Specifying the Extended Security Functions
In addition to providing basic security through user authentication and each administrator's specified limits to access the machine, security can also be increased by encrypting transmitted data and data in the Address Book.
Press the [Menu] key.
Log in as an administrator with privileges.
For details on how to log in, see Administrator Login Method.
Press the [
] or [
] key to select [Security Options], and then press the [OK] key.
Press the [] or [] key to select [Extended Security], and then press the [OK] key.
Press the [] or [] key to select the setting you want to change, and then press the [OK] key.
Change the settings, and then press the [OK] key.
Log out.
For details about logging out, see Administrator Logout Method.
The following are the items that you can change in Step 5.
Driver Encryption Key
The network administrator can specify this.
[Driver Encryption Key] is displayed when Basic authentication, Windows authentication, or LDAP authentication is in use.
Specify a text string to decrypt login passwords or file passwords sent from the driver when user authentication is set to ON.
To specify a driver encryption key, register the encryption key specified using the machine in the driver.
For details, see Specifying a Driver Encryption Key.
Drvr Encrp Key:Encrp Strng
The network administrator can specify this.
Specify encryption strength for sending jobs from the driver to the machine.
The machine checks the encryption strength of the password appended to a job and processes it.
If [Simple Encryption] is specified, all jobs that are verified by user authentication are accepted.
If [DES] is specified, jobs encrypted with DES or AES are accepted.
If [AES] is specified, jobs encrypted with AES are accepted.
If you select [AES] or [DES], specify the encryption settings using the printer driver. For details about specifying the printer driver, see the printer driver Help.
Default: [Simple Encryption]
Restrict User Info.Display
The machine administrator can specify this if user authentication is specified.
[Restrict User Info.Display] is displayed when Basic authentication, Windows authentication, or LDAP authentication is in use.
When the job history is checked using a network connection for which authentication is not provided, all personal information can be displayed as "********". For example, when a user without administrator privileges checks the job history using SNMP in Web Image Monitor controlled from networked computers, personal information can be displayed as "********" so that users cannot be identified. (Web Image Monitor is a management tool installed on this machine to monitor this machine or configure settings for this machine by using a web browser.) Because information identifying registered users cannot be viewed, unauthorized users are prevented from obtaining information about the registered files.
Default: [Off]
Encrypt Address Book
The user administrator can specify this.
Encrypt the data in the machine's Address Book.
Even if the machine's internal information is obtained illegally, the Address Book data from being read.
For details, see Encrypting Data in the Address Book.
Default: [Off]
Enhance File Protection
The file administrator can specify this.
By specifying a password, the file administrator can limit operations such as printing and deleting files. Also, the file administrator can prevent unauthorized users from accessing the files. However, it is still possible to prevent passwords from being cracked.
By specifying "Enhance File Protection", files are locked and inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts using random passwords.
The locked files can only be unlocked by the file administrator.
When files are locked, it is not possible to select them even if the correct password is entered.
Default: [Off]
Authenticate Current Job
The machine administrator can specify this.
[Authenticate Current Job] is displayed when Basic authentication, Windows authentication, or LDAP authentication is in use.
This setting allows you to specify whether or not authentication is required for operations such as canceling jobs.
If you select [Login Privilege], authorized users and the machine administrator can operate the machine. When this is selected, authentication is not required for users who logged in to the machine before [Login Privilege] was selected.
If [Access Privilege] is specified, any user who performed a print job can cancel the job. Also, the machine administrator can cancel the user's print job.
Even if you select [Login Privilege] and log on to the machine, you cannot cancel a print job that is being processed if you are not privileged to use the machine.
You can specify "Authenticate Current Job" only if "User Authentication Management" was specified.
Default: [Off]
@Remote Service
The machine administrator can specify this.
Communication via HTTPS for RICOH @Remote Service is disabled if you select [Prohibit].
When setting it to [Prohibit], consult with your service representative.
Default: [Do not Prohibit]
Update Firmware
The machine administrator can specify this.
This setting is to specify whether or not to allow firmware updates on the machine. A service representative updates the firmware, or firmware updates are performed via the network.
If you select [Prohibit], the machine's firmware cannot be updated.
If you select [Do not Prohibit], there are no restrictions on firmware updates.
Default: [Do not Prohibit]
Change Firmware Structure
The machine administrator can specify this.
This setting is to specify whether or not to prevent changes in the machine's firmware structure. The Change Firmware Structure function detects the machine's status when the SD card is inserted, removed or replaced.
If you select [Prohibit], the machine stops during startup if a firmware structure change is detected and a message requesting administrator login is displayed. After the machine administrator logs in, the machine finishes startup with the updated firmware.
The administrator can check if the updated structure change is permissible or not by checking the firmware version displayed on the control panel screen. If the firmware structure change is not permissible, contact your service representative before logging in.
When "Change Firmware Structure" is set to [Prohibit], administrator authentication must be enabled.
After [Prohibit] is specified, disable administrator authentication. When administrator authentication is enabled again, you can return the setting to [Do not Prohibit].
If you select [Do not Prohibit], firmware structure change detection is disabled.
Default: [Do not Prohibit]
Password Policy
The user administrator can specify this.
[Password Policy] is displayed when Basic authentication is in use.
This setting allows you to specify [Complexity Setting] and [Minimum Character No.] for the password. By making this setting, you can only use passwords that meet the conditions specified in "Complexity Setting" and "Minimum Character No.".
If you select [Level 1], specify a password using a combination of 2 types of characters selected from upper-case letters, lower-case letters, decimal numbers, and symbols such as #.
If you select [Level 2], specify a password using a combination of 3 types of characters selected from upper-case letters, lower-case letters, decimal numbers, and symbols such as #.
Default: [Do not Restrict]. There are no restrictions on the number of characters, and the types of characters are not specified.
Settings by SNMPv1 and V2
The network administrator can specify this.
If SNMPv1 or SNMPv2 protocols are used to access the machine, authentication cannot be performed, so that paper settings or other settings that the machine administrator specifies can be changed. If you select [Prohibit], the setting can be viewed but not specified with SNMPv1, v2.
Default: [Do not Prohibit]
Securty Setg for Accs Viol
The machine administrator can specify this.
When logging in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine.
For example, access may be denied when a print job for multiple sets of pages is sent from an application.
If you select [On] under "Security Setting for Access Violation", you can prevent such authentication errors.
On
Accss Violtn Denial Duratn
Specify how many user accesses are allowed.
Specify the value between "0" and "60".
Default: [15]
Managed User Host Limit
Specify how many user accounts can be managed under "Security Setting for Access Violation".
Specify the value between "50" and "200".
Default: [200]
Password Entry Host Limit
Specify how many passwords can be managed under "Security Setting for Access Violation".
Specify the value between "50" and "200".
Default: [200]
Status Monitor Interval
Specify the monitoring interval of "Managed User Host Limit" and "Password Entry Host Limit".
Specify the value between "1" and "10".
Default: [3]
Off
Default: [Off]
Password Entry Violation
The machine administrator can specify this.
If the number of authentication requests exceeds the number specified by the setting, the system recognizes the access as a password attack. The access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail.
If the "Max. Allowed No. of Access" is set to [0], password attacks are not detected.
Max. Allowed No. of Access
Specify the maximum number of allowable authentication attempts.
Specify the value between "0" and "100".
Default: [30]
Measurement Time
Specify the interval between repeated authentication attempts that result in authentication failures. When the measurement time elapses, the records of authentication attempts are cleared.
Specify the value between "0" and "10".
Default: [5]
Depending on the values specified for the settings for [Max. Allowed No. of Access] and [Measurement Time], you may receive violation detection e-mails frequently.
If you receive violation detection e-mail s frequently, check the content and review the setting values.
Device Access Violation
The machine administrator can specify this.
If the number of login requests exceeds the number specified by the setting, the system recognizes the access as an access violation. The access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor controlled from networked computers. (Web Image Monitor is a management tool installed on this machine to monitor this machine or configure settings for this machine by using a web browser.)
If the "Max. Allowed No. of Access" is set to [0], access violations are not detected.
In "Authentication Delay Time", you can specify response delay time for login requests to prevent the system from becoming unresponsive when an access violation is detected.
In "Simultns. Access Host Limit", you can specify the maximum number of hosts that access the machine at one time. If the number of simultaneous accesses exceeds the number specified by the setting, monitoring becomes unavailable and the machine's monitoring status is recorded in the Log.
Max. Allowed No. of Access
Specify the maximum number of allowable access attempts.
Specify the value between "0" and "500".
Default: [100]
Measurement Time
Specify the interval between excessive accesses. When the measurement time elapses, the records of excessive accesses are cleared.
Specify the value between "10" and "30".
Default: [10]
Authentication Delay Time
Specify authentication delay time when an access violation is detected.
Specify the value between "0" and "9".
Default: [3]
Simultns Access Host Limit
Specify the number of acceptable authentication attempts when authentications are delayed due to an access violation.
Specify the value between "50" and "200".
Default: [200]
Depending on the values specified for the settings for [Max. Allowed No. of Access] and [Measurement Time], you may receive violation detection e-mails frequently.
If you receive violation detection e-mails frequently, check the content and review the setting values.