Konica Minolta bizhub PRO C754e bizhub C754e/C654e Security Operations User Gu - Page 16

bizhub C754e/C654e

1-12

1.4

Miscellaneous

1

Precautions for Use of Umlaut

-

Setting or entering an umlaut from the control panel may be disabled depending on the setting made

in this machine, but not on the client PC side including PageScope Web Connection. If an umlaut is set

in a password on the PC side, therefore, the umlaut cannot be entered from the control panel, which

means that this particular password is not usable.

Precautions for Use of Various Types of Applications

Comply with the following requirements when using the PageScope Web Connection or an application of var-

ious other types.

The administrator of the machine should make sure that the user observes the following requirements.

-

The password control function of each application stores the password that has been entered in the PC

being used. Disable the password management function of each application and perform an operation

without storing a password.

Use a web browser or an application of various other types that shows "*" or "

-

" for the password en-

tered.

-

Once the password has been entered, do not leave your PC idle without logging on.

-

Set the web browser so that cache files are not saved.

-

Do not access any other site once you have logged onto the machine with the PageScope Web Con-

nection. Accessing any other site or a link included in e-mail, in particular, can lead to execution of an

unintended type of operation. Whenever access to any other site is necessary, be sure first to log off

from the machine through the PageScope Web Connection.

-

Using the same password a number of times increases the risk of spoofing.

-

If a web browser such as Internet Explorer is used on the client PC side, "TLS v1" should be used for

the SSL setting.

-

Expanded functions, which can be used in association with applications by registering the optional

License Kit, are available, including collecting and controlling user and account information by means

of the WebDAV function. Use of these expanded functions is not covered by certification of ISO15408.

-

Optional applications not described in this User’s Guide are not covered by certification of ISO15408.

Encrypting communications

The following are the cryptographic algorithms of key exchange and communications encryption systems

supported in generation of encryption keys.

-

TLS_RSA_WITH_3DES_EDE_CBC_SHA

-

TLS_RSA_WITH_AES_128_CBC_SHA

-

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

-

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

NOTICE

The administrator of the machine should make sure that SSL encryption communication is not performed

with the SSL set in SSL v3.

Do not use an SSL certificate that is electronically signed by MD5, as an increased risk results of data to be

protected being tampered with or leaked.

To eliminate the risk of the data to be protected being tampered with or leaked, refer to the recommended

ciphers list disclosed by, for example, NIST and CRYPTREC and use the appropriate cryptographic tech-

nique.

Use the following browsers to ensure SSL encryption communication with appropriate strength. Use of any

of the following browsers achieves SSL encryption communication that ensures confidentiality of the image

data transmitted and received.

Microsoft Internet Explorer

-

6/7/8/9/10 (desktop version)

Mozilla Firefox

-

3.5 or later

-

ESR 10.0 or later

Microsoft Internet Explorer 8 is used for the ISO15408 evaluation for this machine.

Section	Page
Contents	2
1 Security	6
1.1 Introduction	6
Compliance with the ISO15408 Standard	6
Operating Precautions	6
INSTALLATION CHECKLIST	7
1.2 Security Functions	9
Check Count Clear Conditions	9
1.3 Precautions for Operation Control	11
Roles of the Owner of the Machine	11
Roles and Requirements of the Administrator of the machine	11
Password Usage Requirements	11
User information control server control requirements	12
Security function operation setting operating requirements	12
Operation and control of the machine	12
Machine Maintenance Control	14
1.4 Miscellaneous	15
Password Rules	15
Precautions for Use of Various Types of Applications	16
Encrypting communications	16
Print functions	17
IPP printing	17
Items of Data Cleared by Overwrite All Data Function	18
Fax functions	18
USB keyboard	18
Different types of boxes	19
Hardware and software used in the machine	19
Firmware integrity verification function	19
IPsec setting	20
CS Remote Care function	20
Terminating a Session and Logging out	20
Authentication error during external server authentication	20
2 Administrator Operations	22
2.1 Accessing the Administrator Settings	22
2.1.1 Accessing the Administrator Settings	22
2.1.2 Accessing the User Mode	24
2.2 Enhancing the Security Function	28
2.2.1 Items cleared by HDD Format	30
2.2.2 Setting the Password Rules	31
2.2.3 Setting the Enhanced Security Mode	33
2.3 Preventing Unauthorized Access	36
Setting Prohibited Functions When Authentication Error	36
2.4 Canceling the Operation Prohibited State	38
Performing Release Setting	38
2.5 Setting the Authentication Method	40
2.5.1 Setting the Authentication Method	40
2.5.2 Setting the External Server	43
2.6 ID & Print Setting Function	46
Setting ID & Print	46
2.7 System Auto Reset Function	48
Setting the System Auto Reset function	48
2.8 User Setting Function	50
Making user setting	50
2.9 Account Track Setting Function	56
Making account setting	56
2.10 User Box Function	61
2.10.1 Setting the User Box	61
2.10.2 Changing the user/account attributes and box password	67
2.10.3 Setting Memory RX	72
2.11 Changing the Administrator Password	75
Changing the Administrator Password	75
2.12 Protecting Data in the HDD	78
2.12.1 Setting the Encryption Key (encryption word)	78
2.12.2 Changing the Encryption Key	82
2.12.3 Setting the Overwrite HDD Data	84
2.13 Overwrite All Data Function	86
Setting the Overwrite All Data function	86
2.14 Obtaining Job Log	88
2.14.1 Obtaining and deleting a Job Log	88
2.14.2 Downloading the Job Log data	90
Job Log data	92
2.15 Setting time/date in machine	99
2.15.1 Setting time/date	99
2.15.2 Setting daylight saving time	102
2.16 SSL Setting Function	104
2.16.1 Device Certificate Setting	104
2.16.2 SSL Setting	106
2.16.3 Removing a Certificate	107
2.17 S/MIME Communication Setting Function	108
2.17.1 Setting the S/MIME Communication	108
2.17.2 Registering the certificate	111
2.18 SNMP Setting Function	113
2.18.1 Changing the auth-password and priv-password	113
2.18.2 SNMP access authentication function	119
2.18.3 SNMP v3 setting function	119
2.18.4 SNMP network setting function	119
2.19 WebDAV Function	120
Setting the WebDAV Server Password	120
2.20 TCP/IP Setting Function	123
2.20.1 Setting the IP Address	123
2.20.2 Registering the DNS Server	124
2.21 AppleTalk Setting Function	125
Making the AppleTalk Setting	125
2.22 E-Mail Setting Function	126
Setting the SMTP Server (E-Mail Server)	126
3 User Operations	128
3.1 User Authentication Function	128
3.1.1 Performing user authentication	128
3.1.2 Accessing the ID & Print Document	134
3.2 Change Password Function	136
Performing Change Password	136
3.3 Secure Print Function	139
Accessing the Secure Print Document	139
3.4 User Box Function	143
3.4.1 Setting the User Box	143
3.4.2 Changing the user/account attributes and box password	149
3.4.3 Accessing the User Box and User Box file	156
3.4.4 Sending S/MIME box files	160
4 Application Software	163
4.1 PageScope Data Administrator	163
4.1.1 Accessing from PageScope Data Administrator	163
4.1.2 Setting the user authentication method	166
4.1.3 Changing the authentication mode	168
4.1.4 Making the user settings	171
4.1.5 Making the account settings	172
4.1.6 Registering the certificate	173
4.1.7 DNS Server Setting Function	175
4.1.8 AppleTalk Setting Function	176

Konica Minolta bizhub PRO C754e bizhub C754e/C654e Security Operations User Gu - Page 16

Precautions for Use of Various Types of Applications, Encrypting communications, NOTICE

Page 16 highlights