To ensure the security of RICOH Streamline NX, the security settings must be set to match the customer's environment.
To prevent damage from malicious attackers, follow the points below in addition to the contents of "Software/Extension Security" and ensure that installation and setup are performed properly.
As this software handles address books and other personal information, operate it so that only a limited number of people can access the server where it is installed.
The address book of the multifunction device or printer may contain personal information. When handling the multifunction device or printer address book with this software, carefully handle the imported and exported files.
The report may contain personal information. When reports are generated with this software, carefully handle the generated files. To manage reports more safely, we recommend you to use the masking function and delete function for personal information.
Use the User Role and Privilege functions to strictly manage the browsing authority and usage functions of the users who access RICOH Streamline NX.
To enhance security, we recommend you to set the Security Connection Key to something that cannot be guessed.
The job log or access log of the multifunction device or printer may contain personal information. To collect the job log or access log with this software, we recommend you to set "Encrypt Device Log Transfer" and "Encrypt Logs in Device".
Also, carefully handle the exported files.
To encrypt data communication and prevent eavesdropping and tampering, we recommend you to enable the SSL/TLS setting and disable HTTP, so that server uses HTTPS only when accessing the web services.
Also enable the SSL/TLS setting when connecting to an LDAP server.
We recommend you to use a certificate issued by a trusted third-party certification authority instead of a self-signed certificate as the digital certificate used to encrypt the communication.
Digital certificates can be installed from the certificate management tool on the managed multifunction devices and printers.
As this software communicates with older multifunction devices and printers, it does not disable weak encryption protocols. Follow the instructions in the instruction manual (operation guide) to disable unnecessary encryption protocols according to the customer's security policy and the status of the multifunction device or printer used. To prevent leakage of user information over the network during authentication, we recommend that models that support encrypted communication use it. We also recommend using an authentication method with higher security.
To prevent eavesdropping of the communication content, we recommend setting the communication protocol to LDAPS when using LDAP authentication.
To prevent eavesdropping of the communication content, we recommend setting the communication protocol to HTTPS.
To prevent leakage of print information over the network during printing, we recommend that models that support encrypted communication use it. Set the SSL communication setting to "On" (enabled) in the print settings.
We recommend you to use a certificate issued by a trusted third-party certification authority instead of a self-signed certificate as the digital certificate used to encrypt the communication. If you want to use a self-signed certificate, it also has to be installed on the server.
To enable encrypted communication, enable the SSL/TLS setting. Match the SSL/TLS version and encryption strength used to the multifunction device or printer settings.
We recommend you to encrypt print documents you want to save.
Also enable the SSL/TLS setting when connecting to an external database.
Use the Management Console on a network protected by a firewall, not directly connected to the Internet.
After changing the administrator or password of the multifunction device or printer, the administrator ID and password setting of the management tool must also be changed. "Local Password Policy" settings, you can set the password length, password age, and account lockout threshold.
To prevent eavesdropping of the network, we recommend you to turn "On" (enable) the SSL communication setting.
When using IIS as the web server, also enable SSL/TLS settings for IIS.
Also enable the SSL/TLS setting when connecting to an external server.
(Function to connect to an external server)
・Send to SharePoint Server
・Send to Email
・Send to FTP
・Send to WebDAV
・Send to CMIS
・Send to Exchange Server
・Send to DocumentMall
・Send to RightFax
・Send to Gmail
・Send to Google Drive
・Send to Dropbox
(Function to use an authentication server)
・Active Directory authentication
・LDAP authentication
Administrators should prepare a secure PC, server, or network that can only be accessed by authorized persons.
RICOH Streamline NX information assets can be accessed in common from all PC accounts. Therefore, appropriately manage the PC access account.