Extended Security
Device Management > Configuration > Security >
Extended Security
Configure settings for extended security.
Note
- Settings on this page can be changed by the following administrators:
- Network Administrator (Driver Encryption Key, Driver Encryption Key: Encryption Strength, Settings by SNMPv1, v2)
- Machine Administrator (Restrict Display of User Information, Transfer to Fax Receiver, Authenticate Current Job, @Remote Service, Update Firmware, Change Firmware Structure)
- Users Administrator (Encrypt User Custom Settings & Address Book, Restrict Use of Destinations (Fax), Restrict Use of Destinations (Scanner), Password Policy)
- File Administrator (Enhance File Protection)
- Some items may not appear depending on machine type or configuration.
Driver Encryption Key
When user authentication is configured, specify the character string for the key used for encrypting the login passwords or document passwords that are sent from each kind of driver.
To specify the driver encryption key, register the encryption key specified using the machine in the driver.
Click the Change button to open the Driver Encryption Key page, and then specify the driver encryption key.
Driver Encryption Key: Encryption Strength
Specify the encryption strength of the driver encryption key.
AES
Jobs encrypted with Simple Encryption, DES, or AES are accepted.
DES
Jobs encrypted with Simple Encryption or DES are accepted.
Simple Encryption
All jobs that support user authentication are accepted.
Note
- If you select AES or DES, specify the encryption settings using the printer driver.
For details about specifying the printer driver, see the printer driver's Help.
Restrict Display of User Information
This can be specified if user authentication is set. When the job history is checked using a network connection for which authentication is not available, all personal information can be displayed as "********".
Encrypt User Custom Settings & Address Book
Specify whether to encrypt the individual settings of the machine's users and the data in the Address Book. If you select On, configure the encryption key.
Encryption Key
Configure the encryption key to encrypt the individual settings of the users and the data in the Address Book.
Click the Change button to open the Encryption Key page, and then specify the key.
Encrypt/Decrypt
Click the Execute button to encrypt the individual settings and the Address Book data, using the specified encryption key.
If you have changed the encryption key, the data is decrypted with the old key and re-encrypted with the new one.
Enhance File Protection
Locks a file protected by password if an invalid password is entered ten times for the file.
Restrict Use of Destinations (Fax)
Specify whether or not to limit the available fax destinations to the destinations registered in the Address Book.
If you select On, a user cannot enter the destinations for transmission manually.
Restrict Adding of User Destinations (Fax)
If you set Restrict Adding of User Destinations (Fax) to Off, specify whether or not to allow users to register a fax destination in the Address Book using the fax number manually entered. Normally, users can register a fax destination in the Address Book by manually entering a fax number and then pressing the Program Dest. button. If you set this function to On, users can enter a destination manually but cannot register that destination in the Address Book by pressing the Program Dest. button. This function restricts user registration in the Address Book.
Restrict Use of Destinations (Scanner)
Specify whether or not to limit the available scanner destinations to the destinations registered in the Address Book.
If you select On, a user cannot enter the destinations for transmission manually.
Restrict Adding of User Destinations (Scanner)
If you set Restrict Adding of User Destinations (Scanner) to Off, specify whether or not to allow users to register a scanner destination in the Address Book using the destination manually entered. Normally, users can register a scanner destination in the Address Book by manually entering the destination and then pressing the Program Dest. button. If you set this function to On, users can enter a destination manually but cannot register that destination in the Address Book by pressing the Program Dest. button. This function restricts user registration in the Address Book.
Transfer to Fax Receiver
If you use Forwarding or Transfer Box under the fax function, files stored in the machine can be transferred or delivered.
To prevent stored files being transferred by mistake, select Prohibit for this setting.
Authenticate Current Job
When User Authentication Management is configured, specify whether or not authentication is required for operations such as canceling jobs under the copier and printer functions.
Login Privilege
Authorized users and the machine administrator can use the machine. When this is selected, authentication is not required for users who logged in to the machine before Login Privilege was selected.
Access Privilege
Any user who performed a copy or print job can cancel the job.
Also, the machine administrator can cancel the user's copy or print job.
Off
You cannot print for authenticated jobs .
Note
- Even if you select Login Privilege and log in to the machine, you cannot cancel a copy or print job that is being processed if you are not privileged to use the copy and printer functions.
@Remote Service
Specify whether or not to disable communication via HTTPS for @Remote Service.
Update Firmware
Specify whether or not to disable firmware updates on the machine.
Change Firmware Structure
Specify whether or not to prevent changes in the machine's firmware structure.
Change firmware structure refers to insertion and removal of SD cards containing firmware, and insertion of incorrect SD cards.
Password Policy
Specify Complexity Setting and Minimum Character No. for the password.
By making this setting, you can limit the available passwords to only those that meet the conditions specified in Complexity Setting and Minimum Character No..
If you select Level 1, specify the password using a combination of two types of characters
selected from upper-case letters, lower-case letters, decimal numbers, and symbols such as #.
If you select Level 2, specify the password using a combination of three types of characters
selected from upper-case letters, lower-case letters, decimal numbers, and symbols such as #.
Settings by SNMPv1, v2
Specify whether or not to disable settings with SNMPv1, v2 protocol.
When the machine is accessed using the SNMPv1, v2 protocol, authentication cannot be performed, allowing machine administrator settings such as the paper setting to be changed. If you select Prohibit, the setting can be viewed but not specified with SNMPv1, v2.
Security Setting for Access Violation
An application using network connection may cause multiple authentication attempts to the device even if a user sends only one authentication command using the application.
In this case, if the authentication fails due to an incorrect password, the device may count the failure as the multiple authentication failures and then lock out the user.
If you select On, you can prevent such user lockouts.
Denial Duration for Access Violation
Specify a period during when to exclude from the user lockout count repeated access by the same user ID and password.
If you fail to login after the specified period elapses from the last authentication failure, this access is counted as an authentication failure
and classified as the target of user lockout.
Managed User Host Limit
Specify how many users to be excluded from the user lockout can be monitored.
If the number of users exceeds the specified number, the oldest user information is erased and the new information is retained.
The erased users will be classified as the target of user lockout even during the period specified for Denial Duration for Access Violation.
Password Entry Host Limit
Specify how many passwords to be excluded from the user lockout can be monitored.
If the number of password exceeds the specified number, the oldest password information is erased and the new information is retained.
The erased password will be classified as the target of user lockout even during the period specified for Denial Duration for Access Violation.
Status Monitor Interval
Specify the interval for monitoring the information of Managed User Host Limit and Password Entry Host Limit.
Password Entry Violation
If the number of authentication requests exceeds the specified setting, the system classifies the access session as a password attack.
The access session is recorded in the access log and the log data is sent to the machine administrator by email.
Maximum Allowed Number of Access
Specify the maximum number of allowable authentication attempts. If the number is set to 0, password attacks are not detected.
Measurement Time
Specify the interval to count the number of repeated failed authentication attempts. When the measurement time is over, the logged counts of failed authentication attempts are cleared.
Device Access Violation
If the number of log in requests exceeds the setting, the system classifies the access session as an access violation.
The access session is recorded in the access log and the log data is sent to the machine administrator by e-mail. Also, a message is displayed on the control panel and on Web Image Monitor.
Note
- In Simultaneous Access Host Limit, you can specify the limit number of hosts accessing the machine at one time. If the number of accesses exceeds the specified setting, monitoring becomes unavailable and the detected unavailability is recorded in the log.
Maximum Allowed Number of Access
Specify the maximum number of allowable access attempts. If the number is set to 0, password attacks are not detected.
Measurement Time
Specify the interval to count the number of excessive access. When the measurement time is over, the logged counts of access are cleared.
Authentication Delay Time
Specify the authentication delay time when an access violation is detected.
This function prevents system down due to the access violation.
Simultaneous Access Host Limit
Specify the number of acceptable authentication attempts when authentications are delayed due to an access violation.
Buttons
Refresh
Click to update the currently displayed information.
Note
- Before making the settings, click Refresh to obtain the machine's current status.
OK
Click to apply the settings.
Cancel
Click to cancel the settings.