Konica Minolta bizhub 808 bizhub 958/808 Security Operations User Manual - Page 18

1.4 Miscellaneous 1 Precautions for Use of Various Types of Applications Comply with the following requirements when using the Web Connection or an application of various other types The administrator should make sure that the user observes the following requirements. - The password control function of each application stores the password that has been entered in the PC being used. Disable the password management function of each application and perform an operation without storing a password. Use a web browser or an application of various other types that shows "*" or "-" for the password entered. - Once the password has been entered, do not leave your PC idle without logging on. - Set the web browser so that cache files are not saved. - Do not access any other site once you have logged onto the machine with the Web Connection. Accessing any other site or a link included in e-mail, in particular, can lead to execution of an unintended type of operation. Whenever access to any other site is necessary, be sure first to log off from the machine through the Web Connection. - Using the same password a number of times increases the risk of spoofing. - If a web browser such as Internet Explorer is used on the client PC side, "TLS v1.0" or more should be used for the SSL setting. - Optional applications not described in this User's Guide are not covered by certification of ISO15408. Encrypting communications This machine guarantees encrypted communication via IPsec. IPsec setting This machine offers a choice of two authentication methods of [Pre-Shared Key] and [Digital Signature] for authenticating the remote machine with which to communicate. When [Pre-Shared Key] is to be used, control the pre-shared key appropriately to ensure that it is not leaked to any third party other than the remote machine with which to communicate. For the shared key, set a value that consists of a combination of eight or more alphanumeric characters and that cannot be easily guessed. Do not set a value that can be easily guessed from your birthday, employee identification number, and the like. [Digital Signature] has a higher security strength than [Pre-Shared Key]. The ISO15408 evaluation for the machine is performed on the basis of the [Pre-Shared Key]. [Main Mode] and [Aggressive Mode] are available in [Negotiation Mode] of [IKE Settings]. The default setting is [Main Mode]. The administrator should operate the machine with the [Main Mode] setting. Leaking the pre shared key for IPsec set on the MFP increases the risk of spoofing of the MFP, etc. Therefore, set machine-specific pre shared keys and manage them safely. Note that unencrypted communication can be established if the IPsec setting is not made over the whole address range (0 to 255 for IPv4) and an IP address outside the range is assigned to a client PC. Use the following browsers to ensure safety. Use of any of the following browsers achieves communication that ensures confidentiality of the image data transmitted and received. Microsoft Internet Explorer - 9/10/11 Mozilla Firefox - 20 or later Microsoft Internet Explorer 11 is used for the ISO15408 evaluation for this machine. Print functions Only the following procedures are guaranteed for the print functions performed from the client PC. - Use IPPS printing for the print functions performed using the printer driver. - Use direct printing from the Web Connection for the print functions not performed via the printer driver. bizhub 958/808/758/bizhub PRO 958 1-14