Aficio MLP150DN Technical Information

Network Security White Paper ver. G.1.2 Copyright  2011 RICOH Americas Corporation. All rights reserved. Page 1 of 72 Visit our Knowledgebase

Network Security White Paper ver. G.1.2 Page 10 of 72 We also recommend using the Access Control function for added security. Access Control is a li

Network Security White Paper ver. G.1.2 Page 11 of 72 1-2-5 Interception of network packets: When accessing the products using TELNET, the userna

Network Security White Paper ver. G.1.2 Page 12 of 72 1-3 FTP 1-3-1 Function Overview The FTP (File Transfer Protocol) service is compliant with RF

Network Security White Paper ver. G.1.2 Page 13 of 72 password that are disclosed only to Service Technicians is required to input firmware to the pr

Network Security White Paper ver. G.1.2 Page 14 of 72 1-4-2 Destruction, Corruption and Modification of the File System or Kernel Although the SFTP

Network Security White Paper ver. G.1.2 Page 15 of 72 1-5 HTTP 1-5-1 Function Overview The HTTP (Hypertext Transfer Protocol) service provides web

Network Security White Paper ver. G.1.2 Page 16 of 72 1-5-6 Recommended Precautions The following are suggested precautions against threats to HTTP

Network Security White Paper ver. G.1.2 Page 17 of 72 1-6-3 Theft of Print Data Interception of network packets: Using HTTPS, all data sent over th

Network Security White Paper ver. G.1.2 Page 18 of 72 1-7-2 Potential Threats and Recommended Precautions Destruction, Corruption and Modification o

Network Security White Paper ver. G.1.2 Page 19 of 72 NOTE1: Please refer to the Appendix section entitle “SNMP settings” for details about SNMP set

Network Security White Paper ver. G.1.2 Page 2 of 72 NOTICE: This document may not be reproduced or distributed in whole or in part, for any purpose

Network Security White Paper ver. G.1.2 Page 20 of 72 1-8-3 Recommended precaution Scenario 1: Basic security settings - Change the usernames and

Network Security White Paper ver. G.1.2 Page 21 of 72 Theft of Print Data Using RSH/RCP, print/scan data is sent as clear text. If intercepted by a

Network Security White Paper ver. G.1.2 Page 22 of 72 1-10-3 Recommended Precaution As stated above, there are not many threats that apply to the LPD

Network Security White Paper ver. G.1.2 Page 23 of 72 1-11-3 Recommended Precaution In order to maintain a strict security policy, we recommend the

Network Security White Paper ver. G.1.2 Page 24 of 72 1-12-3 Recommended Precautions If a strict security policy is needed, the DIPRINT port can be

Network Security White Paper ver. G.1.2 Page 25 of 72 1-13-3 Visibility on the Network To protect the products from being browsed by unauthorized pa

Network Security White Paper ver. G.1.2 Page 26 of 72 1-15-2 Potential Threats and Recommended Precautions Theft of Username and Password The SIP pro

Network Security White Paper ver. G.1.2 Page 27 of 72 1-17 WS-Device 1-17-1 Function Overview WS-Device (‘Web Service’ Device) is a Windows Vista

Network Security White Paper ver. G.1.2 Page 28 of 72 1-18 IPDS 1-18-1 Function Overview Intelligent Printer Data Stream (IPDS) is a structured f

Network Security White Paper ver. G.1.2 Page 29 of 72 1-19 RHPP 1-19-1 Function Overview Though MFPs of all regions support RHPP, Ricoh has not r

Network Security White Paper ver. G.1.2 Page 3 of 72 Terms: The following terms are used in this document. Please familiarize yourself with them. Th

Network Security White Paper ver. G.1.2 Page 30 of 72 2. Other Network Services The previous section dealt mainly with physical port based network s

Network Security White Paper ver. G.1.2 Page 31 of 72 WPA employs four authentication modes: ‘WPA-PSK’, ‘WPA2-PSK’, ‘WPA (802.1X)’ and ‘WPA2 (802.1X

Network Security White Paper ver. G.1.2 Page 32 of 72 Scenario 2: Standard security settings: WEP We recommend making regular changes to the PSK.

Network Security White Paper ver. G.1.2 Page 33 of 72 Encryption: Clear Text (No encryption) DES 3DES AES-128 AES-192 AES-256 Authentication: HMAC-

Network Security White Paper ver. G.1.2 Page 34 of 72 Scenario 3 High: ESP+AH Very secure. Encryption of the payload and headers Data integrity Au

Network Security White Paper ver. G.1.2 Page 35 of 72 3. Appendix 3-1 Services Requiring Open TCP/UDP Ports Protocol Port Num. Login Username Ch

Network Security White Paper ver. G.1.2 Page 36 of 72 Protocol Port Num. Login Username Changeable Password Password Changeable Note H323gatestat

Network Security White Paper ver. G.1.2 Page 37 of 72 3-2 Related Protocols Protocol Protocol Suite Commonly Used Port Num. Description of the proto

Network Security White Paper ver. G.1.2 Page 38 of 72 Protocol Protocol Suite Commonly Used Port Num. Description of the protocol’s function in the P

Network Security White Paper ver. G.1.2 Page 39 of 72 3-2-2 Access Control – Web Image Monitor Web Image Monitor can be used for accessing the produ

Network Security White Paper ver. G.1.2 Page 4 of 72 Table of Contents: 1. Introduction ...

Network Security White Paper ver. G.1.2 Page 40 of 72 3-2-3 Login as Administrator

Network Security White Paper ver. G.1.2 Page 41 of 72 The four administrator types are identified as follows: : Machine Administrator : Network Admi

Network Security White Paper ver. G.1.2 Page 42 of 72 Input the range of IP addresses that you wish to permit communication. Click the ‘OK’ button to

Network Security White Paper ver. G.1.2 Page 43 of 72 3-2-4 Access Control – mshell The following example is shown using the Windows XP telnet clien

Network Security White Paper ver. G.1.2 Page 44 of 72 If changes have been made, the following question will appear when the user tries to logout. ‘D

Network Security White Paper ver. G.1.2 Page 45 of 72 FTP 21 Y Y Y Y Setting FTP to down closes FTP port (21/tcp). The FTP server service will

Network Security White Paper ver. G.1.2 Page 46 of 72 SNMP 161 Y Y Y Y Use Web Image Monitor’ to close this port. Setting SNMP to down closes

Network Security White Paper ver. G.1.2 Page 47 of 72 RFU 10021 - - Y Y If this port is closed, remote firmware update will still be availabl

Network Security White Paper ver. G.1.2 Page 48 of 72 3-3 Disabling Services – Web Image Monitor

Network Security White Paper ver. G.1.2 Page 49 of 72 3-3-1 Disabling Services – mshell Set <service> up/down After saving, the user will be

Network Security White Paper ver. G.1.2 Page 5 of 72 1-5-6 Recommended Precautions ...

Network Security White Paper ver. G.1.2 Page 50 of 72 3-3-2 HTTP/HTTPS settings Security > SSL/TLS 3-3-3 Permit SSL/TLS Communication • Ciph

Network Security White Paper ver. G.1.2 Page 51 of 72 HTTP/HTTPS settings Security > SSL/TLS In addition to the features described on the previou

Network Security White Paper ver. G.1.2 Page 52 of 72 • The ability to enable/disable specific versions of SSL/TLS: • Support for certificate signi

Network Security White Paper ver. G.1.2 Page 53 of 72 3-4 SNMP settings: 3-4-1 Web Image Monitor To access the SNMP (v1/v2) settings, click Network

Network Security White Paper ver. G.1.2 Page 54 of 72 3-5 Network > SNMP v3 • SNMP (This setting can be configured either from here or from th

Network Security White Paper ver. G.1.2 Page 55 of 72 There are 3 different types of accounts that can be used for SNMPv3 connections. Only the Us

Network Security White Paper ver. G.1.2 Page 56 of 72 3-6 Mshell You can configure SNMP settings using snmp commands from mshell. These commands can

Network Security White Paper ver. G.1.2 Page 57 of 72 3-7 Administrator Account Settings 3-7-1 Web Image Monitor Device Settings > Program/Chang

Network Security White Paper ver. G.1.2 Page 58 of 72 3-8 Network Security Level Settings 3-8-1 Configuration Network Security Levels are settings

Network Security White Paper ver. G.1.2 Page 59 of 72 3-8-2 Description of the Levels: Network Security Level Setting Level 0 Level 1 Level 2 IE

Network Security White Paper ver. G.1.2 Page 6 of 72 1-13-1 Function Overview ...

Network Security White Paper ver. G.1.2 Page 60 of 72 3-9 Wireless LAN settings WEP, WPA-PSK/WPA2-PSK, and WPA (802.1X)/WPA2 (802.1X) can be configu

Network Security White Paper ver. G.1.2 Page 61 of 72 3-9-2 [IEEE802.11b Settings] • Network Enable: IEEE802.11b is enabled Disable: IEEE802.11b

Network Security White Paper ver. G.1.2 Page 62 of 72 3-9-3 WEP WEP settings can only be configured if ‘WEP’ is selected in ‘IEEE802.11b Settings

Network Security White Paper ver. G.1.2 Page 63 of 72 3-9-4 WPA WPA settings can only be configured if ‘WPA’ is selected in ‘IEEE802.11b Settings’ -

Network Security White Paper ver. G.1.2 Page 64 of 72 WPA/WPA2 • User Name: This is the username used for EAP authentication on the Radius server.

Network Security White Paper ver. G.1.2 Page 65 of 72 3-9-5 mshell Configure Wireless LAN settings using ‘wiconfig’ commands from mshell. For a list

Network Security White Paper ver. G.1.2 Page 66 of 72 3-9-6 IPsec Settings IPsec settings can be configured via telnet, or Web Image Monitor. In ord

Network Security White Paper ver. G.1.2 Page 67 of 72 IPsec: • IPsec Active: Activate IPsec Inactive: Deactivate IPsec • Exclude HTTPS Communicati

Network Security White Paper ver. G.1.2 Page 68 of 72 Encryption Key Manual Settings: • Address Type Inactive: Do not use IPsec IPv4: Apply IPsec

Network Security White Paper ver. G.1.2 Page 69 of 72 • Security Protocol ESP: Uses ESP AH: Uses AH AH+ESP: Uses dual mode (AH + ESP) • Authenti

Network Security White Paper ver. G.1.2 Page 7 of 72 2-1-3 WEP...

Network Security White Paper ver. G.1.2 Page 70 of 72 Encryption Key Auto Exchange Settings: • Address Type Inactive: Do not use IPsec IPv4: Apply I

Network Security White Paper ver. G.1.2 Page 71 of 72 Phase 2: • Security Protocol ESP: Uses ESP AH: Uses AH AH+ESP: Uses dual mode (AH + ESP) •

Network Security White Paper ver. G.1.2 Page 72 of 72 4. Reference List • RFC: HTTP://www.faqs.org/rfcs/ • CVE: HTTP://cve.mitre.org/ • CERT: H

Network Security White Paper ver. G.1.2 Page 8 of 72 3-9-1 Web Image Monitor......

Network Security White Paper ver. G.1.2 Page 9 of 72 1. Introduction This document describes potential network threats and recommended precautions f