Layer 4: Device security

Device user authentication

The ability to track, control usage, and prevent unauthorized access is predicated on requiring users to authenticate before they can print, scan, fax, etc. Once logged in, users will only see the device functions and features they’re authorized to use. Various authentication options give you the ability to control the level of capabilities granted to each user or group of users. This may include restricting the ability to change machine settings and view address book entries or granting access to scanning workflows, document servers, and other functions. In addition, the User Lock-out function — which triggers if it detects a high frequency of successful or failed login attempts — helps guard against Denial of Service attacks or brute-force password cracks

Network user authentication

Ricoh devices support network user authentication to limit access to authorized users. For example, Windows® authentication verifies a user’s identity at the MFP by comparing login credentials (username and password, ID badge with or without PIN, or a combination of both) against the database of authorized users on the Windows network server. In the case of access to the global address book, LDAP authentication validates a user against the LDAP (Light-weight Directory Access Protocol) server — so only those with a valid username and password can search and select email addresses stored on the LDAP server.

For customers utilizing SmartCards for authentication, such as U.S. Government Common Access Cards (CAC) or Personal Identity Verification (PIV) IDs, Ricoh offers solutions for enabling this type of authentication.

Software such as RICOH Streamline NX — a modular suite that covers scan, fax, print, device management, security, and accounting processes — provides additional network authentication options. These include authenticating against the LDAP, Kerberos authentication, and an available SDK for custom integrations.

Device network authentication

Many Ricoh devices support the IEEE 802.1X authentication protocol, which is frequently part of zero-trust architecture (ZTA) network implementations. This port-based network access control allows a network administrator to restrict the use of a network until a device has been properly authenticated. This ensures secured communication between authenticated and authorized devices.

Firmware and driver management

Working with your service provider, organizations can maintain a line of defense by ensuring current firmware on your devices through proactive remote management. You can prevent printer device firmware from becoming outdated via a remote cloud portal. A device’s firmware can be remotely checked, and an update can be immediately pushed. Or, updates can be performed automatically on a scheduled basis.

Refreshing firmware for large numbers of devices or across an entire fleet can be handled as a batch upgrade in moments. Drivers can also be pre-configured and pushed to devices remotely. You can package drivers with the appropriate defaults according to your print and security policies — and control who has access to different driver packages.

1 – Drive encryption

If the drive is physically removed from a Ricoh machine, the encrypted data cannot be read. Once enabled, the drive encryption function can help protect an MFP’s drive against data theft while helping organizations comply with corporate security policies. Encryption includes data stored in a system’s address book — reducing the danger of an organization’s employees, customers, or vendors having their information misappropriated.

The following types of data — which are stored in non-volatile memory or on the drive of MFPs — can be encrypted:

• Address book

• User authentication data

• Stored documents

• Temporarily stored documents

• Logs

• Network interface settings

• Configuration info

2 – Device data in transit encryption

As information moves through the network, it is possible for a knowledgeable hacker to intercept raw data streams, files, and passwords. Without protection, unencrypted information can be stolen, modified, or falsified and re-inserted back into the network with malicious intent. To combat this, Ricoh uses encryption and robust network security protocols that can also be configured according to customers’ needs. For example, the Transport Layer Security (TLS) protocol is used to help maintain the confidentiality and integrity of data being communicated between two endpoints.

3 – Print stream encryption

Data sent in a print stream can be exploited if unencrypted and captured in transit. Ricoh enables the encryption of print data by means of Secure Sockets Layer/Transport Layer Security (SSL/ TLS) via Internet Printing Protocol (IPP) — encrypting data from workstations to network devices or MFPs. Because this is a protocol that helps maintain data confidentiality, attempts to intercept encrypted print data streams in transit would only produce data that is indecipherable. Data sent to printers could be misused or attacked if it is not encrypted.

4 – End-to-end driver-based encryption

Concerns about a malicious attack on print job data can be addressed using the Ricoh Universal Print Driver for end-to-end encryption of print data between the user’s system and the Ricoh MFP. End-to-end encryption can be enabled in the print dialog so a user can set an encryption password. To release the print job, the user enters the encryption password at the Ricoh device, which then decrypts the data and prints the job. This method of print data encryption utilizes AES-256 encryption.

5 – Locked print

Printed documents sitting on the paper tray or left out in the open can be picked up by anyone. This puts the document’s information at risk, and the potential impact grows dramatically when printing confidential documents. Ricoh locked print capabilities can hold encrypted documents on the device’s hard drive until the document’s owner arrives and enters the correct PIN code or network credentials. For even more capability, software such SLNX can provide full-featured secure document release — giving users options over their secure print queue while letting administrators maintain control.

6 – Copy data security

Ricoh offers functions to thwart unauthorized copying of hardcopy documents — helping prevent possible information leaks. The copy guard function prints and copies documents with special invisible patterns embedded across the background. If the printed or copied document is photocopied again, the embedded patterns will become visible on the copies.

The unauthorized copy control function protects against unauthorized copying in two ways. Masked Type for Copying embeds a masking pattern and message within the original printout, safeguarding the information. If unauthorized copies are made, the embedded message appears on the copy. This might include the document author’s name or a warning message. When the Ricoh device detects the masking pattern, the printed data is obscured by a gray box that covers all but a 4mm margin of the masking pattern.

7 – Mandatory secure information print

Stamping documents with key identifying information can achieve greater accountability and management control. Mandatory security information print is a feature that forces key information — including who printed a document, when it was printed, and from which device — to be printed with a document. This feature can be enabled for copy, print, fax, and document server functions.

Administrators can select the print position and which types of information will be automatically printed on the output, which may include:

• Date and time the job was printed

• Name or login user ID of who printed the job

• IP address and/or serial number of the device used

8 – Temporary data removal

When a document is scanned or when data is received from a PC, some may be stored temporarily on the hard disk drive or memory device. This can include scan/print/copy image data, user-entered data, and device configuration. This temporary data represents a potential security vulnerability.

The DataOverwriteSecurity System, built into most Ricoh devices, addresses this vulnerability, destroying temporary data stored on the MFP’s hard disk drive by overwriting it with random sequences of 1 and 0. Temporary data is actively overwritten and thereby erased each time a job is successfully completed. The DataOverwriteSecurity System can also:

• Include options for National Security Agency (NSA) and Department of Defense (DoD) recommendations for handling classified information

• Make it virtually impossible to access latent data from copy/print/scan jobs once the overwrite process is complete (overwrite process can be selected from 1 to 9 times)

• Assist customers in their compliance with HIPAA, GLBA, FERPA, and other regulations

• Provide visual feedback regarding the overwrite process (i.e. Completed or In-Process) with a simple display panel icon

Protection Profile for Hardcopy Devices (PP_HCD_V10)

PP_HCD_V10 is a U.S. government-approved protection profile for hardcopy devices such as digital MFPs. It was developed by the Multifunction Printers Technical Community with representatives from industry (including Ricoh), U.S. and Japanese government agencies, Common Criteria Test Laboratories, and international Common Criteria schemes. The purpose of this Protection Profile (PP) is to facilitate efficient procurement of Commercial Off-The-Shelf (COTS) Hardcopy Devices (HCDs) using the Common Criteria (CC) methodology for information technology security evaluation.

The following areas — which have been identified as among the most important for security protections — have been validated in most Ricoh devices to the PP_HCD_V10 standard and can be enabled:

• User identification and authentication systems

• Data encryption technology available for multifunction printers

• Validation of the system’s firmware

• Separation of the analog fax line and the copy/print/scan controller

• Validation of data encryption algorithms

• Data protection

At Ricoh, our product line is constantly being enhanced to meet our customers’ and regulators’ changing requirements.

IEEE 2600.2

The IEEE 2600.2 security standard pertains to hardcopy devices operating in a commercial information processing environment — with required levels of document security, network security and security assurance. It establishes a common baseline of security expectations for MFPs. To ensure that a device demonstrates conformance with the established standard, independent third-party laboratory tests provide verification of the manufacturer’s security features. Ricoh offers a broad line of MFPs that have been certified as conforming to the IEEE 2600.2 security standard.

FIPS 140-2/3

The Federal Information Processing Standard (FIPS) 140-2/3 is a U.S. government security standard for validating cryptographic modules through the National Institute of Standards and Technology’s (NIST) Cryptographic Module Validation Program (CMVP). Many cryptographic modules in Ricoh devices use algorithms that are recommended or approved by NIST, including algorithms validated under NIST’s Cryptographic Algorithm Validation Program (CAVP). CAVP validation is a prerequisite for CMVP validation.

Customers can upgrade certain devices to a CMVP-validated drive* and a soon-to-be-released MFP firmware upgrade that will incorporate CMVP-validated modules elsewhere within the MFP**. Firmware-upgraded devices will implement certain device hardening measures — including turning off less secured ports, protocols, and limiting some application use.

Read the next section, Layer 5: Data security >