Technical information

Network Security White Paper ver. G.1.2

Page 23 of 72

1-11-3 Recommended Precaution

In order to maintain a strict security policy, we recommend the following precautions.

Scenario 1

Standard Security: IPP Authentication should be either “BASIC” or “DIGEST”. This can be configured in

Web Image Monitor, the mshell or the operation panel

“DIGEST” authentication is more secure than “BASIC” because the username and the password are not

sent in clear text.

Scenario 2

High Security: Close the IPP port (631/TCP).

If it is not absolutely necessary, the IPP port should be closed via Web Image Monitor or the mshell.

NOTE1: This only closes the IPP port. The IPP service is still available using HTTP or HTTPS.

NOTE2: HTTPS is recommended over HTTP or IPP.

1-12DIPRINT (RAW Print)

1-12-1 Function Overview

The DIPRINT (Direct Print or RAW Print) service is Ricoh Company Ltd’s name for port 9100

communication. This service provides direct printing from remote terminals using TCP port 9100.

1-12-2 Potential Threats and Recommended Precautions

Possibility of Acting as a Server for Relaying Viruses

The DIPRINT service treats all received data as print jobs. An executable file submitted to the embedded

DIPRINT service would be printed as garbage data.

Theft of Username and Password

Interception of network packets: Print data may contain authentication information. This information can

be encrypted by the printer driver. Please refer to the user manual and driver help sections for more

information about this method.

Theft of Print Data

Interception of network packets: Depending on device and driver settings, print data might be sent as

clear text. In this case, if intercepted by a third party, it is easily read.