Security of RICOH Production Printers

Introduction

Along with the development of the information society, we are facing various threats, such as computer viruses, personal information leakage and unauthorized access. In such situations, it is important to take the necessary security measures for everybody.
This is now important not only for PCs, servers, and networks, but also for.

In order to use RICOH Production Printers more safely, we would like to recommend taking the following security measures.

1. Connect your ICT devices, including Production Printers, to a network isolated by a firewall to prevent unauthorized access from the Internet.
2. PC Operation
   1. Set screen locks
      It is recommended to lock the PC screen when leaving it unattended.
   2. Use different browsers for Production Printers and Internet
      While operating this product from the Web browser, it is recommended to use a different browser application, except for sites that can trusted. Another option is to fully log out from this product, not just closing the window or tab, before browsing other sites.
   3. Only open hyperlinks that can be trusted
      Be careful when opening hyperlinks in emails and Web pages. Only open links that can be trusted.

1. Use a private IP address
   Unauthorized access from the Internet can be prevented by operating in a local area network environment such as an in-house LAN.
2. Change the password
   By changing the password of Production Printers, it is possible to prevent attacks, such as setting changes, by a malicious third party from the Internet. Be sure to change the password from the default value.
3. Protection for Production Printers stored data
   It is recommended to protect the data stored in Production Printers with user authentication and stored document password setting.
   -By performing user authentication such as identifying and authenticating the user (IC card and password input), only authorized users can use Production Printers.
   -Set the stored document password so that it cannot be used by a third party by setting a password for accessing the stored document
4. SMB setting
   It is recommended to use v3.0 or higher for SMB. For the models that do not allow such settings, it is recommended to protect them with IPsec.
5. Storage encryption
   It is recommended to encrypt the memory (NVRAM) / HDD/ SSD of Production Printers.
6. Access permission setting
   It is recommended to limit the permissions that allow to cancel jobs to job owners and administrators.
7. IP Use a Restricted IP Address
   It is recommended to limit the range of IP addresses that can access to Production Printers as much as possible. It will prevent unauthorized access from the Internet.
8. Disable unused network services
   It is recommended to disable unnecessary networks services. In particular, rsh, telnet, ftp, lpr, etc. do not have encryption function by themselves, so if concerned about network eavesdropping, it is recommended to disable network services or protect it with IPsec described later. You can check the applications that are affected by disabling services in the user manual of the device you are using. If you have any questions, please contact the service providers.
9. SSL/TLS setting
   
   1. Certificate settings
      To prevent information leakage via the network, it is recommended to use encrypted communication if supported. Encrypted communication includes SSL / TLS and IPsec. See the manual for supported communications.
      It is recommended to use a certificate issued by a trusted third-party certificate authority instead of a self-signed certificate as the digital certificate used to encrypt the communication.
      If a self-signed certificate is used, it is needed to install it on a PC that uses a browser.
   2. Limitation of SSL2.0/3.0
      It is recommended to not use SSL 2.0 or SSL 3.0 that are older standards. For the models that do not allow such settings, it is recommended to protect with IPsec.
   3. Limitation of encryption suite
      It is recommended to not use RC4 or DES, which have low encryption strength.
10. IPsec setting
    If network eavesdropping is concerned but need to use a communication method that does not have encryption, it is recommended to protect with IPsec.
11. SNMP settings
    To reduce the risk of network load attacks using SNMP, the following are recommended:
    
    • Change the community name from the default name.
    • Ensure the community name is segmented appropriately. For example, avoid sharing the same community name used by an entire business division.
      Alternatively, SNMPv3 is recommend.
12. HTTP port setting
    Changing the HTTP port number will reduce the risk of unauthorized access to Web interface.