Skip to main content

Security features on Ricoh devices

Information is your customer’s most valuable asset. ‘Information’ can mean classified, confidential, or otherwise sensitive documents—anything from floor plans to personnel reviews. The risk of information getting into the wrong hands is real, and that is why every business needs to implement effective strategies to protect their information assets.

High risk sectors

Digital technology has transformed business practices by enabling nearly instantaneous data exchange, but it has brought with it some new challenges in terms of security. The risk can expose your customers to diminished competitive advantage, and possible litigation or erosion of stockholder trust.

These can be considered high-risk sectors:

  • Federal government—national security, military, and trade sectors
  • Financial—mergers and acquisitions, stock transactions
  • Pharmaceutical—clinical trials, patent applications, quarterly financial results
  • General offices—customer records, restructuring plans
  • Engineering—new product design, intellectual property
  • Law firms—briefs, depositions, contracts
  • Medical—billing, medical records

Ricoh’s security features

By providing customised security features for your customers, you can develop a comprehensive suite of security solutions. These security solutions can protect printed and electronic data against opportunistic or targeted threats, both internal and external.

This document provides you with an overview of these security measures that are designed to best meet your customer’s objectives when securing digital office systems:

  • Restricting unauthorised device access
  • Controlling device output
  • Securing network devices
  • Securing network print data
  • Destroying latent data
  • Physically securing data and port
  • Encrypting data communications
  • Preventing unauthorised system use
  • Auditing all device activity
  • Preventing unauthorised copying
  • Displaying who, when, and from where output was printed. 

Restricting unauthorised devices access

User codes

User codes are standard in most Ricoh devices. They enable the system administrator to manage and track the use of Ricoh digital output devices. A user code can be assigned to an individual, based on the functions they have permission to use. This level of control enables the administrator to monitor system usage, by generating print counter reports by a user code and function.

Controlling device output

Locked print

Locked print is available through Ricoh’s advanced printer drivers, and it maintains confidentiality by suspending document printing until the authorised user enters the correct user ID from the device’s operation panel. This eliminates the possibility of anyone viewing or removing a document from the paper tray.

Locked print requires a HDD.

Locked print password encryption

The password used for locked printing can be encrypted to help protect against wiretapping.

Enhanced Locked Print NX

Enhanced Locked Print NX lets users capture all the benefits of shared, centralised multifunction products (MFPs), without compromising document security. Users can store, release, and manage confidential documents with the security of user ID and password authorisation.

It offers these benefits:

  • Users can safely send documents to devices where they are securely held until released by the authorised user
  • Documents cannot be picked up at the device by another user, protecting information confidentiality
  • Documents stored at the device are encrypted, therefore information cannot be compromised if the HDD is stolen.

The FlexRelease server option provides even more flexibility, in enabling prints to be picked up from any Ricoh device in the company network.

Enhanced Locked Print NX can be implemented with Ricoh’s optional CardAuthentication Package for faster and more secure device access.

Card Authentication Package

Card Authentication Package improves security while making it easier and faster for users to authenticate and access networked MFPs. User privileges can be managed with security cards that restrict colour printing, regulate scanning, and provide users with secure printing of confidential documents.

 

RAM-based security

Some Ricoh MFPs use Random Access Memory (RAM), instead of an HDD, for document processing tasks such as copying. Without the means to permanently store data, such as on an HDD, a key security threat is eliminated. As such, these MFPs can be proposed for low-volume environments where information security is the top priority.

Securing network devices

SmartDeviceMonitor for Admin

SmatDeviceMonitor for Admin is utility software bundled with all Ricoh printers, print-enabled MFPs, and the Printer/Scanner option. This software suite simplifies installation, monitoring, and management of Ricoh network output systems, while supporting key security features.

Tracking device usage

 SmartDeviceMonitor for Admin tracks the activities of an entire system, providing a detailed log of all devices accessed by each user or department.

Restricting user access

 The system administrator can control user privileges through the User Management Tool. It displays all supported Ricoh devices on the network, and a simple click on the device opens a menu to restrict or enable access to the device for individual users.

Web Image Monitor

Web Image Monitor is an integrated web-based utility for device management.

Setting IP address range (IP filtering)

The system administrator can restrict authorised connections to the device from the hosts whose IP addresses fall into a particular IP range. Commands or jobs sent from unauthorised IP addresses are ignored by the device.

Network port security

The system administrator can enable or disable IP ports, controlling the different network services provided by the device to an individual user.

IP address filtering

In a Local Area Network (LAN), an IP address is each network computer’s unique hardware number. An IP address helps route emails and attachments, forward faxes to the correct  recipient, and send print data to networked output devicesfrom PCs. The ability of Ricoh devices to block or restrict a particular user or a group of users based on IP addresses, improves the management of PCs and users, helps to balance output volumes among multiple devices, and enhances network security by limiting access to files stored on devices.

Job logs and Access logs

A complete list of every job executed by the device is stored in memory. This list may be viewed via Web SmartDeviceMonitor to track and trace device usage by job and/or user.

When used in conjunction with external user authentication modes, it will be possible to determine which specific users may be abusing privileges to resources. It’s also possible to determine which device was used and by whom in tracing an unauthorised transmission.


WPA support

Used in conjunction with the IEEE802.11 Wireless LAN option, Wi-Fi Protected Access (WPA) is a security specification that addresses vulnerabilities in wireless communications. It provides a high level of assurance to enterprises, small businesses, and even home-based users that data will remain protected by allowing only authorised users to access their networks. ‘Personal’ and ‘Enterprise’ authentication and encryption features block intruders with wirelessly-enabled laptops and other mobile devices from tapping into wireless networks in any environment. This prevents the interception of data streams and passwords, or prevents using wireless connections as an entry point into the customer’s data network.

802.1x wired authentication

802.1x provides network port based authentication for point-to-point communication between network devices and a LAN port. By providing a point-to-point connection to a LAN port, communication will terminate if authentication fails.

Data encryption

Advanced network technologies increase the convenience of surfing and printing for millions, but also leave networks vulnerable to attack from intruders using wireless laptops or other mobile devices via any access points within range. Without protection, confidential information can easily be stolen, or modified and reinserted back to the network.

Ricoh devices provide these encryption capabilities to help your customers reduce these risks:

Address book encryption

Address book encryption protects contact information by encrypting the data stored in a device’s address book. Even if the HDD is removed from the device, the data cannot be read. This feature eliminates the danger of a company’s or department’s entire staff, customers, or vendors being targeted for malicious emails or PC virus contamination. Also, as address book data usually corresponds to usernames and passwords used elsewhere on the network, protecting a device’s address book increases overall network security.

Encrypted PDF transmission

While Adobe offers a number of security features within the Acrobat application to lock and password-protect documents, there is nothing to prevent data being obtained from the files while travelling over the network. That’s where Ricoh’s Encrypted PDF transmission adds value—scrambling and encrypting the data that would otherwise be very transparent during transmission.

HDD encryption

This feature can encrypt the device’s HDD to protect against data theft. Even if the HDD is stolen, data cannot be extracted.

Driver encryption key

Ricoh devices offer this feature that scrambles user authentication passwords when using the PCL and RPCS drivers, so others cannot access the system fraudulently.

PDF password encryption

This function corrects vulnerability in Encrypted PDF transmission in a way that the window for entering the user passwords displays the password in clear text. It encrypts passwords up to 32 characters for more secure PDF transmission and storage.

 

SNMP v3 encrypted communication

Simple Network Management Protocol version 3 (SNMP v3) is a network management standard widely used in TCP/IP environments. It provides a method of managing network hosts, such as printers, scanners, workstation or server computers, and groups bridges and hubs together into a ‘community’ from a centrally-located computer running network management software. It allows the system administrator, for example, to make changes to device settings via SmartDeviceMonitor for Admin from a networked PC with encrypted communications to help a business maintain a secure environment.

Kerberos

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by implementing secret-key cryptography. Many internet protocols don’t provide any security for their passwords, and sending an unencrypted password over a network is risky and can open the network to attack. Kerberos authentication helps to limit the risks caused by unencrypted passwords and keep networks more secure.

IPsec communication

IP security (IPsec) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. Organisations that require high levels of security have networks with IPsec for data protection. These organisations require printing using IPsec.

S/MIME for Scan to email

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a standard for public key encryption and signing of email encapsulated in MIME. This feature is used to encrypt confidential data transmitted by Scan to email for data protection against wiretapping.

Securing network print data

Data encryption via IPP

Using Ricoh’s SmartDeviceMonitor for Client utility, print data can be encrypted by means of Secure Sockets Layer/Transport Layer Security (SSL/TLS) via the Internet Printing Protocol (IPP), hence, securing data between workstations and network printers and MFPs.

Destroying latent data

Data Overwrite Security System (DOSS)

To further prevent data loss, an organisation’s security measures should incorporate technology that destroys latent digital images on the device’s HDD. Ricoh Data Overwrite Security System (DOSS) destroys temporary data stored on the device’s HDD by writing over the latent image with random sequences of 1’s and 0’s.

It offers these benefits:

  • Three-pass random data overwrite process makes any effort to access and reconstruct stored print and copy files virtually impossible
  • A simple operation panel icon provides visual feedback about the overwrite process, for example, completed or in-progress
  • DOSS is ISO 15408 certified.

Physically securing data and ports

Network port security

Typically, network-enabled systems are shipped to the customer with all network ports ‘open’, making the addition of these systems to different networks as easy as possible. However, there is also a drawback in this, as opened unused network ports pose a security risk.

To provide enhanced network security, the system administrator can disable a specific protocol such as SNMP or FTP using Web Image Monitor or SmartDeviceMonitor. This prevents the theft of usernames and passwords, and helps address outside threats, including destruction or falsification of stored data, and viruses that can enter the network via an unused printer or MFP port.

Encrypting data communication

128-bit encryption over SSL

Ricoh’s GlobalScan NX supports 128-bit encryption over SSL. SSL technology works by using a private key to encrypt data that is scanned from a Ricoh MFP to the GlobalScan NX server, creating a secure connection.

Preventing unauthorised system use

User authentication

Enables the system administrator to restrict device access so that only those with a valid username and password can access MFP functions.

 

Windows authentication

Verifies the identity of the MFP user by comparing login username and password against the database of authorised users on the Windows Network Server, and then granting or denying access to MFP functions.

LDAP authentication

Validates a user against the Light-weight Directory Access Protocol (LDAP) server, and only those with a valid username and password can access the organisation’s global address book—that is, search and select email addresses stored on the LDAP server.

Administrator authentication

A registered administrator manages system settings and user access to MFP functions. Up to four administrators can share the administrative tasks, enabling the workload to be spread and limit unauthorised operation by a single administrator—though the same individual can assume all roles. In addition, a separate supervisor can be established for setting or changing  administrator passwords.

Basic authentication

Authenticates a user with the username and password that have been locally registered in the MFP’s address book. Users without a valid username and password cannot access the device.

User code authentication

Based on Ricoh’s standard user code system to authenticate the user. The MFP user simply enters their user code which is compared with the registered data in the MFP’s address book.

Basic authentication and User code authentication can be used in non-Windows and/or non-networked office environments.

Auditing all device activity

Ricoh Print and Copy Control (PCC) for Equitrac Office and Express

Ricoh Print and Copy Control (PCC) enables customers to better control user access and track copy and print information via software embedded on the HDDs of some Ricoh devices. It protects sensitive data and prevents unauthorised use with the authentication method that fits your customer’s business.

Preventing unauthorised copying

Unauthorised copy control

Ricoh’s Unauthorised copy control embeds patterns and text under printed text to help eliminate the risk of unauthorised copying of sensitive documents. This feature is ideal for smaller businesses that primarily use the device for fax, and copy and print output. For example, companies that copy personnel reports, compensation plans, medical records, financial reports, and so on.

Unauthorised copy control consists of two functions:

  • Mask Type for Copying is a standard feature that embeds a masking pattern and message within the original printout. If copies are made, either on the Ricoh or competitor’s digital devices, the embedded message is displayed. Note that some digital MFPs may not detect masking patterns.
  • Data Security for Copying can be selected for output that is produced on an MFP equipped with the Copy Data Security unit. It will grey out all output, leaving only a 4 mm margin of masking pattern. This feature requires the optional Copy Data Security unit, and is not supported on some fax-enabled configurations.

Displaying who, when, and from where output was printed

Mandatory security information print

Mandatory security information print is a feature that includes information about who printed the document, when, and from which device.

Mandatory security information can include this information:

  • Date and time when the job was printed
  • Name and login user ID of the user who printed the job
  • IP address of the device that printed the job
  • Serial number of the device that printed the job.

The system administrator can select which type of information is printed on the output. The print position can be changed from the default lower right position to upper left, upper right, or lower left.

Labels:

Comments

Post a Comment

Popular posts from this blog

Total Cost of Ownership (TCO)

When a customer buys a Ricoh device, the Total Cost of Ownership (TCO) includes the purchase price and the running costs over the lifetime of the product. The TCO is calculated in steps, using these costs and quantities: Cost of supplies and consumables Expected yield of supplies and consumables Document volumes Expected lifespan of the device Purchase price. Many different software tools are available, via the internet and from your sales manager, to help you calculate TCO. Four steps to calculate TCO There are basically four steps to calculate the TCO: Step 1:  Calculate Cost Per Page (CPP) Step 2:  Calculate average monthly running cost Step 3:  Calculate lifetime running cost Step 4:  Calculate TCO. You can use these steps to calculate the TCO of a Ricoh device and a competitor's device. The difference in TCO between different devices is an important part of the sales approach, when TCO is an advantage. This column contains the business overview. Step 1: Calculat...
Post a Comment
Read more

Scan to folder - RICOH MFP Feature

Ricoh’s multifunction products (MFPs) allow users to send scanned documents to shared folders on various networks. Compatible MFPs support these three methods of Scan to folder: Scan to SMB (for Windows environments) Scan to NCP (for Novell NetWare environments) Scan to FTP (for environments with mixed operating systems). Many Ricoh MFPs also allow users to combine Scan to folder and Scan to email destinations in the same job.    Enlarging and reducing scans MFPs with a GWNX controller allow users to enlarge or reduce the size of their scan to a different supported paper size automatically, for example, an A5 size document can be scanned to A4 size.  Supported file types Scan to folder supports single-page TIFF, JPEG, PDF, PDF/A, and high compression PDFs, as well as multi page TIFF, PDF, PDF/As, and high compression PDF file formats. Users can also add a digital signature using the Scan to Digitally Signed PDF feature. Homefolder over LDAP support Supported by Ricoh MFPs...
Post a Comment
Read more

Smart Operation Panel in RICOH MFP's

Ricoh's  second generation 10.1-inch Smart Operation Panel is a standard feature available on selected GWNX-enabled multifunction products (MFPs). It replaces the first generation Smart Operation Panel which was available as an option for selected devices. The most noticeable improvements in the second generation Smart Operation Panel are in the features set, response time and, usability. It also eliminates all physical buttons to make way for a full touchscreen interface.  Based on Android technology, the second generation Smart Operation Panel provides the same multi-touch user experience found on smartphones and tablets. Using a touchscreen interface with multi-touch gestures, users are able to tap, swipe, flick, or pinch the screen to select, navigate, and resize items.   What’s changed There are some key differences in the hardware component of the Smart Operation Panel. Chief amongst them is the elimination of physical keys, which are now replaced by soft keys....
Post a Comment
Read more