Version 1.0 June 14, 2010 White Paper: Canon imageRUNNER ADVANCE Security INTENT OF THIS DOCUMENT: Canon recognizes the importance of information security and the challenges that your organization faces. This white paper provides information security facts for Canon imageRUNNER ADVANCE systems.
Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Device Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Information Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 5. Security Monitoring & Management . . . . . . . . . . . . . . . . . . . . . 29 6.
Section 1 — Introduction “If you look at these machines as just copiers or printers, you first wonder if you really need security. Then you realize conventional office equipment now incorporates significant technology advances and capabilities that make all documents an integrated part of a corporate network that also involves the Intranet and Internet.
Section 1 — Introduction 1.1 — Security Market Overview In today’s digital world, risks to networks and devices come in more forms and from more directions than ever before. From identity theft and intellectual property loss to infection by viruses and Trojan horses, IT administrators today find themselves playing an additional role of security officer to adequately protect information and assets from threats from the outside as well as within.
Section 2 — Device Security 2.1 – imageRUNNER ADVANCE Controller Security The imageRUNNER ADVANCE series is built upon a new platform that provides powerful enhancements to security and productivity. The new architecture centers on a new operating system powered by an embedded version of Linux, which is quickly becoming the most widely adopted platform for sophisticated devices.
Section 2 — Device Security Canon imageRUNNER ADVANCE systems also ship with SSO-H, which supports direct authentication against an Active Directory domain using Kerberos or NTLMv2 as the authentication protocol. SSO-H does not require any additional software to perform the user authentication as it is able to directly communicate with the Active Directory domain controllers. In Local Device Authentication mode, SSO-H can support up to 5,000 users.
Section 2 — Device Security 2.3 – Access Control Canon imageRUNNER ADVANCE systems support a number of access control options to help you manage the use of device settings and functions in addition to specific capabilities of certain functions. Access control solutions for the imageRUNNER ADVANCE can help Authentication, Authorization, and Auditing. Canon offers solutions that can lock down the entire device, or simply lock down specific functions (e.g.
Section 2 — Device Security The following describes the various Base access levels (roles) that are available: Privileges by Access Level Predefined Role Access Privileges Administrator Given privileges to operate all device functions. Network Manager/Admin Network manager mainly manages the settings related to the network under Settings/Registration. Device Manager/Admin Device Manager can specify settings related to management settings for paper type and function settings for Send/Receive.
Section 2 — Device Security When the Access Management System has been enabled, users must log in to the device using SSO user authentication. Access Management System supports authentication through local device authentication as well as Active Directory using SSO-H*, which includes support for Kerberos Authentication. Once a user logs into the device with their user name and password, the device can determine which roles are assigned to that particular user.
Section 2 — Device Security Address Book Password Screen Address Book Access Code Enable/Disable Screen Access Code for Address Book End-users will also have the capacity to place an access number code on addresses in the Address Book. When registering an address, users can then enter an Access Number to restrict the display of that entry in the Address Book. This function limits the display and use of an address in the Address Book to those users who have the correct code.
Section 2 — Device Security Print Driver Security Features Print Job Accounting A standard feature in Canon’s printer drivers, print job accounting requires users to enter an administrator-defined password prior to printing, thereby restricting device access to those authorized to print. Printing restrictions can be set using Department ID credentials or through the Access Management System.
Section 3 – Information Security Protecting your organization’s confidential information is a mission that Canon takes seriously. From your documents, faxes and e-mails to the underlying data on the internal hard disk drive and in memory, Canon has built in many controls to help ensure that your information does not become compromised. 3.
Section 3 – Information Security Document Storage Space Protection Mail Box Security Each imageRUNNER ADVANCE system ships standard with Mail Boxes for storage of scanned and printed data. Mail Box security is provided by the ability to designate a unique password for access. Once a document is stored in the Mail Box (if the Mail Box is password protected), a user must enter their password to retrieve documents.
Section 3 – Information Security Administrators can manage the Advanced Box feature through the Remote UI interface and perform the following actions: • • • • Create user accounts and define type (Admin vs. End User) Activate authentication and enable Personal Space Register network devices for remote access Select the file formats allowed for storage (printable format only, common Office formats, or all).
Section 3 – Information Security Digital Signature PDF (Device and User Signature) Within Scan and Send, users can add digital signatures that verify the source and authenticity of a PDF or XPS document. When recipients open a PDF or XPS file that has been saved with a digital signature, they can view the document’s properties to review the signature’s contents including the Certificate Authority, system product name, serial number and the Time/Date stamp of when it was created.
Section 3 – Information Security The Scan Lock feature enables the following restrictions to be applied to a document: • Complete Restriction: No one can make any copy/send/fax. • Password Authentication: Allows the ability to make copy/send/fax only if the proper password is entered. • User Authentication: Allows the ability to make copy/send/fax only to original authorized user logged into the device with the proper User ID and Password.
Section 3 – Information Security information from environments, where sensitive information is processed, by analyzing the hard disks from these devices. In order to help protect your sensitive and confidential information Canon imageRUNNER ADVANCE systems include a standard hard disk format utility, as well as more advanced optional accessories, such as the HDD Data Erase Kit, the HDD Data Encryption Kit or the Removable HDD Kit.
Section 3 – Information Security HDD Data Erase Kit The optional HDD Data Erase Kit enables system administrators to configure their imageRUNNER ADVANCE to overwrite the internal image server hard disk and erase previous data as part of routine job processing. The technology can be set to overwrite: 1. 2. 3. 4. Once with null data, Once with random data, Three times with random data, Or DoD 5022.22M 3-pass overwrite mode. Please refer to Section 9.
Section 3 – Information Security Please see below for overwrite examples of what occurs on the device in certain job modes using a job consisting of three sets of three originals. 1. Copy/Print Mode: a. Group Sort When a user programs a job to be sorted into group sets with no finishing specified, the page data would be overwritten every time a ‘set’ is complete. b.
Section 3 – Information Security 2. Mail Box Print a. Mail Box Print When a user prints a job stored in the Mail Box, all pages will be overwritten immediately after the entire job has printed out. 3. Send/Scan Job a. Send/Scan data When a user sends or scans a job to another destination, all page data will be deleted or overwritten immediately after the entire job has been sent. b.
Section 3 – Information Security Essentials Workflow Composer Canon imageRUNNER ADVANCE Essentials includes the Workflow Composer component to enable users and administrators to create custom workflows that automate redundant tasks and provide integration with back-end systems via connectors. Administrators are able to create workflows for users to reduce errors when sending documents and limit access to only designated individuals for operations that interact with back-end systems.
Section 3 – Information Security 3.3 – Fax Security Super G3 Fax Board and Multi Line Fax Board Canon imageRUNNER ADVANCE systems that support Super G3 fax capabilities with the optional Super G3 Fax Board installed can be connected to the Public Switched Telephone Network for sending and receiving of fax data.
Section 3 – Information Security Advanced Box Fax Forwarding & Fax Received Notification Similar to the Fax Forwarding function, imageRUNNER ADVANCE systems support the capability to define separate forwarding rules based on the line upon which the fax was received. Each fax can be routed to a specific shared or personal space Advanced Box location, database, file server, Confidential Fax inbox or another fax device.
Section 4 – Network Security 4.1 – Network and Print Security (Canon Network Printer Kit Only) Canon imageRUNNER ADVANCE systems include a number of highly configurable network security features that assist in securing information when the optional Network Print Kit is installed.
Section 4 – Network Security IP Address Filtering Using the RX/Print Settings function, the System Manager can limit network access to the device to specific IP addresses or ranges for printing and Settings/Browsing. Up to eight individual or consecutive address settings can be specified. Subsequently, the System Manager can also choose to permit a range of addresses, but reject specific addresses within that range.
Section 4 – Network Security See the imageRUNNER ADVANCE system manual for the specific device in question for additional instructions on registering IPSec-based security policies. Authentication and Encryption Method: One of the following methods must be set for the device. • AH (Authentication Header) A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.
Section 4 – Network Security IEEE 802.1X Canon imageRUNNER ADVANCE systems support IEEE 802.1x, which is a standard protocol for portbased Network Access Control. The protocol provides authentication to devices attached to a LAN port and establishes a point-to-point connection only if authentication is successful. The Extensible Authentication Protocol (EAP) is attached to both wired and wireless LAN networks, allowing multiple authentication methods such as cards and one-time passwords. IEEE 802.
Section 4 – Network Security There are three possible scenarios that are explored: • Data with a virus attached in the e-mail: All file attachments except for ‘TIFF” files received in the e-mail are discarded immediately after reception. • Viruses pretending to be TIFF files: TIFF image files are compressed with formats such as MH, MR, and MMR. The imageRUNNER ADVANCE system compresses the ‘TIFF’ format at reception and after regenerating the image encodes the image again.
Section 5 – Security Monitoring & Management Tools Canon provides a number of tools to help organizations enforce their internal company policies and meet regulatory requirements. Whether a single imageRUNNER ADVANCE system is deployed, or a fleet of them, these solutions provide the ability to audit usage and limit access to features and functions enterprise-wide—at the group and user-level. 5.
Section 6 – Logging & Auditing Few security procedures can completely prevent the intentional leak of confidential information while maintaining high productivity, but if an occurrence does happen it is important to be able to trace it to the source. Canon has developed a number of cutting-edge technologies to provide administrators with powerful ways to discourage leaks and investigate unauthorized access. 6.
Section 6 – Logging & Auditing 6.2 – Canon imageWARE Accounting Manager Canon imageWARE Accounting Manager provides enhanced audit tracking capabilities to the end-user environment. In addition to tracking usage by Department ID or SSO account, imageWARE Accounting Manager in conjunction with SSO will provide the ability to track usage per individual user. Canon imageWARE Accounting Manager provides the capability to: • • • • • • • • • • Track copy, scan, send & fax jobs.
Section 7 – Canon Solutions & Regulatory Requirements Canon is dedicated to providing the most secure multifunctional printers available on the market today. Many of our products meet or exceed the requirements of government agencies and private entities as they relate to security certifications and industry regulations. 7.
Section 7 – Canon Solutions & Regulatory Requirements 7.
Section 8 – Conclusion Since initially introduced, the highly successful Canon imageRUNNER series of devices have rapidly grown in both the breadth and depth of features and functions. With each release, these devices have become increasingly integrated within the IT and network infrastructure.
Section 9 – Addendum 9.1 – Canon Security Recommendations Quick Reference Each customer’s needs are different, and while the security of corporate data is ultimately the responsibility of the customer, the security technologies outlined below may help support your organization's information security needs. The following actions are recommended by Canon as appropriate first steps in securing an imageRUNNER ADVANCE system for most environments.
Section 9 – Addendum 9.
The information provided in this document is the most current information available at the time of its creation. Canon hereby expressly disclaims all warranties of any kind, express or implied, statutory or non-statutory, in relation to the information provided in this document.