Konica Minolta bizhub 658e bizhub 658e/558e/458e Security Operations User Manu - Page 19

1.4 Miscellaneous 1 Precautions for Use of Various Types of Applications Comply with the following requirements when using the Web Connection or an application of various other types The administrator should make sure that the user observes the following requirements. - The password control function of each application stores the password that has been entered in the PC being used. Disable the password management function of each application and perform an operation without storing a password. Use a web browser or an application of various other types that shows "*" or "-" for the password entered. - Once the password has been entered, do not leave your PC idle without logging on. - Set the web browser so that cache files are not saved. - To operate the machine through the configuration authenticated by the ISO15408, do not use any utility that is available from the [Starting-up Data Management Utility] placed on the Web connection initial screen. - Do not access any other site once you have logged onto the machine with the Web Connection. Accessing any other site or a link included in e-mail, in particular, can lead to execution of an unintended type of operation. Whenever access to any other site is necessary, be sure first to log off from the machine through the Web Connection. - Using the same password a number of times increases the risk of spoofing. - If a web browser such as Internet Explorer is used on the client PC side, "TLS v1.0" or more should be used for the SSL setting. - Optional applications not described in this User's Guide are not covered by certification of ISO15408. Encrypting communications This machine guarantees encrypted communication via IPsec. IPsec setting This machine offers a choice of two authentication methods of [Pre-Shared Key] and [Digital Signature] for authenticating the remote machine with which to communicate. When [Pre-Shared Key] is to be used, control the pre-shared key appropriately to ensure that it is not leaked to any third party other than the remote machine with which to communicate. For the shared key, set a value that consists of a combination of eight to 128 alphanumeric characters and that cannot be easily guessed. The number of characters and types of characters that can be used for the shared key are as follows: - Numeric characters: 0 to 9 - Alpha characters: upper and lower case letters - Symbols SPACE Selectable from among a total of 94 characters Do not set a value that can be easily guessed from your birthday, employee identification number, and the like. [Digital Signature] has a higher security strength than [Pre-Shared Key]. The ISO15408 evaluation for the machine is performed on the basis of the [Pre-Shared Key]. Do not use DES or 3DES in the encryption algorithm of [IKE Settings]. Use AES. [Main Mode] and [Aggressive Mode] are available in [Negotiation Mode]. The default setting is [Main Mode]. The administrator should operate the machine with the [Main Mode] setting. Leaking the pre shared key for IPsec set on the MFP increases the risk of spoofing of the MFP, etc. Therefore, set machine-specific pre shared keys and manage them safely. Using [Administrator Settings] - [Network Settings] - [TCP/IP Settings] - [IPsec Settings] - [Enable IPsec] [IPsec Policy] - [Common Settings], set [default action] to [Deny]. Select an ESP Encryption Algorithm from AES-GCM, AES-CBC, and AES-CTR for IPsec SA Settings. Furthermore, when AES-CBC or AES-CTR is selected, select an ESP Authentication Algorithm from SHA-1, SHA-2, and AES-XCBC. bizhub 658e/558e/458e 1-15