Transcript Data Security Solutions for Canon imagePASS-S1

Canon Security Solutions
For
imageRUNNER Series
imageCHIP Devices
Canon Security Solutions Overview
• Introduction to Canon Security Technology and
Goals
• Typical Customer Security Concerns
• System Architecture Security
-imageRUNNER Controller Security
-MEAP Architecture Security
-imageRUNNER FAX Security
• Hardware Architecture Security
• Device Security Features
-HDD Security
-Device Access Security (Authentication)
-Document Security
-Device Management
Typical Customer Security Concerns
Is Can
the
Canhard
What
we
someone
happens
limit
driveaccess
of
access
atthe
theMFP
toend
the
myvulnerable
of
information
MFP
the device
leasetoIfor
copy,
to
hackers?
the
prevent
print,
MFP.non
authorized
scansomeone
Can
or faxusage?
on access
a MFP?my documents after the
device is returned?
Which Canon Security features
might address these customer
concerns?
Security Overview
 Canon has introduced a security related workflow to help improve Device Security, Data
Protection & Information Integrity
Document Security
Mail Server Security
Network Security
•
•
•
•
•
•
•
• POP Authentication before SMTP
• SMTP Authentication
•
•
•
•
•
•
Encrypted Secured Print
Watermark/Secure Watermark
Copy Set Numbering
Encrypted PDF
Digital Signature PDF
FAX Forwarding
FAX Destination
Confirmation
HDD Security
•
•
•
•
•
HDD Data Erase
HDD Data Encryption
HDD Format
Mail Box Password Protection
Job Log Conceal
Internet
MAC Address Filtering
IP Address Filtering
SSL Encryption
Network Application On/Off
USB Block
Destination Restriction
Device Access Security
•
•
•
•
•
Department ID (up to 1000 IDs)
User Authentication (SDL/SSO)
Function Authentication (AMS)
Control Card / Card Reader system (optional)
Smart Card Authentication
Device Management
• DIDF (Device Information Delivery Function)
• Key Switch Unit
imageRUNNER Architecture Security
imageRUNNER Controller
• imageCHIP controller is the heart of every imageRUNNER device
imageRUNNER Architecture Security
imageRUNNER Controller Security
• imageCHIP Controller
Unix-based, Real Time Operating System
• Closed and proprietary system not widely
•
•
•
distributed
Not standard UNIX code
Not a common target for viruses or hackers
Source Code expressly designed to run Canon
embedded applications
In Comparison, Linux Based MFP:
• Open architecture widely distributed
• Higher potential of hacking and manipulation
of embedded device and network
imageRUNNER Architecture Security
MEAP Architecture Security
• SDK distribution restricted & controlled
• Virtually impossible to alter a MEAP app
or write a rogue application
• Application integrity secured by Canon
Inc.
• MEAP Applications “digitally” signed with
special “signature” and license
• If application is modified, signature code
will not match and application will not run
• Application and license file are encrypted
imageRUNNER Architecture Security
imageRUNNER FAX Security
iR Fax Boards have “Firewall” Protection
• Firewall physically and logically separates the fax board from network
functions
• Residing on the main controller board
• G3 fax board implementation connects to PSTN & responds only to
CCITT.T30 commands and does not support network communication
protocols
• iR Fax Board does not have binary transfer function
• Not possible to receive data files other than fax image files
Security Features
Standard imageRUNNER Hard Disk Drive & RAM Security
Hard Disk Drive
• Temporary/permanent data and directory are written in
random non contiguous locations on hard drive
• Data is compressed in a proprietary file format;
Not functional/readable outside of iR
• Mail Box Password Protection
Job Log Conceal
• Hides the list of completed jobs
• Aids in regulatory compliance
RAM Volatility
• At Power shut-down,
information on RAM is cleared
Hard Disk Drive Security Features cont.
Securely Remove Information at End of Device lifecycle
•HDD format is standard on all imageRUNNER Devices
•This feature, once activated, will overwrite entire user
partition: Contacts, documents in mailbox, all other user
image data
•Overwrite using random data up to three times (Security
kit not required (once with null is standard setting))
•Reduce concern for Customer to need to destroy/remove
hard drive to protect company information
Key Uses for HDD Format:
End of Lease
End of product lifecycle
Device relocated to new department
Supported Devices:
iR105+/9070/8070/6570/5570/5070/
4570/3570/2870/2270/
iR7105/7095/7086
iRC6870U/C5870U/C3170U/C3170i/
CiRC5185/5180/4580/4080/
3380/2880
Hard Disk Drive Security
Optional Available Security Features
• Hard Disk Drive Data Encryption (up to 256-bit), AES
• Hard Disk Drive Data Erase
Hard Disk Drive Security Features
Hard Disk Drive Data Erase
•
•
•
•
Overwrite each copy, print, scan and fax job
Up to three different levels of erasing documents:
•Once with null
•Once with random
•Random data three times for maximum
Overwriting prevents data retrieved by disk/file recovery
Overwriting is resistant to keystroke recovery (Hacker Tools)
Deletion of Job Data Using the imageRUNNER Data Erase Function
Hard Disk Drive Security Features
Hard Disk Drive Data Encryption (256-bit), AES
•
•
•
•
•
Mathematical algorithms are used to scramble bits of data or any
image stored on the hard drive
The data is encrypted using 256-bit, AES encryption
A secret Key that is created to encrypt all images before written to the
HDD
•This will protect both temporary and stored jobs/data
Canon MFP Security Chip 1.00 is key Canon proprietary component
inside every HDD Encryption Kit
Has acquired EAL3 status under the Common Criteria Program (also
known
as ISO 15408 )
Device Access Security
(Authentication)
Implement mandatory proper identification and
authentication to utilize: Print, Copy, Fax, Email
• Department ID Management
• Simple Device Log-in (SDL)
• Single Sign On (SSO)
Device Access Security
(Authentication)
Department ID Management
• Allows Administrators to configure the
imageRUNNER device with valid IDs and passwords
• Helps Limit Print output volumes by users/ departments
• Restricts system access
• Supports up to 1,000 accounts
• Up to 7 digit ID and password for each account
• Ability to track
• Job histories
• Volumes
• Restrict individual job functions
Screenshot from Color Device
Device Access Security
(Authentication)
Simple Device Log-in (SDL)
Authentication
• An enhanced version of Department ID
Management
• Grants access only after verifying an additional
“Personal” ID and Password
• Any message sent from an imageRUNNER Device
using SDL, the users will have email automatically
displayed
Device Access Security
(Authentication)
Single Sign On (SSO) Authentication
• For environments utilizing Active Directory.
• Allows employees to access an imageRUNNER device
on the network using the same ID and password as
their PC.
• Utilizing SSO, administrators can track each user for
each specific imageRUNNER device
Device Management
Access Management System
A device management feature that allows access restrictions to be assigned to users
and groups to restrict entire functions or restrict specific features within a function
IT
No
Restrictions
AVAILABLE
SEND
AVAILABLE
MAIL BOX
AVAILABLE
SEND
AVAILABLE
MAIL BOX
AVAILABLE
B/W &
Double
Sided
Double
Sided
Manager
COPY
COPY
COPY
AVAILABLE
SEND
AVAILABLE
MAIL BOX
AVAILABLE
AVAILABLE
COPY
AVAILABLE
SEND
BLOCKED
MAIL BOX
BLOCKED
Contractor
Staff
B/W &
Double
Sided
Guest
COPY
AVAILABLE
SEND
BLOCKED
MAIL BOX
BLOCKED
Device Management
What can be restricted with AMS?
Web Access
Copy
(Allowed / Not
Allowed)
•Color copying
•2 Sided Copies
•Page Layout
(Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or
prohibits use of Web Access
Function
Hold
(Not Set, Allowed / Not Allowed)
Send
(Allowed / Not
Allowed)
•Destination Type
•Specific Address
Domains
Print job
•Address Book Access
•Leave unspecified or allows or
prohibits use of the Print Job
Function
•Device Signature PDF
Mail Box
(Not Set, Allowed / Not Allowed)
(Allowed / Not
Allowed)
•Print / Color Print
•2 Sided printing
•Page Layout
*Printing
•Leave unspecified or allows or
prohibits use of the Job Hold
Function
from the PC cannot be restricted
*Scan Tab (Twain Scanning) cannot be restricted
* Does not currently support SSO authentication
MEAP Applications
(Not Set, Allowed / Not Allowed)
•Leave unspecified or allows or
prohibits use of any MEAP
Applications. Features for
applications can be restricted
separately
Network Security
imageRUNNER Network-based Access Controls
Controlled Access to Ports and
Services
•System Administrator can disable
services and ports to lessen system
vulnerabilities, ex: IPP, FTP, SNTP,
SNMP, RAW, LPD, etc…
•imageRUNNER device is set up to
support only necessary protocols used for
transferring data
Network Security
imageRUNNER Network-based Access Controls
IP Address Filtering
• Authorized IT personnel can reject or permit incoming packets from other
IP Addresses
• Restrict access to the imageRUNNER device for:
• Specific Users
• Group Users
MAC Address Filtering
• Used for smaller networks
• Allows or denies access to specific addresses
• Up to 100 Mac addresses can be registered from the UI
• Mac Addresses have higher priority than an IP Address (they never
change)
Network Security
imageRUNNER Data Protection
Secure Socket Layer (SSL) Encryption
• Ensure scanned and Universal Send documents on the
network are safely transmitted to the recipient
• SSL also supports RUI, I-FAX, Web Access, & DIDF
• Encrypts information transferred from the device over a
network
Document and Information
Security
 Secured Print
 Encrypted Secured Print
 Password-protected Mail Boxes
Document and Information
Security
Encrypted Secured Print
Two layers of security:
1. Encryption of Document Data itself
2. Password Protection
 The encrypted data will not be
decoded until the user enters the
correct password
 After printed out, the data will be
deleted
*Encryption
*Password
*Entering Password,
then decode and print out
Encrypted Secure Print Job
Secure Print Job
NOTE: The user can not select the Secure Print when Encrypted Secure Print is in effect.
 User name and file name will not be
shown on the Status Monitor
Document and Information
Security
imageRUNNER HardCopy Security
• Secure Watermark
This embeds hidden text within the backgrounds of documents
Original
(Secure Watermark
w/ Color Background)
“COPY” appears when document
is Copied/Printed
Document and Information
Security
PDF Encryption Option for Universal Send
(PDF Security Feature Set)
• Enables PDF’s sent over a
network to have Adobe
Standards of encryption.
• Performed directly at the
imageRUNNER device without
the need for additional
software
• A password will be required for
the end user to use the PDF
sent through USend.
• The password can be
encrypted for further security
• Optional 40 or 128-bit
Encryption
Document and Information
Security
Digital Device Signature PDF
(Universal Send PDF Security Feature Set)
•
Device Signature mode enables user to add a digital signature to PDF data, which
enables the recipient to verify which device scanned it and tracks if the file has
been altered.
Name and S/N of
device is attached
When using SSO and SDL* with
device signature, user’s e-mail
address will appear in Document
Properties as Author
Tracks document
alteration. If PDF is
altered, revisions change
to 1 of 1 to 1 of3.
*(SDL note) E-mail address will
only appear based on set-up
Benefit: Helps to send documents securely by preventing security problems such as impersonation and
unauthorized alteration of documents
NOTE: Device Signature and User Signature can be combined. Device Signature mode uses the certificate and key pair inside the device. Users can register only
one key pair. The name of the generated/updated key pair is set to ‘Device Signature Key’. The expiration date for the device signature is set to 5 years after its
key pair was generated/updated.
Document and Information
Security
Digital User Signature PDF
•
Digital User Signature mode enables user to add a digital signature
to PDF data, which enables the recipient to verify which user
scanned it and whether the document has been altered.
NOTE: The User Signature mode is available only if the optional Digital User Signature PDF Kit is activated. SDL or SSO must be set and a user certificate must be
installed in the machine using the RUI. The Device Signature and the User Signature can be combined, however the Device Signature will be added before the User
Signature which result in the document to be handled as if it has been altered without authorization when the recipient verifies the Device Signature.
Document and Information
Security
Destination Restriction
In combination with the features below, administrator can put restriction for destinations
Universal Send feature to help prevent sending to wrong destination and information lea
•Address Book Password
A password is set, restrictions can be placed on the registering, editing,
and erasing of destinations
•Restrict New Address
Enables you to restrict the entering of new addresses
Only the following to be specified as destinations:
•Stored in the Address Book
•LDAP servers
•User Inboxes
•One-touch buttons
•Favorites buttons
•Your e-mail address
(Send to Myself, if using SDL/SSO login)
When the restriction feature is on,
these buttons are grayed out.
imageWARE Accounting Manager
imageWARE Accounting Manager for me
 Comprehensive Audit trail for usage of copy, print, & scan
 Most complete Cost Recovery tool to analyze usage on both
imageRUNNER MFP and LBP line together
 Provides the Administrator the ability to view/download device
workload statistic and generates reports by:
Individual
Group
Device
Department
Typical Customer Security Concerns
Can
access
theMFP
information
copy,
Can
What
wesomeone
limit
happens
access
at the
to my
end
of the
device
leasetoI for
prevent
theprint,
MFP.
nonscan or
Is thefax
hard
drive
of the MFP vulnerable to hackers?
onsomeone
a MFP?
authorized
Can
usage?
access
my
documents after the
Canon
Standard
hardened
Architecture
Universal
Sendsecurity
Destination
Restrictions
Dept
IDdevice
Management
is system
returned?
Unique
Operating
Encrypted
secure
print reduces vulnerability to hackers
SDL
Unnecessary
disabled by default
HDD Data protocols
Encryption
Watermark/Secure
Watermark
SSO
Mac
& IPSet
address
filtering
Copy
Numbering
HDD
Data
Erase
eCopy
Secure
Socket
LayerPDF
Digital
Signature
HDD Format
Authorized
Send ( end of life procedure)
Encrypted PDF
Canon
Securing your imageRUNNER
Technology
Thank You