Transcript Masterfolie UTAX 2007

Data Security on
TA Triumph-Adler
SynControl Systems
(Sales)
16.07.2015
ISO 15408 EAL3 – Common Criteria
History & Background
 The constant increase in the use of information technology in the business world
led to increased demands in view of data security.
 Already by the end of the 1980s, the complex area of IT security and the related
demands for a secure operation of IT systems and products resulted in the
development of standardised criteria for the evaluation and testing of IT security.
2
ISO 15408 EAL3 – Common Criteria
What is behind ISO 15408 EAL3?
 ISO 15408 is an international Security Standard in the framework of the Common
Criteria which states that the safety engineering of products must comply with the
aforementioned standard.
 Several EA levels exist (0-7) within ISO 15408.
 EAL3 is the currently relevant level for office systems and stands for a certain
level of security and confidentiality within ISO 15408 (Evaluation Assurance
Level), which states that security functions must be methodically tested and
evaluated, including the control of their development environments.
3
ISO 15408 EAL3 – Common Criteria
Which TA Triumph-Adler products comply with ISO 15408?




Data Security Kit (B)* (DC 2060/2080)
Data Security Kit (C)* (DC 2325/2330/2230/2240/2250)
Data Security Kit (D)* (DCC 2625/2632/2635)
Data Security Kit (E)* (DCC 2725/2730/2740/2840/2850, DC 2430, DC 2242/2252,
CLP 4550)
 The certificate is issued in the name of the original manufacturer Kyocera Mita (the
certification is chargeable to each applicant!).
 Since TA Triumph-Adler systems are identical in construction, we can assure our
customers the compliance of our systems with the ISO regulation.
*optional
4
ISO 15408 EAL3 – Common Criteria
What is the effect of installing the optional Data Security Kit?
 Overwriting and encryption functions of the system hard disk and the optional
printer hard disk* are enabled:
Overwriting:
 Data are stored on the hard disk until they are overwritten with other data => with
recovery programs data can be retrieved and used illegally.
 The security kit deletes and overwrites output data so that these can no longer be
recovered – this happens automatically.
*depending on the system
5
ISO 15408 EAL3 – Common Criteria
What needs to be taken into account when installing the optional Data Security Kit?
 Two overwriting methods are available and can be selected by the administrator:
 Simple overwriting: A certain area (when overwriting) or the whole storage area
(when initialising) of the hard disk will be overwritten with zeros (0), so that data
recovery is made impossible.
 Triple overwriting (default): First, the same area as before will be overwritten
twice with random data, followed by zeros (0). This method is more secure than
simple overwriting and makes data recovery almost completely impossible.
6
ISO 15408 EAL3 – Common Criteria
What is the effect of installing the optional Data Security Kit?
Encryption (AES Encryption):
 Scanned originals and other user data are stored on the hard disk.
 The security kit encrypts data before they are stored on the hard disk => this
increases security, because data can only be decrypted during normal use.
 Encryption is carried out automatically in line with AES (Advanced Encryption
Standard). In the US this standard is approved for governmental documents which
are subject to the highest secrecy level.
7
Security Settings at TA Triumph-Adler Systems
Security settings at the system:




Authentication at the system (input of numeric code)
Locking the USB host
Locking „Repeat Copy“
Locking/partially locking the display
8
Security Settings (Scanning)
The security of the scan functions mainly depends upon the security settings of
the user network:
 FTP:
 SMB:
 E-Mail:
Security settings of the FTP server are active:
Input of user name and password is required.
Security settings of the user network are active:
Usually, the user has to log in with user name and password.
Like SMB - SMTP security settings are active:
Usually, a sender address known to the SMTP server has to be
used.
9
Security Settings (Scanning)
A higher security level for scanning is available with the installation of the optional PDF
Upgrade Kit. This kit encrypts and compresses PDF files generated on the system.
Opening as well as printing and editing of PDF files can be restricted.
10
Security Settings (Scanning)
Another possibility to enhance the security level on TA Triumph-Adler systems
when using e-mail transmission is the domain restriction for transmission and
reception.
11
Network Security Settings




Authentication at the Embedded Web Server
Network authentication
Certificates
General settings and helpful hints
12
Authentication at the Embedded Web Server
 Accessing the Embedded Web Server is possible (default).
Via „Basic“ and „Security: Account Settings“ an administrator password can be set.
Access to the Embedded Web Server can be encrypted by SSL.
 At the system several administrators with different passwords can be registered.
Moreover, users can be registered and given a password.
13
Network Security Settings / Certificates
 Certificates offer another possibility to enable communication security in the
network.
 This ensures a secure connection between the print system and the client.
 The certificate generated by the printer is exported, stored in the certification
memory of the clients (Windows XP/Vista) and judged „secure“.
 These settings ensure that no error message (insecure certificate) is generated at
the client.
14
Security Settings (Printing)
 The network security is mainly dependent upon the settings of the user network.
 The security settings of the TA Triumph-Adler systems can be adapted to the
majority of security standards within client networks.
 Various security settings are available from IP filtering, SSL, HTTPS, SMNP V1,
V2C, V3, SMTP and POP3 domain restriction, over NTLM and KERBEROS
authentication, Data Security Kit*, PDF Upgrade Kit* and locking/partially locking
the display up to restricting users (printing, scanning, copying).
 Combining the log-on with the user name and password and the installation of the
Data Security Kit* ensures the highest possible security level for TA Triumph-Adler
systems in a client network.
*optional
15
Printing and Storing of Print Jobs to the Hard Disk
 Available security settings when printing
 Security settings in the printer driver
16
Printing and Storing of Print Jobs to the Hard Disk
Security settings:
 Securing the Document Box with a password
 Using the Data Security Kit
 Sending Private Print jobs with a password
17
Security Settings (Printing)
IP filtering
 IP filtering allows to restrict access to the system to registered IP addresses.
 Access to certain protocols (SNMP, FTP, HTTP, HTTPS, etc.) can be limited with
IP filtering.
18
Security Settings (Printing)
Encrypted printing via SSL
 The transmission to the print system as well as the print data stream are
encrypted so that reading out data in the network by third parties is impossible.
19
Security Settings in the Printer Driver
When using a print system with network authentication or local user this setting is also
active in the printer driver.
Driver settings can be secured by a
password.
20
Security Settings in the Printer Driver
If user boxes have been defined under device properties, item „hard disk“, secure
printing into the box is possible.
15 digit password
21
Security Settings in the Printer Driver
A password can be set for secure printing to prevent access by unauthorised users to
the print data at the system.
22
Security Settings in the Printer Driver
In order to prevent unauthorised printing of copies, a „Security Watermark“ can be
set in the driver under emulation „PCL-XL“.
23
Security Settings in the Printer Driver
Prior to activating the Security Watermark function in the PCL-XL emulation, the
plug-in „Security Watermark“ has to be installed.
24
Thank you very much
for your attention!
25