HomeSearch by PurposeImproving the Security of this Machine (For Administrators)

Search by Purpose

Improving the Security of this Machine (For Administrators)

To configure the IPsec operating environment ([IPsec Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [IPsec Settings]

Configure settings to enable use of IPsec on this machine.

The IPsec technology prevents the falsification or leakage of data on the IP packet basis by using encryption technology. As IPsec encrypts data in the network layer, secure communication is ensured even if you use protocols in an upper layer or applications that do not support encryption.

Settings

Description

[IPsec Settings]

Specify parameters required for IPsec communication.

You can configure IKE (Internet Key Exchange), SA (Security Association), IPsec peer, or IPsec protocol settings.

[IKE Settings]

Configure settings required to create a common key for IPsec.

For details, refer to Here.

[IPsec SA Settings]

Configure SA (Security Association) required for encrypted communication.

For details, refer to Here.

[Peer]

Register the peer of this machine to use IPsec.

For details, refer to Here.

[Protocol Setting]

Specify a protocol used for IPsec communication.

For details, refer to Here.

[Enable IPsec]

Configure settings to enable use of IPsec on this machine. Also, specify the policy for IPsec communication. For details, refer to Here.

[Communication Check]

Select this option to confirm IPsec communication error logs.

For details, refer to Here.

To specify an IPv4 address that denies access to this machine ([IPv4 Filtering (Deny Access)])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [IP Address Filtering]
              • [IPv4 Filtering (Deny Access)]

Specify an IPv4 address of a computer to which you want to deny access to this machine.

Settings

Description

[Enable]/[Disable]

Select whether to specify an IPv4 address that denies access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IPv4 addresses that deny access using the following format.

  • Entry example: "192.168.1.1 - 192.168.1.10"

  • To allow access from a single IPv4 address, you can only enter the address in one side of the range.

To specify an IPv4 address that permits access to this machine ([IPv4 Filtering (Permit Access)])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [IP Address Filtering]
              • [IPv4 Filtering (Permit Access)]

Specify an IPv4 address of a computer to which you want to allow access to this machine.

Settings

Description

[Enable]/[Disable]

Select whether to specify an IPv4 address that allows access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the range of IPv4 addresses that allow access using the following format.

  • Entry example: "192.168.1.1 - 192.168.1.10"

  • To allow access from a single IPv4 address, you can only enter the address in one side of the range.

To specify an IPv6 address that denies access to this machine ([IPv6 Filtering (Deny Access)])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [IP Address Filtering]
              • [IPv6 Filtering (Deny Access)]

Specify an IPv6 address of a computer to which you want to deny access to this machine.

Settings

Description

[Enable]/[Disable]

Select whether to specify an IPv6 address that denies access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the IPv6 address and prefix length to specify the range of IPv6 addresses that deny access.

To specify an IPv6 address that permits access to this machine ([IPv6 Filtering (Permit Access)])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [IP Address Filtering]
              • [IPv6 Filtering (Permit Access)]

Specify an IPv6 address of a computer to which you want to allow access to this machine.

Settings

Description

[Enable]/[Disable]

Select whether to specify an IPv6 address that allows access to this machine.

[Disable] is specified by default.

[Set 1] to [Set 5]

Enter the IPv6 address and prefix length to specify the range of IPv6 addresses that allow access.

To automatically specify the range of IP addresses that are available to access this machine ([Quick IP Filtering])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [Quick IP Filtering]

Allows you to restrict the devices that can access this machine using the IP address (IPv4/IPv6). The range of IP addresses for which access is to be restricted is specified automatically.

[No Filtering] is specified by default.

Settings

Description

[Synchronize IP Address]

For the IPv4 address, this option only permits access for the IPv4 address set to this machine, and the IPv4 addresses of which the high-order 3 bytes are the same.

Example: When the IPv4 address of this machine is set to "192.168.0.134", the range of IPv4 addresses that allow access is as follows.
192.168.0.0 to 192.168.0.255

For the IPv6 address, this option only permits access for the global unicast address (2000::/3). Also, this option only permits access for the IPv6 address set to this machine, and the IPv6 addresses of which the high-order 64 bits are the same.

Example: When the IPv6 address of this machine is set to "2345:1:2:3:4:5:6:7", the range of IPv6 addresses that allow access is as follows.
2345:1:2:3::0 to 2345:1:2:3:FFFF:FFFF:FFFF:FFFF

[Synchronize Subnet Mask]

For the IPv4 address, this option only permits access for IPv4 addresses that belong to the same network using the IPv4 address set to this machine and subnet mask.

If no subnet mask is set or "0.0.0.0" is specified, this option permits the IPv4 address set to this machine, and the IPv4 addresses each of which only the suffix is different. This results in the same operation as for [Synchronize IP Address].

Example: When the IPv4 address of this machine is set to "192.168.17.134" and the subnet mask is set to "255.255.252.0", the range of IPv4 addresses that allow access is as follows.
192.168.16.*** to 192.168.19.***

For the IPv6 address, this option only permits access for the global unicast address (2000::/3). Also, filtering is carried out using the global IPv6 address set to this machine and prefix.

If the prefix is not specified, filtering is carried out in the same way as when the 64-bit prefix is specified.

Example: When the IPv6 address of this machine is set to "2345:1:2:3:4:5:6:7" and Prefix is set to "/64", the range of IPv6 addresses that allow access is as follows.
2345:1:2:3::0 to 2345:1:2:3:FFFF:FFFF:FFFF:FFFF

[No Filtering]

Does not use the filtering function.

  • If the quick IP filtering function is used, the range of IP addresses for which access is to be restricted is specified automatically. To manually specify the range of IP addresses for which access is to be restricted, set [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [Filtering Settings] - [IP Address Filtering] or [Packet Filtering] instead of using [Quick IP Filtering].

  • When Quick IP Filtering is enabled, you may fail to access Web Connection. If you cannot access Web Connection, set Quick IP Filtering to [No Filtering].

To restrict reception of packets sent to the machine depending on the source address ([Packet Filtering])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [TCP/IP Settings]
          • [Filtering Settings]
            • [Packet Filtering]

Restricts a reception of packets sent to the machine depending on the source address. This function also restricts sending depending on the destination address.

To register a filter, use Web Connection. For details on how to register a filter, refer to Here.

Settings

Description

[Check Setting]

Displays a list of registered filters.

  • [Details]: Displays the setting of the selected filter.

  • [Delete]: Deletes the selected filter.

[Import]

Collectively imports multiple filters from a USB flash drive. This option is available to edit filters exported from the machine on the computer before importing them.

[Export]

Exports all the registered filters to a USB flash drive.

[Log settings]

Records a history of packets with receiving or sending denied by the packet filtering function.

  • [Enable]/[Disable]: Select whether to record packet filtering logs. [Disable] is specified by default.

  • [Save to External Memory]: Writes packet filtering logs to a USB flash drive. [Number of Lines]: Specify the number of logs to be written (default: [1000]). Tapping [Start] starts writing.

To configure the operating environment for IEEE802.1x authentication ([IEEE802.1x Authentication Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [IEEE802.1x Authentication Settings]

Select whether to use IEEE802.1x authentication. To use IEEE802.1x authentication, check the authentication status and configure the certification verification items.

Using IEEE802.1x authentication enables you to only connect devices authorized by administrators to the LAN environment. Devices that are not authenticated will not be allowed to even join the network, and this ensures rigid security.

Settings

Description

[ON]/[OFF]

Select whether to use IEEE802.1x authentication.

[OFF] is specified by default.

[Auth. Status]

Displays the status of IEEE802.1x authentication on this machine.

[Reset Job Settings]

Reset the current setting.

[Certificate Verification Level Settings]

To verify the certificate, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.

  • [CN]: Confirm whether CN (Common Name) of the certificate matches the server address. [Do Not Confirm] is specified by default.

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.

To restrict the domain of the recipient to transmit an E-mail, Internet fax, or IP address fax ([Send Domain Limit Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Network Settings]
        • [Send Domain Limit Settings]

Restrict the domain of the recipient to transmit an E-mail, Internet fax, or IP address fax.

Settings

Description

[Limit]/[Do Not Limit]

Select whether to limit the recipient domain.

[Do Not Limit] is specified by default.

[Send Permission Setting]

Specify the domain to be permitted for the recipient.

Select a recipient domain key, then enter the IP address or domain name of the domain (using up to 255 bytes).

  • Symbol "?" is recognized as any one character.

  • Symbol "*" is recognized as any characters of 0 or more.

[Send Deny Setting]

Specify the domain to be denied for the recipient.

Select a recipient domain key, then enter the IP address or domain name of the domain (using up to 255 bytes).

  • Symbol "?" is recognized as any one character.

  • Symbol "*" is recognized as any characters of 0 or more.

[Limitation check of Shared address]

Check whether destinations with transmission disabled are included in the destinations registered on this machine.

  • If [Send Permission Setting] is selected, the setting of [Send Deny Setting] is deleted.

  • If [Send Deny Setting] is selected, the setting of [Send Permission Setting] is deleted.

To collectively configure settings to enhance the security of this machine ([Quick Security Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Quick Security Setting]

Summarizes settings to enhance the security of this machine. We recommend that you change settings in order to use this machine more securely.

Settings

Description

[Administrator Password]

Change the administrator password of this machine.

For details, refer to Here.

[USB Enable Settings]

Specify whether to permit a function that requires the USB Port.

For details, refer to Here.

[Password Rules]

Configure whether to enable the password rules. Once you enable it, the number of characters and text types that are available for passwords is restricted. If necessary, change the minimum number of password characters.

For details, refer to Here.

[Quick IP Filtering]

Allows you to restrict the devices that can access this machine using the IP address (IPv4/IPv6). The range of IP addresses for which access is to be restricted is specified automatically.

For details, refer to Here.

[Web Setting]

Select whether to use Web Connection.

For details, refer to Here.

[Security Warning Display Setting]

Select whether to display the security warning screen if the administrator password remains set to the default or if password rules are not satisfied.

For details, refer to Here.

To change the administrator password of this machine ([Administrator Password])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Administrator Password]

If necessary, change the administrator password of this machine. Be sure to remember the changed password so that you do not forget it.

Enter the current administrator password before setting a new administrator password.

Settings

Description

[Password]

Enter a new administrator password (using up to 64 characters).

[Password Confirmation]

Retype the new administrator password for confirmation.

  • If you enter an incorrect administrator password a configured number of times, you are prohibited from using this machine. In this case, contact your service representative.

To specify whether to permit a change of the administrator password for each function ([Administrator Password Change Permission Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Administrator Password Change Permission Setting]

Specify whether to allow a change of the administrator password for each function.

Settings

Description

[IWS Application]

Specify whether to allow the administrator password to be changed via the IWS application.

[Allow] is specified by default.

To change the level at which a user can change settings in the setting items configured by the administrator ([Administrator Security Levels])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Administrator Security Levels]

From those items that are set up by the administrator, select levels at which users are authorized to change settings. [Prohibit] is specified by default.

Configure the settings you have opened up to users in [User Settings].

Settings

Description

[Level 1]

Open up the following settings to the users.

  • [Low Power Mode Settings]

  • [Sleep Mode Settings]

  • [Auto Zoom (Platen)]

  • [Auto Zoom (ADF)]

  • [Specify Default Tray when APS Off]

[Level 2]

Open up the following settings to the users.

  • Settings that are opened up to users in [Level 1]

  • [Print/Fax Output Settings]

  • [AE Level Adjustment]

  • [Blank Page Print Settings]

  • [Page Number Print Position]

  • [Change E-Mail Address]

  • [Print Jobs During Copy Operation]

[Prohibit]

The settings are not opened up to users.

To collectively specify whether to permit a function that requires the USB Port ([USB Connection Permission setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [USB Connection Permission setting]

Specify whether to permit a function that requires the USB Port.

Settings

Description

[USB Connection Permission setting]

Select whether to collectively restrict functions using the USB Port, or configure a setting for each function.

If [Detail Setting] is selected, specify whether to permit the use for each function. For details, refer to the settings of [Detail Setting] shown below.

[Detail Setting] is specified by default.

Settings of [Detail Setting]

Settings

Description

[Authentication Device]

Select whether to permit a connection with the authentication unit.

[Allow] is specified by default.

[External Keyboard]

Select whether to permit a connection with an external keyboard.

[Allow] is specified by default.

[External Memory (User)]

Specify whether to allow the use of USB memory for functions to be used by the user.

Select whether to collectively restrict the following functions or configure a setting for each function. [Individual Settings] is specified by default.

  • [Save Document]: Select whether to enable to save files on USB memory. [Restrict] is specified by default.

  • [Print Document]: Select whether to enable to print files from USB memory. [Allow] is specified by default.

  • [External Memory Document Scan]: Select whether to enable to save files scanned from USB memory into a User Box. [Restrict] is specified by default.

[External Memory (Administrator)]

Specify whether to allow the use of USB memory for functions to be used by the administrator.

Select whether to collectively restrict the following functions or configure a setting for each function. [Individual Settings] is specified by default.

  • [Write the Config. from USB]: Select whether to permit a change on the settings of this machine by loading the configuration file saved in USB memory. [Allow] is specified by default.

[External Memory (Service)]

Used to specify whether to allow use of a USB memory by the service representative.

Select whether to collectively restrict the following functions or configure a setting for each function. [Individual Settings] is specified by default.

  • [Storage data backup]: Select whether to permit the backup or restoration of the storage on this machine. [Restrict] is specified by default.

  • [FW Update]: Select whether to allow firmware updating using USB memory. This option is available when [Administrator Settings] - [Security Settings] - [FW Update (USB) Perm. Sett.] is set to [USB Conn. Permission Setting Preference]. [Allow] is specified by default.

[PC Connection]

Specify whether to enable to print files from a USB-connected computer.

Select whether to collectively restrict the following functions or configure a setting for each function. [Individual Settings] is specified by default.

  • [Print PC]: Select whether to enable to print files from a USB-connected computer. [Allow] is specified by default.

  • If [Restrict] is selected in [External Memory (Administrator)], [TPM Key Backup] is restricted in addition to the functions that can be set in [Individual Settings]. Also, USB memory is not available for the following functions.
    [TX Operation Log Output], [Main Menu Display Settings], [License Settings], [Authorization function Setting], import, export, or log save of [Packet Filtering] on the machine, import or export of Web Connection on the machine’s Web browser

  • If [Restrict] is selected in [External Memory (Service)], some functions are restricted in addition to the functions that can be set in [Individual Settings].

To restrict the minimum number of characters used for a password or the available text types ([Password Rules])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Password Rules]

Configure whether to enable the password rules. Once you enable it, the number of characters and text types that are available for passwords is restricted. If necessary, change the minimum number of password characters.

Settings

Description

[Enable]/[Disable]

Select whether to enable Password Rules. Before enabling Password Rules, change the current password to the one that complies with the password rules.

[Disable] is specified by default.

Once Password Rules is enabled, the following rules are applied to any password that is configured on this machine.

  • The minimum number of characters set in [Set Minimum Password Length] (default: 12)

  • Passwords are case sensitive.

  • A password consisting of a string of identical characters cannot be used.

  • The previous password cannot be used.

The password rules are applied to:

  • Administrator Password

  • User Password

  • Account Password

  • User Box Password

  • User Box Administrator Password

  • Secure Print Document Password

  • WebDAV Server Password

  • SNMP Password

  • Remote panel server password

  • Encryption Passphrase

[Set Minimum Password Length]

If you enable Password Rules, change the minimum number of characters for a password, as required.

To specify the severity of penalties applied when an incorrect password is entered during the authentication process ([Prohibited Functions When Authentication Error])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Prohibited Functions When Authentication Error]

Define the severity of penalties applied if an incorrect password is entered during the authentication process.

Settings

Description

[Prohibit Functions When Auth. Error]

Select the severity of penalties applied if an incorrect password is entered during the authentication process.

  • [Mode 1]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds.

  • [Mode 2]: If authentication fails, the authentication operation (entry of password) is prohibited for five seconds. The number of times, authentication fails is also counted and if the failure count reaches a predetermined value, the authentication operation is prohibited and the machine is set into an access lock state.

[Mode 1] is specified by default.

[Release]

Select an item to be released from Access Lock during authentication failure.

[Release Time Settings]

If necessary, change the time that elapses before an access lock state in the Administrator Setting mode is canceled.

If a predetermined time has elapsed after the machine was restarted, an access lock state is canceled.

[5] minutes is specified by default.

To check how to access files in the Secure Document User Box ([Confidential Document Access Method])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Confidential Document Access Method]

Specify how to enter a document ID and a password when accessing a file in the Secure Print User Box. This function is forced determined in conjunction with [Prohibited Functions When Authentication Error]. [Mode 1] is specified by default.

Settings

Description

[Mode 1]

Displays all files when the document ID and password specified in the printer driver are entered. Select a desired file and print it.

[Mode 2]

Displays all files when the document ID specified in the printer driver are entered. To print, select your desired file, then enter the appropriate password for each file.

To prohibit a user from directly entering a destination ([Manual Destination Input])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Manual Destination Input]

Select whether to allow the user to directly enter destinations. [Allow All] is specified by default.

Settings

Description

[Allow All]

Allows the direct input of destinations.

[Individual Allowance]

Select whether to allow direct input for each function.

[Restrict]

Prohibits the direct input of destinations. Hides [Direct Input] in the main screen in fax/scan mode.

To prohibit fax transmission or network fax transmission ([Restrict Fax TX])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Restrict Fax TX]

Select whether to restrict fax transmissions.

If [ON] (Restrict) is selected, the fax functions no longer appear in the fax/scan mode. However, fax receiving is possible even in this case.

[OFF] (Allow) is specified by default.

To display the registered information for the selected destination every time the destination is selected from the destinations registered on this machine ([Address Selection Confirmation Display])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Address Selection Confirmation Display]

Select whether to display the registered information of the selected destination each time a destination registered on this machine is selected as a recipient. Using this function helps prevent incorrect transmissions.

This option is available when [OFF] is set to [Administrator Settings] - [System Settings] - [Restrict User Access] - [Restrict Operation] - [Restrict Broadcasting].

[OFF] is specified by default.

To hide personal information such as addresses or file names on the [Job List] screen ([Personal Data Security Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Personal Data Security Settings]

Specify whether to hide personal information, such as destination and file name, in [Active] and [Log] on the [Job List] screen.

Settings

Description

[Job History]

Specify whether to hide personal information, such as destination and file name, in [Job History] in the [Job List] screen.

The default is [No] (without user authentication/account track) or [Yes] (with user authentication/account track).

[Display Settings]

When you have selected [Yes], select items you want to hide.

  • [Mode 1]: Destination, file name, and user box name

  • [Mode 2]: Destination, file name, and user box name, and user name

[Public User]/[User Authentication]/[Department]

Select how to display items you specified in [Display Settings] per Public User, User Authentication, and Authentication Track.

  • [Mode 1]: Hide all display items.

  • [Mode 2]: Hide only display items other than for login user/login account.

  • [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.

  • [Mode 4]: Show all display items.

[Current Job]

Specify whether to hide personal information, such as destination and file name, in [Active] in the [Job List] screen.

The default is [No] (without user authentication/account track) or [Yes] (with user authentication/account track).

[Display Settings]

When you have selected [Yes], select items you want to hide.

  • [Mode 1]: Destination, file name, and user box name

  • [Mode 2]: Destination, file name, and user box name, and user name

[Public User]/[User Authentication]/[Department]

Select how to display items you specified in [Display Settings] per Public User, User Authentication, and Authentication Track.

  • [Mode 1]: Hide all display items.

  • [Mode 2]: Hide only display items other than for login user/login account.

  • [Mode 3]: Hide only display items other than for a public user, login user/public user, and login account.

  • [Mode 4]: Show all display items.

  • When logged in as an administrator or user box administrator, all personal information is displayed regardless of the settings.

To hide personal information such as addresses or file names on MIB information ([Hide Personal Information (MIB)])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Hide Personal Information (MIB)]

Specify whether or not to display the file name, destination, and User Box name and number of the MIB information.

[ON] (hide) is specified by default.

To hide the activity log for Scan, Fax TX and RX ([Display Activity Log])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Display Activity Log]

Select whether to show the activity log on Scan, Fax TX and RX.

If [OFF] is selected, [Comm. List] does not appear on the [Job List] screen.

[ON] (display) is specified by default.

To initialize job history, network settings, copy program, and destination information ([Initialize])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Initialize]

Initializes the settings in [Job History], [Copy Program], [Network Settings], [Address Registration], and [Enhanced Server Information].

Select items you want to initialize, then tap [OK].

To prohibit access to the Web page contents saved on the hard disk of this machine ([Web browser contents access])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Web browser contents access]

Select whether to allow an access to the Web page contents saved on the hard disk of this machine.

For details, contact your service representative.

[Allow] is specified by default.

To specify whether to allow the user to perform user data setting operations on the Web browser ([Web browser setting change])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Web browser setting change]

Specify whether to allow the user to perform user data setting operations on the Web browser.

Selecting [Administrator + User] allows you to configure the following Web browser settings using the registered user's privileges.

  • Home page

  • Start Up Page

  • Web data (Cookie, Web Storage, or Indexed Database)

  • Authentication information

[Administrator Only] is specified by default.

  • This function is available when the Web browser function is enabled.

  • For details on user data setting operations on the Web browser, refer to Here.

To restrict loading a configuration file from USB memory and changing machine settings ([Write the Configuration from USB])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Write the Configuration from USB]

Select whether to permit a change on the settings of this machine by loading the configuration file saved in USB memory.

[Allow] is specified by default.

To restrict our service representative from backing up or restoring the hard disk on this machine ([Storage data backup])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Security Details]
          • [Storage data backup]

Select whether to permit our service representative to back up or restore the storage on this machine.

[Restrict] is specified by default.

To enable the enhanced security mode and enhance the security of data management ([Enhanced Security Mode])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Enhanced Security Mode]

Select whether to enable the Enhanced Security Mode.

If you enable the Enhanced Security Mode, the various security functions are forcibly configured. This allows you to ensure higher-level security of data management. For details, contact your service representative.

To enable the enhanced security mode, the following settings must have been configured.

Prerequisite settings

Check Job

[User Authentication/Account Track] - [General Settings] - [User Authentication]

Set to [Authenticate].

(When external server authentication is used, only Active Directory is available as the server type.)

[Security Settings] - [Administrator Password]

Set a password complying with password rules.

[Security Settings] - [Storage Management Settings] - [HDD Encryption Setting]

Enable the HDD Encryption.

In Web Connection, register the certificate.

For details, refer to Here.

Service settings

Service settings must be configured by your service representative.

For details, contact your service representative.

If you enable the Enhanced Security Mode, the following settings are forcibly changed.

Setting items in Administrator Settings

Settings to forcibly changed

[System Settings] - [Restrict User Access] - [Restrict Access to Job Settings] - [Registering and Changing Addresses]*

Set to [Restrict].

[User Authentication/Account Track] - [General Settings] - [Public User Access]*

Set to [Restrict].

[User Authentication/Account Track] - [User Authentication Settings] - [Administrative Settings] - [User Name List]*

Set to [OFF].

[User Authentication/Account Track] - [Print without Authentication]*

Set to [Restrict].

[User Authentication/Account Track] - [User/Account Common Setting] - [Counter Remote Control]

Set to [Restrict].

[User Authentication/Account Track] - [URL Home Settings]

Set to [Disable].

[User Authentication/Account Track] - [Simple Auth. setting] - [Authentication Setting]*

Set to [Restrict].

[Network Settings] - [FTP Settings] - [FTP Server Settings]*

Set to [OFF].

[Network Settings] - [E-Mail Settings] - [E-Mail TX (SMTP)] - [Server Capacity Reduction Send Method]

When [Stop URL when max. limit is exceeded] or [Always Send via URL] is selected, this option is set to [OFF].

[Network Settings] - [E-Mail Settings] - [S/MIME Communication Settings]*

  • [Automatically Obtain Certificates] is set to [No].

  • [3DES] is set if [E-Mail Text Encryption Method] has been set to one of [RC2-40], [RC2-64], [RC2-128], and [DES].

[Network Settings] - [SNMP Settings] - [SNMP v1/v2c Settings] - [Write Setting]*

Set to [Invalid].

[Network Settings] - [SNMP Settings] - [SNMP v3 Settings]*

[Security Level] for read and write allowed users is set to [auth-password/priv-password].

The Security Level can be changed to [auth-password].

[Network Settings] - [TCP Socket Settings] - [TCP Socket] - [Use SSL/TLS]

Set to [ON].

[Network Settings] - [WebDAV Settings] - [WebDAV Server Settings] - [SSL Setting]

Set to [SSL Only].

[Network Settings] - [Web Browser Setting]*

Set to [OFF].

[Network Settings]-[Remote Panel Settings]*

  • [Client Settings]: Set to [OFF].

  • [Server Setting]: Set to [OFF].

[Network Settings] - [Machine Update Settings] - [Machine Auto Update setting]*

This function is not available.

[Network Settings] - [IWS Settings]*

Set to [OFF].

[Fax Settings] - [Report Settings] - [Tx Result Report Print Setting] - [Report File Attachment]*

Set to [Without Attachment].

[System Connection] - [OpenAPI Settings] - [SSL/Port Settings] - [SSL Setting]

Set to [SSL Only].

[System Connection] - [Mobile Connection Settings] - [Simple Connection Setting]*

  • [QR Code Display Setting]: Set to [OFF].

  • [Enable NFC]: Set to [OFF].

  • [Enable Bluetooth LE]: Set to [OFF].

[Security Settings] - [Administrator Password Change Permission Setting]

Set to [Restrict].

[Security Settings] - [User Box Administrator Setting]*

Set to [Restrict].

[Security Settings] - [USB Connection Permission setting]

Set to [Restrict].

[Security Settings] - [Security Details] - [Password Rules]*

Set to [Enable].

If [Enable] cannot be selected for the Password Rules, you cannot enable the Enhanced Security Mode.

[Security Settings] - [Security Details] - [Prohibited Functions When Authentication Error]*

  • [Prohibit Functions When Auth. Error] is set to [Mode 2] and [No. of Tries] is set to [3]. No. of tries can be changed in the range between [1] and [3].

  • [Release Time Settings]: Limited to [5] minutes. This value cannot be less than five minutes.

[Security Settings] - [Security Details] - [Confidential Document Access Method]

Set to [Mode 2].

[Security Settings] - [Security Details] - [Print Data Capture]

Set to [Restrict].

[Security Settings] - [Security Details] - [Hide Personal Information (MIB)]

Set to [ON].

[Security Settings] - [Security Details] - [Initialize]*

If you select [Network Settings] and start it, the Enhanced Security Mode is canceled.

[Remote Access Setting] - [Import/Export User Data]

Set to [Restrict].

[Maintenance] - [Import/Export] in Web Connection

The password must be configured.

[Security] - [PKI Settings] - [Device Certificate Setting] in Web Connection

[Requesting Certificate] is hidden.

[Security] - [PKI Settings] - [SSL Setting] in Web Connection*

  • [Mode using SSL/TLS]: Set to [Admin. Mode and User Mode].

  • [Encryption Strength]: If it has been set to [AES-256, 3DES-168, RC4-128, DES-56, RC4-40] or [AES-256, 3DES-168, RC4-128], it is changed to [AES-256, 3DES-168].

[Security] - [PKI Settings] - [Protocol Setting] in Web Connection

[Protocol 1]: [SSL], [Protocol 2]: The certificate is registered in the [http Server].

Remote Diagnosis System

Some functions may be disabled. For details, contact your service representative.

Preview Secure Document User Box

Only the list is displayed before the password authentication is performed.

[Security Settings] - [Maintenance Mode Permission]

Set to [Restrict].

  • If you change a setting item (marked by an asterisk *) that has been changed synchronously with [Enhanced Security Mode], a confirmation dialog box appears, and the Enhanced Security Mode is canceled.

  • A setting that has been forcibly changed when the [Enhanced Security Mode] was enabled will not be changed if you disable the [Enhanced Security Mode].

  • Once the password rules have been enabled, an item for which a password that do not comply with the rules has been configured will result in authentication failure.

To check the used area, entire area, and available storage space in this machine ([Check Capacity])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [Check Capacity]

Allows you to check the used area, entire area, and free space on the storage of this machine.

To automatically overwrite data stored on the hard disk or in the memory ([Overwrite HDD Data])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [Overwrite HDD Data]

This machine temporarily stores image data on the hard disk or in the memory during scanning and printing. When the stored data are no longer needed, you can delete them by overwriting with certain data.

Settings

Description

[Yes]/[No]

Specify whether to automatically delete data stored on the hard disk or in the memory by overwriting.

[No] is specified by default.

[Overwrite Method]

Select the method for deleting data stored on the hard disk or memory by overwriting.

  • [Mode 1]: Overwrites with 0x00.

  • [Mode 2]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with letter "a" (0x61) - Verifies

[Mode 1] is specified by default.

[Encryption Priority]/[Overwrite Priority]

When setting [Overwrite HDD Data] with [HDD Encryption Setting] in combination, select the preferred option for deleting data stored on the hard disk.

  • [Encryption Priority]: Overwrites data using a method different from [Mode 1] and [Mode 2] of [Overwrite Method]. To set [Overwrite HDD Data], select [Encryption Priority].

  • [Overwrite Priority]: Overwrites data using the method specified at [Overwrite Method].

When changing this setting, you need to formatting the hard disk after restarting this machine. Before you attempt to change the setting, be aware that data may be deleted.

[Encryption Priority] is specified by default.

To overwrite all data stored in the entire storage area of this machine ([Overwrite All Data])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [Overwrite All Data]

When disposing of this machine or returning it to a leasing business, use this function to delete all data saved on the storage of this machine by overwriting. This function also resets all passwords to the factory settings.

Prior to performing this operation, contact your service representative.

To perform delete by overwriting, select [Overwrite Method] and tap [Delete].

  • [Mode 1]: Overwrites with 0x00.

  • [Mode 2]: Overwrites with single-byte random numbers - overwrites with single-byte random numbers - overwrites with 0x00.

  • [Mode 3]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with single-byte random numbers - Verifies.

  • [Mode 4]: Overwrites with single-byte random numbers - Overwrites with 0x00 - Overwrites with 0xff.

  • [Mode 5]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff.

  • [Mode 6]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with random numbers.

  • [Mode 7]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0xaa.

  • [Mode 8]: Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0x00 - Overwrites with 0xff - Overwrites with 0xaa - Verifies.

[Mode 1] is specified by default.

  • To print a result report after deleting data, tap [Delete], then select [Overwrite & Print Report]. You can specify the customer name to be added to a report as required. For details, refer to Here.

To lock the hard disk with a password in order to protect the stored data ([HDD Lock Password])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [HDD Lock Password]

Protects saved data by locking the hard disk using a password.

To encrypt the data on the hard disk, enter an encryption passphrase (in 20 characters, case sensitive).

Be sure to keep the password you have entered carefully so that you do not forget them. Should the password be lost, it takes a major recovery work to restore it.

If a password is already set, you can change or cancel it.

To format the storage area of this machine ([Format])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [Format]

Formats the storage of this machine.

Retrieve any data needed from the storage of this machine beforehand.

Formatting the storage of this machine causes the following types of data to be deleted.

  • Program

  • Address Book

  • Authentication method setting

  • User authentication setting

  • Account track setting

  • User Box

  • User Box setting

  • Documents in User Boxes

  • Confidential User Box setting

  • Bulletin Board User Box setting

To encrypt data on the hard disk for protection purposes ([HDD Encryption Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Storage Management Settings]
          • [HDD Encryption Setting]

Encrypts all data saved on the hard disk for protection purposes.

To lock the hard disk with a password, enter a password to lock it (in 20 characters, case sensitive).

Be sure to keep the encryption passphrase you have entered carefully so that you do not forget them.

To forcibly apply stamps to original data when printing or sending the data ([Apply Stamps])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Stamp Settings]
          • [Apply Stamps]

Select whether to force application of stamps to original data when printing and sending a fax. To apply a stamp, configure the type and print position.

Users are not allowed to manually change or cancel the settings for the stamp function. You can explicitly indicate the sender identification by adding the user name or company name. Also, you can use the copy security function to suppress unauthorized copy operation.

For both [Printing] and [Sending], [Do Not Apply] is specified by default.

To delete the registered stamps ([Delete Registered Stamp])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Stamp Settings]
          • [Delete Registered Stamp]

Deletes stamps registered for Stamp, Copy Protect and Stamp Repeat.

To enable the FIPS mode ([FIPS Settings])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [FIPS Settings]

Specify whether to enable the FIPS (Federal Information Processing Standardization) Mode.

FIPS defines security requirements for cryptographic modules. These standards are adopted by many organizations, including U.S. federal government agencies. Enabling the FIPS Mode makes the functions of the machine conform to the FIPS.

[Invalid] is specified by default.

To permit your service representative to change [Administrator Settings] of a device without authentication ([Maintenance Mode Permission])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Maintenance Mode Permission]

Select whether to permit your service representative to change [Administrator Settings] of a device without authentication.

[Restrict] is specified by default.

To back up setting data of this machine to the hard disk or server ([Information Backup Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [Security Settings]
        • [Information Backup Setting]

Configure settings to back up or restore setting data of this machine to the hard disk or server.

Settings

Description

[Server Backup]

Backs up setting data to the server.

For details, refer to Here.

[Restore from Server]

Restores setting data from the server.

For details, refer to Here.

[HDD Backup]

Backs up setting data to the hard disk.

For details, refer to Here.

To prohibit the registration of the OpenAPI application ([OpenAPI Certification Management Setting])

To display:
  • [Utility]
    • [Administrator Settings]
      • [OpenAPI Certification Management Setting]

Specify a restriction code to prevent an OpenAPI connection application from being registered on this machine.

For details, contact your service representative.