Canon Paper Shredder User Manual
Page 28
28
White Paper: Canon imageRUNNER ADVANCE Security
Section 4 — Network Security
IP Address and Port Filtering
Using the RX/Print Settings function, the System Manager can limit network access to the device to
specific IP addresses or ranges for printing and Settings/Browsing. Up to eight individual or consecutive
address settings can be specified. Subsequently, the System Manager can also choose to permit a range of
addresses, but reject specific addresses within that range. In addition, with the Next Generation
imageRUNNER ADVANCE models, Administrators have the capability to do Port Filtering of each IP
Address for further control of network traffic.
Media Access Control (MAC) Filtering
MAC address filtering is useful for smaller networks where administrators can manage controls for specific
systems, regardless of the subnet to which they happen to be connected. For environments using Dynamic
Host Configuration Protocol (DHCP) for IP address assignments, MAC address filtering can avoid issues
that are caused when DHCP leases expire and a new IP address is issued to a system. As with IP address
filters, MAC address filters can be used to allow or deny access to specific addresses. Up to 100 MAC
addresses can be registered and easily added, edited, or deleted through the Remote UI interface. MAC
address filters take a higher priority than the IP address filters; so necessary systems can be allowed or
denied, even if the system’s IP address would dictate otherwise.
SSL Encryption
Many organizations are quite diligent about protecting data as it is transferred between PCs and servers or
from one PC to another. However, when it comes to transmitting that same data to and from the MFP
device, it is almost always sent in clear text. As a result, it may be possible to capture all the data as it is
sent to the printer via the network. Canon helps mitigate this dilemma by providing Secure Socket Layer
(SSL) encryption support for some transmissions to and from the imageRUNNER device, such as Internet
protocol Printing (IPP), Internet-fax (I-fax), Remote UI, Web Access and DIDF.
IPv6 Support
IPv6 support, which is available in all imageRUNNER ADVANCE systems, provides a more secure
network infrastructure, improved traffic routing and easier management for administrators than IPv4.
IPSec Support
Canon imageRUNNER ADVANCE systems support an optional IPSec Board, which allows users to utilize
IPSec (Internet Protocol Security) to help ensure the privacy and security of information sent to and from
the device, while in transit over unsecured networks. With the Next Generation imageRUNNER
ADVANCE devices, iPSec Support is standard, and it is built directly into the firmware and no optional
“Boards” are required.
IPSec is a suite of protocols for securing IP communications. IPSec supports secure exchange of packets at
the IP layer, where the packets in the data stream are authenticated and encrypted. It encrypts traffic so that
the traffic cannot be read by parties other than those for whom it is intended, it also ensures that the traffic
has not been modified along its path and is from a trusted party, and protects against replay of the secure
session. The IPSec functionality of the device only supports transport mode, therefore authentication and
encryption is only applied to the data part of the IP packets.
See the imageRUNNER ADVANCE system manual for the specific device in question for additional
instructions on registering IPSec-based security policies.