e-ManualTopSite mapHelp

Category Top

Preventing Unauthorized Access

Increasing Security

Restricting Access by Authentication

Administrator Settings

Specifying the System Manager Settings

Department ID Management

Specifying Department ID Management

Checking/Printing/Clearing Page Totals

Accepting Jobs with Unknown Department IDs

Accepting B&W Copy and Print Jobs without Entering a Department ID

User Setting Information Management (User Setting Information Management Service)

Logging In to the User Setting Information Management Service Page

Deleting the User Setting Information

Authentication Method Settings for Sending Operations

Specifying Personal Folders

Registering Personal Folders for Each User

Setting Up the Home Folder and Personal Folders

Registering Folders Designated by Login Service as Personal Folders

Specifying Authentication Method for LDAP Server

Specifying Authentication Method for Rights Management Server

Specifying Authentication Method for SMTP Server

Specifying Authentication Method for File Server

Simple Authentication Settings for Secure Print

Setting to Disable Integrated Authentication

Network Security

Key Pair and Server Certificate Settings for Encrypted SSL Communication

Generating a Key Pair and Server Certificate

Registering a Key Pair File and Server Certificate File Installed from a Computer

Editing Key Pairs and Server Certificates

Registering/Editing a CA Certificate File

Verifying Certificate Validity Using Certificate Revocation List

Using an Encryption Method That Complies with FIPS 140-2

MEAP Settings

Using the SSL

Printing Installed Application Information

Preventing Information Leakage

Digital Signatures

Setting/Confirming a Key Pair and Device Certificate

Confirming a Key Pair and User Certificate

Checking a Device Signature/User Signature Certificate

Setting a Rights Management Server

Copy Set Numbering Options

Accepting Only Encrypted Secure Printing

Restricting the Send Function

Setting the Address Book

Mail Box Settings

Specifying Settings for All Mail Boxes

Specifying the Mail Box Security Settings

Setting the Control Panel Display

Specifying Management Settings for the Hard Disk

Completely Erasing Unnecessary Data from the Hard Disk

Initializing All Data/Settings

TPM Settings

Device Management

Using the USB Port

Device Information Settings

Specifying Device Information Delivery Settings

Registering/Deleting/Printing Delivery Destinations

Setting Automatic Delivery

Setting Manual Delivery

Setting the Receiving Machine

Checking/Printing the Communication Log

Setting SSO-H Authentication for Device Information Delivery Settings

Limiting Functions

Remote UI

Clearing the Message Board

ACCESS MANAGEMENT SYSTEM

Retrieving Audit Logs

Saving a Log of Key Operations

Available Administrator Settings Table (Touch Panel Display)

IEEE 2600 Security Standard

Top » Security » Preventing Unauthorized Access
Preventing Unauthorized Access
0L3X-241
This section describes the security measures on how to prevent unauthorized access from the external network. This is a must-read for all users and administrators before using this machine, other printers, and multifunction machines connected to the network.
In recent years, a printer/multifunction machine connected to the network can offer you a variety of useful functions, such as printing from a computer, operating from a computer using the remote function, and sending scanned documents via the Internet. On the other hand, it is essential to take security measures to reduce the security risk for information leakage, as a printer/multifunction machine has become more exposed to threats, such as unauthorized access and theft, when it is connected to the network.
This section explains necessary settings you need to specify to prevent unauthorized access before using a printer/multifunction machine connected to the network.
Security Measures to Prevent Unauthorized Access from the External Network
1.
2.
3.
4.
Assigning a Private IP Address
An IP address is a numerical label assigned to each device participating in a computer network. A “global IP address” is used for the communication connecting to the Internet, and a “private IP address” is used for the communication within a local area network, such as a LAN in the company.
If a global IP address is assigned, your printer/multifunction machine is open to the public and can be accessed via the Internet. Thus, the risk of information leakage due to unauthorized access from external network increases. On the other hand, if a private IP address is assigned, your printer/multifunction machine is closed to external networks and can be accessed by only users on your local area network, such as a LAN in the company.
Global IP Address
Can be accessed from the external
network
Private IP Address
Can be accessed from the users within a local area
network
Basically, assign a private IP address to your printer/multifunction machine. Make sure to confirm the IP address, assigned to the printer/multifunction machine you are using, is a private IP address or not. A private IP address is found in one of the following ranges.
Ranges for Private IP addresses
From 10.0.0.0 to 10.255.255.255
From 172.16.0.0 to 172.31.255.255
From 192.168.0.0 to 192.168.255.255
For information on how to confirm the IP address, see "TCP/IPv4 Settings."
NOTE
If a global IP address is assigned to a printer/multifunction machine, you can create a network environment to reduce the risk of unauthorized access by installing security software, such as a firewall that prevents access from the external networks. If you want to assign a global IP address to and use a printer/multifunction machine, contact your network administrator.
Using Firewall to Restrict Transmission
A firewall is a system that prevents unauthorized access from the external networks and protects against attacks/intrusions to a local area network. You can use a firewall on your network environment to block access from the external network that appears to be dangerous, by restricting communication from specified IP address of the external network. The function installed to a Canon printer/multifunction machine enables you to set up the IP address filter.
For information on how to set up an IP address filter, follow the steps 15 to 16 in "TCP/IPv4 Settings," and steps 9 to 10 in "TCP/IPv6 Settings."
Specifying the SSL Encrypted Communication
For information on the SSL Encrypted Communication, see "Network Security," and on the procedures to specify, see "Specifying the SSL Encrypted Communication Settings."
Setting PIN to Manage Information Stored in the Multifunction Machine
If a malicious third party attempts to gain unauthorized access to a printer/multifunction machine, setting PIN to information stored in the machine will reduce the risk of information leakage. Canon printer/multifunction machine enables you to protect various type of information by setting PIN.
Setting PIN to Each Function
Setting PIN for Using Remote UI
For more information, see "Remote UI."
Setting PIN for the System Manager Settings
For more information, see "Specifying the System Manager Settings."
Setting PIN for the Access to the Address Book
For more information, see "Address Book PIN."
Setting PIN for the Access to the Mail Box
For more information, see "Mail Box Settings."
Listed above are some examples of security measures for preventing unauthorized access. For more information on the other security measures, see "Security," and take necessary security measures for preventing unauthorized access to suit your environment.