to encrypt the data to be written in the HDD for the e ST
7. COUNTER 1988 TOTAL COUNTER DEPARTMENT COUNTER E DEPARTNENT MANAGEMENT SYS v10 78 JOBSTATUS When the Data Overwrite Enabler is installed the hard disk space temporarily used during the job process will be used for another job after the data are overwritten when the user is logging out Precautions on Using the High Security Mode 7 ll Operational conditions Follow the operating guidance above otherwise your confidential information will not be protected from leakage or unauthorized access to this equipment Be sure to set MFP Local Authentication for Authentication Method in the User Management screen If Windows Domain Authentication or LDAP Authentication is set for user authentication the equipment will not be covered by IEEE Std 2600 17V 2009 When connecting the equipment from any of e Filing BackUp Restore Utility File Downloader TWAIN Driver or AddressBook Viewer enter an ID and password to log in The password input is displayed in the blank symbols In addition you will be locked out if the password is input incorrectly a certain number of times Manually select FULL and perform the integrity check at the time of installation and during use periodically A For details of the integrity check refer to the MFP Management Guide User s Manual Advanced Guide Do not change the communication settings of the equipment from the initial values Communication via a network can be pr
8. Precautions on Using the High Security Mode E Confirmation of the mode When this equipment is operated under the high security mode E is displayed on the touch panel of the equipment NON SORT NON STAPLE ie JJ Ej 2som um oS L Ls PROOF COPY sase vE FEED A3 1 gt 1 sum gt a en TEXT PHOTO A4 R BE JOBSTATUS Tips The HDD inside the equipment which is operated under the high security mode is encrypted Moreover the Data Overwrite Option GP 1070 is installed in such equipment To confirm that each function is operating check the display at the top right of the Counter screen on the touch panel of the equipment The HDD is encrypted l T La The icon is displayed The HDD has been encrypted if this equipment is operated under the high security mode The Data Overwrite Enabler is operating properly I The icon showing that the Data Overwrite Enabler is correctly operating is displayed The version of the system which is running is displayed Tip The system version to be displayed differs depending on the equipment which is used e STUDIO2550C Series SYS V4 0 e STUDIO5055C Series SYS V4 0 e STUDIO6570C Series SYS V3 0 e STUDIO507 Series SYS V3 0 e STUDIO857 Series SYS V3 0 e STUIDO407CS Series SYS V2 0 e STUDIO527S Series SYS V2 0 e STUDIO307LP SYS V2 0 ISO IEC 15408 certification accession version E COUNTER PRINT
9. TOSHIBA Leading Innovation gt gt gt MULTIFUNCTIONAL DIGITAL COLOR SYSTEMS MULTIFUNCTIONAL DIGITAL SYSTEMS High Security Mode Management Guide 2012 2015 TOSHIBA TEC CORPORATION All rights reserved Under the copyright laws this manual cannot be reproduced in any form without prior written permission of TTEC Preface Thank you for purchasing Toshiba Multifunctional Digital Systems This manual explains about the conditions and settings for using the Multifunctional Digital Systems which complies with IEEE Std 2600 1TM 2009 Read this manual carefully before using your Multifunctional Digital Systems under the high security mode For the security precautions on operating the equipment complying with IEEE Std 2600 1TM 2009 refer to Security Precautions in the Safety Information Keep this manual within easy reach and use it to maintain the equipment complying with IEEE Std 2600 1TM 2009 If you find any evidence of the suspicious opening of received cartons or you are not sure how it has been packed contact your sales representative E How to read this manual QU Symbols in this manual In this manual some important items are marked with the symbols shown below Be sure to read these items before using this equipment A WARNING Indicates a potentially hazardous situation which if not avoided could result in death serious injury or serious damage or fire in the equipment or surrounding assets A CAUTION Indic
10. UDIO5560C 6560C 6570C e STUDIO207L 257 307 357 457 507 and e STUDIO557 657 757 857 series are not subject to the assessment of ISO IEC15408 2 Only TLS is supported in the e STUDIO5560C 6560C 6570C e STUDIO207L 257 307 357 457 507 and e STUDIO557 657 757 857 series The ISO IEC 15406 certification is applied or will be to the models operating with the following OS and browser combination as well as running in the English or Japanese mode OS Windows XP Browser Internet Explorer 8 MFP e STUDIO2050C 2550C e STUDIO2555C 3055C 3555C 4555C 5055C e STUDIO2555CSE 3055CSE 3555CSE 4555CSE 5055CSE OS Windows 7 Browser Internet Explorer 9 MFP e STUDIO5560C 6560C 6570C e STUDIO207L 257 307 357 457 507 e STUDIO557 657 757 857 Certification pending as of March 2015 To operate the equipment complying with IEEE Std 2600 1TM 2009 under the high security mode configurations according to the use environment such as data or protocol encryption setting and setting for the connection only to the authorized server or client PC are required Pay attention that if the conditions given in this manual are not met you may not be able to operate the equipment complying with IEEE Std 2600 11M 2009 Tips For details of each security function and how to set the related items refer to the TopAccess Guide The optional Hard Disk Kit GE 1220 is required when e STUDIO2050C 2550C with no hard disk is to be used in the high security mode 6
11. a Do not use PUBLIC BOX in e Filing since no password can be set e Do not use MFP LOCAL since no password can be set When printing a Report by InternetFax do not select Print 1st page image so that no copy of the original will be added Administrators must regularly export and store the logs Select Disable in Twain Scanning Select Disable in Enable SLP Select Disable in Web Services Print Select Disable in SMB Server Protocol Select Disable in Enable Bonjour Select Disable in Enable FTP Server An administrator should explain to users that the high security mode is operating in this equipment as well as the following items so that they will keep to them appropriately Printing should be performed by using the printer driver settings of IPP print e Specify a reliable remote PC for the saving destination of the scan data Do not use a shared folder in e Filing Do not use any local folder of this equipment Precautions on Using the High Security Mode 9 UNIQUE FUNCTIONS Temporary Password ni rior aaa 12 Conditions when a temporary password is used uuesnsnnsnnnersnnnnnnnnennnnnnnnnnn eene en nennen nne nnne enne 12 Operation by a user when a temporary password is used uursuesessnnnnesnnnnnnnnnnnnnnnnnnnnnnnnnnn nennen nennen ernennen nano 12 HORDIA anana E a a aN Na 13 Temporary Password In the high security mode a password tentatively assigned
12. ates a potentially hazardous situation which if not avoided may result in minor or moderate injury partial damage to the equipment or surrounding assets or loss of data Indicates information to which you should pay attention when operating the equipment Other than the above this manual also marks information that may be useful for the operation of this equipment with the following signs Tip Describes handy information that is useful to know when operating the equipment co Pages describing items related to what you are currently doing See these pages as required L Model and series names in this manual In this manual each model name is replaced with the series name as shown below Model name Series name in this manual e STUDIO2050C 2550C e STUDIO2550C Series e STUDIO2555C 3055C 3555C 4555C 5055C e STUDIO5055C Series e STUDIO2555CSE 3055CSE 3555CSE 4555CSE 5055CSE e STUDIO287CS 347CS 407CS e STUDIO407CS Series e STUDIO287CSL 347CSL e STUDIO477S 527S e STUDIO527S Series e STUDIO477SL e STUDIO5560C 6560C 6570C e STUDIO6570C Series e STUDIO207L 257 307 357 457 507 e STUDIO507 Series e STUDIO557 657 757 857 e STUDIO857 Series Preface 1 U Explanation for control panel and touch panel e llustrations for the control panel and the touch panel shown in this manual are those of the e STUDIO4540C Series The shape and location of some buttons on the control panel and the dimension of the touch pa
13. e FILING O gt Z s A PRINT FAX l MEMORY RX LINE g 3 Select HOLD FAX 3 PRINT e TENPLATE ME JOB TYPE HOLD FAX v PRIVATE HOLD PROOF INVALID Date Time Paper Pages Sets All jobs in the HOLD FAX queue are displayed HOLD FAX 13 2 UNIQUE FUNCTIONS 4 Select the desired job or SELECT ALL and then press PRINT Ei PRINT 10 11 44 ALLCLEAR J SELECT ALL The job that has been output is deleted from the HOLD FAX queue 14 HOLD FAX THE INITIAL VALUES Precautions on the Initial Values To securely operate the equipment the initial and selectable values in the equipment under the high security mode may differ from those under the normal security mode This manual only explains about the initial values and setting items which are different from those under the normal security mode To operate equipment complying with IEEE Std 2600 11M 2009 be sure to change the initial values for the high security mode listed in this chapter following the instructions described in the remarks column at the start of use and keep them unchanged e For the initial and setting values in the normal security mode refer to the TopAccess Guide and MFP Management Guide To reset all settings by performing Initialization of this equipment back up the setting of this equipm
14. ent and customers data before initializing For details refer to the TopAccess Guide and MFP Management Guide lll Logging in The User Management and Administration tabs in TopAccess are displayed by logging in as a user with the administrator privilege Open TopAccess click Login on the top right and then enter the user name and password to log in TopAccess elim Login Job Status Registration Counter Be sure to log in the ADMIN tab in the USER FUNCTIONS mode of the equipment as a user with the Administrator privilege B Initial value list Administration Tab Setup Menu General Sub Menu Item Initial value for the high Remarks security mode Functions Save as FTP Disable Network iFax Disable Network Fax Disable Web Services Scan Disable Twain Scanning Enable The initial value is the same as that of in the Normal Security Mode however be sure to set to OFF Restriction on Address Book Operation by Administrator Can be operated by Administrator only Energy Save Auto Clear 45 Seconds The initial value is the same as in the Normal Security Mode however OFF cannot be selected The value can be changed in the ADMIN tab in the User Function mode in the touch panel of the equipment 16 Precautions on the Initial Values Network Sub Menu Item HTTP Network Service Initial value for the high security mode Remarks
15. f Apple Inc IOS is a trademark or registered trademark of Cisco in the U S and other countries and is used under license Adobe Acrobat Reader and PostScript are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Mozilla Firefox and the Firefox logo are trademarks or registered trademarks of Mozilla Foundation in the U S and other countries BM AT and AIX are trademarks of International Business Machines Corporation NOVELL NetWare and NDS are trademarks of Novell Inc TopAccess is a trademark of Toshiba Tec Corporation Other company and product names given in this manual or displayed in this software may be the trademarks of their respective companies 2 Preface CONTENTS Chapter 1 Chapter 2 Chapter 3 Preface sa Acre rese d cath acess MA ei EEE ee d RENE den ueusan etek cases TEE ROTER Dd teense cas 1 How to read this MAanual occcconncccnoccncnnnccnnnnaccnnnananonanan ona cnn ona a a cnn non arc nn ana nnnancn nn nana caninas 1 THE HIGH SECURITY MODE Precautions on Using the High Security Mode eeeeeeneenenen n 6 Confirmation of the mode cooooocoocccoccccccccconccocononnnononcnnncnnnnnnnnnnnnnnnn cnn nnnnn rennen enin nennen rrertr nnns ens 7 Operational Conditions sii need eis dn se eee ene utate ei eade ode due a e deua ee 8 UNIQUE FUNCTIONS Temporary Password iii ciendo 12 Conditions when a
16. nel of the other models differ depending on the model however the names and functions of the buttons and parts are the same The details on the touch panel menus may differ depending on the operating environment such as whether options are installed The illustration screens used in this manual are for paper in the A B format If you use paper in the LT format the display or the order of buttons in the illustrations may differ from that of your equipment LJ Options For the available options refer to Options in the Quick Start Guide for your equipment O Trademarks The official name of Windows Vista is Microsoft Windows Vista Operating System The official name of Windows 7 is Microsoft Windows 7 Operating System The official name of Windows 8 is Microsoft Windows 8 Operating System The official name of Windows Server 2003 is Microsoft Windows Server 2003 Operating System The official name of Windows Server 2008 is Microsoft Windows Server 2008 Operating System The official name of Windows Server 2012 is Microsoft Windows Server 2012 Operating System Microsoft Windows Windows NT and the brand names and product names of other Microsoft products are trademarks of Microsoft Corporation in the US and other countries Apple AppleTalk Macintosh Mac Mac OS Safari iPhone iPod touch and TrueType are trademarks of Apple Inc in the US and other countries AirPrint AirPrint logo and iPad are trademarks o
17. ode be sure to set it to Disable The value can be changed in the ADMIN tab in the User Function mode in the touch panel of the equipment Precautions on the Initial Values 17 Printer Sub Menu Initial value for the high Item Remarks security mode General Setting Restriction for Print Only Hold Job Print Service Sub Menu Item Initial value for the high Remarks security mode IPP Print Enable SSL Enable FTP Print Enable FTP Printing Disable Raw TCP Print Enable Raw TCP Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable LPD Print Enable LPD Enable Although Enable is set by default in the same manner as the normal security mode be sure to set it to Disable ODCA Sub Menu Initial value for the high Item Remarks security mode Network Enable Port Disable Security Menu Authentication Sub Menu item Initial value for the high Remarks security mode User Authentication Setting User Authentication Enable You cannot change the setting to Disable Authentication Type MFP Local Authentication Enable Guest User No check mark Disable The initial value is the same as in the Normal Security Mode however it cannot be set to Enable PIN Code Authentication Disable Do not change the setting to
18. otected by SSL if no such changes are made Set to OFF MEMORY TX under USER FUNCTIONS ADMIN LIST REPORT REPORT SETTING COMM REPORT In any of the following cases contact your service technician f the icon showing that the HDD is encrypted Ea is not displayed e f the icon showing that the Data Overwrite Enabler is operating properly zh The displayed system version differs from the actual one is not displayed When SNMPV3 is used be sure to set General User in the Permission Level box during the creation of the SNMP V3 user information in the following menu Administration tab page gt Setup menu gt Network submenu gt SNMP gt Create SNMP V3 User Information screen In the High Security Mode the following functions cannot be used Interrupt copy Network Fax AddressBook Viewer File Downloader TWAIN Driver e Filing BackUp Restore Utility e Scheduled printing Storing to e Filing from a printer driver The function can be selected however an error occurs and the job is deleted As a result printing is not performed When a job is deleted it is recorded in the error log Confirm it in the Logs tab on TopAccess or JOB STATUS LOG PRINT in the equipment Disabling log authentication The automatic log in function in the client software which comes with this equipment is not available Be sure to enter the user name and password when using clien
19. t software 8 Precautions on Using the High Security Mode Any data sent to this equipment such as a Fax and Internet Fax printed or received from a printer driver can be outputted only when a user with the printing privilege is logged in Use IPP SSL to communicate with this equipment When IPP printing is performed use the port created by entering https IP address SSL port number Print into the URL field e g https 192 168 1 2 443 Print For details refer to IPP printing under Installing the Printer Drivers Other Installations in the Software installation guide When importing the data such as address book be sure to use the data exported from this equipment Do not use any applications which need a setting change of the ODCA sub menu in the Setup menu on the Administration tab under TopAccess Do not enable Use Password Authentication for Print Job when printing is performed from this equipment with any of these printer drivers Universal Printer 2 Universal PS3 and Universal XPS To operate this equipment securely be sure to set the following items Perform the setting correctly referring to Initial value list GI P 16 Select Disable in Enable Raw TCP and Enable LPD in the Print Service submenu Use the encrypted PDF format when saving or sending a file and the encryption level shall be 128 bit AES e Specify a reliable remote PC for the saving destination of the scan dat
Download Pdf Manuals
Related Search