Security Options

This section describes the items that are available on [Security Options].

Items	Description
Extended Security	Specify whether to use the Extended Security functions. Specifying the Extended Security Functions
Service Mode Lock	Specify whether to prohibit entering service mode. Default: [Off] Restricting Operations of the Customer Engineer without the Supervision of the Machine Administrator
Firmware Version	You can view the firmware version of the machine
Network Security Level	Specify the network security level. Default: [Custom] Access Control
Auto Erase Memory Setting	Specify whether to automatically delete the memory. When [On] is selected, specify the overwriting method. To specify the number of memory overwrites, select [Random Numbers]. [Auto Erase Memory Setting] appears only when the optional hard disk is installed. Default: [Off] Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine
Erase All Memory	You can initialize all data stored in the machine's memory. When the optional hard disk is installed, the data stored on the hard disk is also erased by being overwritten. Specify the overwriting method. To specify the number of memory overwrites, select [Random Numbers]. Default: [Random Numbers]
Transfer Log Setting	Specify send log information to the log collection server. [Transfer Log Setting] appears only when the optional hard disk is installed. Default: [Do not Transfer]
Machine Data Encryption	You can encrypt the data stored in the machine’s NVRAM. When the optional hard disk is installed, the documents stored on the hard disk are also encrypted. Encrypting Data to Prevent Data Leaks Caused by a Stolen or Disposed Machine
Collect Logs	Specify whether to collect job logs, access logs, and eco-friendly logs. Default: [Inactive] Selecting Logs to Collect

Specifying the Extended Security Functions

This section describes the items that are available on [Extended Security] under [Security Options].

You can encrypt transmitted data and data in the Address Book. An administrator who can changes the settings depends on the item.

Items	Description
Driver Encryption Key (Permissions: Network Administrator)	Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is enabled. Register the encryption key specified using the machine in the driver. [Driver Encryption Key] appears when Basic authentication, Windows authentication, or LDAP authentication is used.
Encrypt Address Book (Permissions: User Administrator)	Specify whether to encrypt the data in the Address Book. Even if the machine's internal information is obtained illegally, encryption prevents the Address Book data from being read. When you [On] is selected, specify the Encryption Key. Default: [Off] Encrypting Data in the Address Book
Restrict User Info.Display (Permissions: Machine Administrator)	Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "*******". [Restrict User Info.Display] appears when Basic authentication, Windows authentication, or LDAP authentication is in used. Default: [Off*]
Enhance File Protection (Permissions: File Administrator)	Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords. When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required. Default: [Off]
Settings by SNMPv1 and v2 (Permissions: Network Administrator)	Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator. Default: [Do not Prohibit]
Drvr Encrp Key:Encrp Strng (Permissions: Network Administrator)	Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it. All jobs that are verified by [Simple Encryption] or user authentication are accepted. [DES] Jobs encrypted with DES or AES are accepted. [AES] Jobs encrypted with AES are accepted. When [AES] or [DES] is selected, specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help. Default: [Simple Encryption]
Authenticate Current Job (Permissions: Machine Administrator)	Specify whether authentication is required for operations such as canceling jobs. When [Login Privilege] is selected, authorized users who have the privilege to use the current function can operate the job. When [Access Privilege] is selected, users who execute the job and the machine administrator can operate the job. [Authenticate Current Job] appears when Basic authentication, Windows authentication, or LDAP authentication is used. Default: [Off]
Password Policy (Permissions: User Administrator)	Specify whether to limit the text and the number of characters for the password. Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below. Upper-case letters, lower-case letters, decimal numbers, and symbols such as # You can specify passwords that meet the conditions specified in complexity and minimum character number. [Password Policy] appears when Basic authentication is used. Default: [Do not Restrict]
@Remote Service (Permissions: Machine Administrator)	Specify how to use the @Remote Service. Default: [Do not Prohibit]
Update Firmware (Permissions: Machine Administrator)	Specify whether to prohibit firmware updates on the machine by a service representative or via the network. Default: [Do not Prohibit]
Change Firmware Structure (Permissions: Machine Administrator)	Specify whether to prevent changes in the machine's firmware structure without confirmation by the machine administrator. When [Prohibit] is selected and the machine detects the structure change, the machine starts after authenticated by the machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not. Default: [Do not Prohibit]
Password Entry Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected. Default Maximum Allowed Number of Access: [30] Measurement Time: [5] If you receive violation detection e-mails frequently, check the content and review the setting values.
Securty Setg for Accs Viol (Permissions: Machine Administrator)	Specify whether to prevent the incorrect lockout caused by the network environment. When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, enable this function, and control the lockout by period but not by counts. When [On] is selected, you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds). Default: [Off]
Device Access Violation (Permissions: Machine Administrator)	Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor. You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected. Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit). Default Maximum Allowed Number of Access: [100] Measurement Time: [10] Authentication Delay Time: [3] Simultaneous Access Host Limit: [200] If you receive violation detection e-mails frequently, check the content and review the setting values.

Items

Description

Driver Encryption Key

(Permissions: Network Administrator)

Specify a text string to decrypt login passwords or file passwords sent from each driver when user authentication is enabled.

[Driver Encryption Key] appears when Basic authentication, Windows authentication, or LDAP authentication is used.

Encrypt Address Book

(Permissions: User Administrator)

Specify whether to encrypt the data in the Address Book.

Even if the machine's internal information is obtained illegally, encryption prevents the Address Book data from being read.

When you [On] is selected, specify the Encryption Key.

Default: [Off]

Encrypting Data in the Address Book

Restrict User Info.Display

(Permissions: Machine Administrator)

Specify when user authentication is enabled. Specify whether to display all personal information hidden to confirm the job history using a network connection for which authentication is not provided. For example, the job history of Web Image Monitor is displayed as "********".

[Restrict User Info.Display] appears when Basic authentication, Windows authentication, or LDAP authentication is in used.

Default: [Off]

Enhance File Protection

(Permissions: File Administrator)

Specify whether to lock the files to be inaccessible if an invalid password is entered ten times. This can protect files from unauthorized access attempts to release the password using random passwords.

When files are locked, it is not possible to select them even if the correct password is entered. Unlocking by the file administrator is required.

Default: [Off]

Settings by SNMPv1 and v2

(Permissions: Network Administrator)

Specify whether to prohibit setting change on the machine by SNMPv1/v2 protocol. You can change the machine configuration without Administrator Privileges because authentication cannot be performed by SNMPv1/v2 protocol, but if you specify [Prohibit], you can prevent the change that is not intended by the administrator.

Default: [Do not Prohibit]

Drvr Encrp Key:Encrp Strng

(Permissions: Network Administrator)

Specify encryption strength for sending jobs from the driver to the machine. The machine confirms the encryption strength of the password appended to a job and processes it.

All jobs that are verified by [Simple Encryption] or user authentication are accepted.
[DES]
Jobs encrypted with DES or AES are accepted.
[AES]
Jobs encrypted with AES are accepted.

When [AES] or [DES] is selected, specify the encryption settings using the printer driver. For details about the settings of the printer driver, see the printer driver Help.

Default: [Simple Encryption]

Authenticate Current Job

(Permissions: Machine Administrator)

Specify whether authentication is required for operations such as canceling jobs.

When [Login Privilege] is selected, authorized users who have the privilege to use the current function can operate the job.

When [Access Privilege] is selected, users who execute the job and the machine administrator can operate the job.

[Authenticate Current Job] appears when Basic authentication, Windows authentication, or LDAP authentication is used.

Default: [Off]

Password Policy

(Permissions: User Administrator)

Specify whether to limit the text and the number of characters for the password.

Specify a password using a combination of 2 or more types of characters for [Level 1] and 3 or more types of characters for [Level 2] selected from the types described below.

Upper-case letters, lower-case letters, decimal numbers, and symbols such as #

You can specify passwords that meet the conditions specified in complexity and minimum character number.

[Password Policy] appears when Basic authentication is used.

Default: [Do not Restrict]

@Remote Service

(Permissions: Machine Administrator)

Specify how to use the @Remote Service.

Default: [Do not Prohibit]

Update Firmware

(Permissions: Machine Administrator)

Specify whether to prohibit firmware updates on the machine by a service representative or via the network.

Default: [Do not Prohibit]

Change Firmware Structure

(Permissions: Machine Administrator)

Specify whether to prevent changes in the machine's firmware structure without confirmation by the machine administrator.

When [Prohibit] is selected and the machine detects the structure change, the machine starts after authenticated by the machine administrator. As the new firmware version is displayed on the screen, the administrator can confirm whether the updated structure change is permissible or not.

Default: [Do not Prohibit]

Password Entry Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as a password attack. If the number of authentication requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail.

You can specify Maximum Allowed Number of Access up to 100 and Measurement Time up to 10 seconds. If the Maximum Allowed Number of Access is set to "0", password attacks are not detected.

Default
- Maximum Allowed Number of Access: [30]
- Measurement Time: [5]

If you receive violation detection e-mails frequently, check the content and review the setting values.

Securty Setg for Accs Viol

(Permissions: Machine Administrator)

Specify whether to prevent the incorrect lockout caused by the network environment.

When you log in to the machine via a network application, a user may be locked out by mistake because the number of authentication attempts by the user does not match the number of the attempts specified on the machine. For example, access may be denied when a print job for multiple sets of pages is sent from an application. In this case, enable this function, and control the lockout by period but not by counts.

When [On] is selected, you can specify the period to deny the continuous accesses by a user (0 to 60 minutes). You can also specify how many user accounts or passwords can be managed (50 to 200) and the monitoring interval (1 to 10 seconds).

Default: [Off]

Device Access Violation

(Permissions: Machine Administrator)

Specify the standards that the system recognizes the access as an access violation. If the number of login requests exceeds the number specified by the setting, the access is recorded in the Access Log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor.

You can specify Maximum Allowed Number of Access up to 500 and Measurement Time up to 10 to 30 seconds. If the Maximum Allowed Number of Access is set to "0", access violations are not detected.

Also, you can specify response delay time for login requests when an access violation is detected (Authentication Delay Time) or the number of acceptable authentication attempts (Simultaneous Access Host Limit).

Default
- Maximum Allowed Number of Access: [100]
- Measurement Time: [10]
- Authentication Delay Time: [3]
- Simultaneous Access Host Limit: [200]

If you receive violation detection e-mails frequently, check the content and review the setting values.