Technical information

Network Security White Paper ver. G.1.2

Page 14 of 72

1-4-2 Destruction, Corruption and Modification of the File System or Kernel

Although the SFTP service permits write-access, any files that are received by the printer are considered

to be a print job or firmware. If the embedded SFTP server receives anything other than a digitally signed

firmware file, the device will print a binary representation (garbage characters) of the data. A dedicated

account and password is required to input firmware to the printer using the SFTP service. In addition, the

firmware must be digitally signed.

1-4-3 Possibility of Acting as a Server for Relaying Viruses

Although the SFTP service permits write-access, any data written to the device (executable or

otherwise) is treated as a print job and output as printed pages.

1-4-4 Theft of Username, Password, and Device Information

Using SFTP, all data including the username and password is encrypted using DES, 3DES or AES.

1-4-5 Brute force password crack:

The RICOH network device can detect a high frequency of failed logins. If the number of login attempts

exceeds a configured threshold, the device will send an e-mail to the administrator. All failed logins will

be logged.

1-4-6 Theft of Print Data

Interception of network packets: Using SFTP, all data sent over the connection is encrypted. Therefore,

even if data is intercepted, it will be difficult for unauthorized parties to read.

1-4-7 Possibility of Successful DOS (Denial of Service) Attacks

The RICOH network device can detect a high frequency of logins and delay responses to that user’s

a message showing that the device is currently under attack will be displayed in Web Image Monitor.

1-4-8 Recommended Precaution

The following are suggested precautions against threats to the SFTP service.

Scenario 1 Basic Security: Change the username and password from the default value to something

difficult to guess and change them regularly.