ir-adv security kit-b1 for ieee 2600.1 service...

4321

iR-ADV Security Kit-B1 for IEEE 2600.1Service Manual

February 27, 2012Revision 0

0-2

0-2

ApplicationThis manual has been issued by Canon Inc. for qualified persons to learn technical theory, installation, maintenance, and repair of products. This manual covers all localities where the products are sold. For this reason, there may be information in this manual that does not apply to your locality.

CorrectionsThis manual may contain technical inaccuracies or typographical errors due to improvements or changes in products. When changes occur in applica0-1le products or in the contents of this manual, Canon will release technical information as the need arises. In the event of major changes in the contents of this manual over a long or short period, Canon will issue a new edition of this manual.

The following paragraph does not apply to any countries where such provisions are inconsistent with local law.

TrademarksThe product names and company names used in this manual are the registered trademarks of the individual companies.

CopyrightThis manual is copyrighted with all rights reserved. Under the copyright laws, this manual may not be copied, reproduced or translated into another language, in whole or in part, without the written consent of Canon Inc.

Copyright CANON INC. 2011

CautionUse of this manual should be strictly supervised to avoid disclosure of confidential information.

0-3

0-3

ContentsSpecifications

Product compositions --------------------------------------------------------1-2Product Overview ------------------------------------------------------------------ 1-2Product specification -------------------------------------------------------------- 1-2

Support device ------------------------------------------------------------------------------ 1-2System configuration ---------------------------------------------------------------------- 1-2Article configuration ------------------------------------------------------------------------ 1-2

TOE Identification Method ------------------------------------------------------- 1-3Target of Evaluation identification method ------------------------------------------- 1-3

FunctionsBasic Function -----------------------------------------------------------------2-2

What is IEEE2600? ---------------------------------------------------------------- 2-2Background ---------------------------------------------------------------------------------- 2-2Field status ----------------------------------------------------------------------------------- 2-2Security standard for MFP ---------------------------------------------------------------- 2-2IEEE2600.1 ---------------------------------------------------------------------------------- 2-2

Target Function --------------------------------------------------------------------- 2-3Security Functional Requirements of MFP ---------------------------------- 2-4

New Function ------------------------------------------------------------------2-5iR-ADV Security Kit-B1 for IEEE2600.1 -------------------------------------- 2-5

Setting value (IEEE 2600.1) ------------------------------------------------------------- 2-6Installation location ------------------------------------------------------------------------2-10

Audit Log (Standard Function of This Machine) ---------------------------2-10Self Test Function (IPSec) ------------------------------------------------------ 2-11

InstallationPoints to Note About Installation ------------------------------------------3-2

Before Installation ------------------------------------------------------------------ 3-2Handling the Options with VOID Seal ---------------------------------------- 3-2

Installation Overview ----------------------------------------------------------- 3

The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". 3

Checking the Operation After Making the Settings -------------------3-5Checking the Ping When IPSec is in Operation---------------------------- 3-5Setting by the Device ------------------------------------------------------------- 3-5Setting by the PC ------------------------------------------------------------------ 3-7Overview of the Security Policy Setting -------------------------------------- 3-7IPsec Setting ------------------------------------------------------------------------ 3-8IPSec defaults > Customize ----------------------------------------------------- 3-8Connection Security Rules -----------------------------------------------------3-10Assigning the Security Policy --------------------------------------------------3-12Checking the Ping ----------------------------------------------------------------3-13

MaintenanceNotes when service -----------------------------------------------------------4-2

Supporting the Modified Items After the Release of iR-ADV Security Kit-B1 for IEEE2600.1 ------------------------------------------------------------ 4-2Recovery after Servicing Work ------------------------------------------------- 4-2

Reference matter in market service --------------------------------------4-3Functions Which Operates Normally ------------------------------------------ 4-3

Explanation of SymbolsThe following symbols are used throughout this Service Manual.

Symbols Explanation Symbols Explanation

Check. Remove the claw.

Check visually. Insert the claw.

Check the noise. Use the bundled part.

Disconnect the connector. Push the part.

Connect the connector. Plug the power cable.

Remove the cable/wire from the cable guide or wire saddle.

Turn on the power.

Set the cable/wire to the cable guide or wire saddle.

Remove the screw.

Tighten the screw.

The following rules apply throughout this Service Manual:

1. Each chapter contains sections explaining the purpose of specific functions and the relationship between electrical and mechanical systems with reference to the timing of operation.

In the diagrams, represents the path of mechanical drive; where a signal name accompanies the symbol, the arrow indicates the direction of the electric signal. The expression "turn on the power" means flipping on the power switch, closing the front door, and closing the delivery unit door, which results in supplying the machine with power.

2. In the digital circuits, '1' is used to indicate that the voltage level of a given signal is "High", while '0' is used to indicate "Low". (The voltage value, however, differs from circuit to circuit.) In addition, the asterisk (*) as in "DRMD*" indicates that the DRMD signal goes on when '0'.

In practically all cases, the internal mechanisms of a microprocessor cannot be checked in the field. Therefore, the operations of the microprocessors used in the machines are not discussed: they are explained in terms of from sensors to the input of the DC controller PCB and from the output of the DC controller PCB to the loads.

The descriptions in this Service Manual are subject to change without notice for product improvement or other purposes, and major changes will be communicated in the form of Service Information bulletins.All service persons are expected to have a good understanding of the contents of this Service Manual and all relevant Service Information bulletins and be able to identify and isolate faults in the machine.

1

1 Specifications

Specifications ■Product compositions

1

11-2

1-2

Specifications > Product compositions > Product specification > Article configuration

Specifications > Product compositions > Product specification > Article configuration

Product compositions

Product OverviewiR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is an option to use the imageRUNNER ADVANCE 4000 Series(4051/4045/4035/4025) as the CC certified imageRUNNER ADVANCE 4000 Series 2600.1 model (hereinafter called "2600.1 model") which complies with IEEE 2600.1 stand-ard.

iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is a product*2 with ISO/IEC 15408 Common Criteria (CC) certification, which complieswith IEEE Std 2600.1TM-2009*1 which is an international standard for information security of MFPs and printers.

CC certification which this product obtained indicates that the product complies with "Function matter of the security" and "Guarantee requirements" as a result of the evaluation based on the specifiedevaluation standards and evaluation methods.

*1 "IEEE Std 2600.1TM-2009" is a protection profile of the evaluation assurance level "EAL3+ALC_FLR.2".

*2 Products combining the following are target products for certification in addition to iR-ADV Security Kit-B1 for IEEE 2600.1 Common CriteriaCertification, which is this product.

• imageRUNNER ADVANCE 4051/4045/4035/4025 Series• Access Management System Kit-B• HDD Data Encryption & Mirroring Kit-C• Data Erase Kit-C

Product specification ■ Support device

iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria CertificationimageRUNNER ADVANCE 4051imageRUNNER ADVANCE 4045imageRUNNER ADVANCE 4035imageRUNNER ADVANCE 4025

■ System configuration

AMS

Data Complete Deletion Kit

IEEE2600HDD Data Encryption & Mirroring Kit

Audit Log

IPsec

Hardware option License is option Standard function

■ Article configuration

iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification

F-1-1

F-1-2

1

11-3

1-3

Specifications > Product compositions > TOE Identification Method > Target of Evaluation identification method


HDD Data Encryption & Mirroring Kit

Data Erase Kit

4

HDD Erase Kit

HDD Erase License Certificate

CurrentVOID

ACCESS MANAGEMENT SYSTEM KIT

AMS CD（Manual/Installation procedure/SSOH/Driver Add-in)

AMS Kit

AMS License Certificate

Standard with U.S. model Current

VOID

F-1-3

F-1-4

F-1-5

TOE Identification Method ■ Target of Evaluation identification method

● Checking the configurationCheck that the machine configuration (such as the controller and options) is the same as that when IEEE 2600.1 CC certification was obtained on the touch paneldisplay.There are following mentions in "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification of Administrator Guide"."After the operations are completed, the administrator must confirm that the machine is operating normally as a 2600.1 model. "

1. Press [Counter Check] of the Control Panel.2. Press [Check Device Configuration].

3. Press [OK] after checking that the device configuration is the same as the following on the device configuration check screen.

Product name iR-ADV 4051iR-ADV 4045iR-ADV 4035iR-ADV 4025

Controller Version 9100.0.408Scanner Version 201.101Canon MFP Security Chip 2.01

(Version of the Encryption Board included in HDD Data Encryption & Mirroring Kit)

Option ACCESS MANAGEMENT SYSTEMData EraseSecurity Kit-B1 for IEEE 2600.1

F-1-6

T-1-1

1

11-4

1-4



Controller VersionScanner Version

9100.0.408

201.101

4. Press [Check MEAP Counter].

5. Press [Version Information].MEAP Contents version

F-1-7

F-1-8

10.14

6. Press [OK] after checking that the versions are the same as the following on the version information screen.

<MEAP Contents> 10.14

Note:Since versions are not given to any options other than HDD Data Encryption & Mirroring Kit, they are aggregated in the Controller Version.

"ACCESS MANAGEMENT SYSTEM" and "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification" are not displayed unless default authentication is switched to SSO-H.

F-1-9

2

2 Functions

Functions ■Basic Function ■New Function

2

22-2

2-2

Functions > Basic Function > What is IEEE2600? > IEEE2600.1

Functions > Basic Function > What is IEEE2600? > IEEE2600.1

Basic Function

What is IEEE2600?

■ BackgroundIn addition to paper documents, MFPs contain user information and information saved in the MFPs as the assets to be protected. The security requirements which the users request for the assets to be protected differ depending on the conditions.

■ Field status The security requirements of MFPs that can be used by the users are not unified by each manufacturer. Users request that the necessary functions be clearly specified. Manufacturers want to clarify which functions are needed by the users.

■ Security standard for MFPThe security standard in which these needs are organized had been requested. In the light of this circumstance, IEEE2600 was established as the security standard for the hard copy devices.

■ IEEE2600.1IEEE 2600.1 describes security requirements of MFPs and printers, and is one of the PPs (Protection Profiles) of IEEE 2600 series.PP is a document that describes a set of security requirements in certain product range which satisfies consumers' needs.In IEEE 2600 series, PPs are classified into 4 categories as shown below depending on the operation environment of the usage type.

Protection Profile2600.1




Security TargetSpecifications of Company A

Security Target

Security Target

ST: Each Benda defines it every product.

CC(Common Criteria (ISO 15408))

Specifications of Company B

Specifications of Company C

In IEEE2600, a security requirement for CC certification (Protection Profile (PP)) which is common to MFP vendors has been established. IEEE2600 divides the operational environment into 4 categories.

IEEE2600.1 Protection Profile for Operational Environment A

Assumed to be used in the military or government, which is a large-scale environment with high-level awareness against security.

IEEE2600.2 Protection Profile for Operational Environment B

Assumed to be used in a general office, which is a large-scale environment with medium-level awareness against security.

IEEE2600.3 Protection Profile for Operational Environment C

Assumed to be used in the public, which is a middle-scale environment.

IEEE2600.4 Protection Profile for Operational Environment D

Assumed to be used in SOHO, which is a small-scale environment.

F-2-1

T-2-1

2

22-3

2-3

Functions > Basic Function > Target Function

Functions > Basic Function > Target Function

Purpose of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification:

iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is assumed to be used in a large-scale and high-level environment and the aim is to provide functions which comply with such environment.

Target FunctionIn IEEE 2600.1 PP (Protection Profile), functions which are targeted for CC certification can be selected. PP defines the section where a security requirement common to print, scan, copy and fax is described as the common section (hereinafter called "Common"), andthe security requirements specific to each of 7 independent functions of print, scan, copy, fax, document management, removable HDD function and network asthe Packages.

1 PRINT:2600.1-PRTSFR Package for Hardcopy Device Print Functions

Print function

2 SCAN:2600.1-SCNSFR Package for Hardcopy Device Scan Functions

Scan function

3 COPY:2600.1-CPYSFR Package for Hardcopy Device Copy Functions

Copy function

4 FAX:2600.1-FAXSFR Package for Hardcopy Device FAX Functions

Fax function Including scan function for fax or printing of a document received via telephone line.

5 Document storage: 2600.1-DSR SFR Package for Hardcopy Device Docum ent Storage andRetrieval Functions

Document management function. Management of documents kept among jobs. A function which enables temporary storage after a job or retrieval upon execution of a succeeding job.

6 Removable HDD function: 2600.1-NVS SFR Package for Hardcopy Device Nonvolatile StorageFunctions

Removable HDD function. It counteracts against exposure of documents stored in nonvolatile storage due to the analysis or restoration of stored data. The target is described as a removable storage, and is limited to one which can be removed by an end user instead of a service technician. MFP function (option) corresponds to this function.

7 Network: 2600.1-SMI SFR Package for Hardcopy Device Shared-medium

Network communication function. This function is intended for LAN/WAN and wired/wireless network since the network mentioned here is targeted for media which performs communication with external devices and to which multiple users can access simultaneously. Communication functions such as USB, serial and parallel with short distance connection and low risk of data being stolen are excluded.

SFR stands for Security Functional Requirement. T-2-2

The iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria includes the security function that it functions and met entirely of seven kinds of above.

Reference: Item No.6, Removable HDD function, specifies the following harms to be prevented that are inflicted by a malicious third person who takes away the HDD whena removable HDD kit is installed in the host machine. - Stealing and seeing the information - Putting invalid files such as virus in HDD and placing it back to the host machine In the IEEE2600 certification configuration, HDD Data Encryption & Mirroring Kit (the target of CC certification is the encrypted IC on the Encryption Board)which is already separately CC certified is a prerequisite, and all data in the HDD is encrypted. As the data in the HDD is encrypted, the data which does notroute through the HDD Data Encryption Board cannot be retrieved.

The data in the HDD removed from the host machine cannot be read since it is encrypted. Even if invalid data has been added to HDD, the Main Controller cannot recognize it since it does not route through the HDD Data Encryption Board. Therefore, whether there is a removable HDD kit does not matter to the IEEE2600 certification configuration.

2

22-4

2-4

Functions > Basic Function > Security Functional Requirements of MFP

Functions > Basic Function > Security Functional Requirements of MFP

Security Functional Requirements of MFPThe following shows the security functional requirements of MFP.

Functional requirements Purpose Functions supported by iR-ADV1 User recognition/

authentication functionTo prevent unauthorized use by unregistered persons

MEAP SSO-H

2 Access control of device function

To prevent an authenticated user from executing the digital MFP functions for which the user does not have the privilege.

AMS: Access Management System

3 Remaining data deletion function

To prevent temporary data in a device (such as image data generated by a job) from being reused

HDD complete deletion function

4 Protection function for user data in the nonvolatile memory (such as HDD)

To prevent leakage of information due to the HDD unit taken away

HDD encryption function

5 Protection function for network data

To prevent LAN data from being stolen

IPSec

6 Protection function for user data transfer

To counter the attacks by the abuse of I-Fax

Stop a transfer function

Access control function for jobs

Blocking invalid access to a user document.

Controlling access to Inboxes by password and printing by storing a job due to secured print.

7 Audit log generation function

To counter the attacks by the abuse of I-Fax

Job log/User authentication log/Mail Box operation log/Device management log

8 Self test function To ensure that the main security functions are normal

Self test of encryption module

T-2-3

2

22-5

2-5

Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1

Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1

New Function

iR-ADV Security Kit-B1 for IEEE2600.1Check that the following installation is complete before enabling the license of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification.

• imageRUNNER ADVANCE 4051/4045/4035/4025 Series• Access Management System Kit-B• HDD Data Encryption & Mirroring Kit-C• Data Erase Kit-C

Settings/Registration > [Management Settings] > [Device Management] > [Unified Security Settings]can be selected. Selection of Unified Security Settings changes the setting of each item in "Settings/Registration" to that for the IEEE2600.1 certification machine.

Preferences

Setting items Displayed Screen Setting value (IEEE

2600.1 certification machine)

Setting value (at

the time of shipment)

Advanced Box/Network [Display Settings] > [Store Location Display Settings]

OFF ON Memory Media OFF*1 OFFRestrict Auto Reset Time*2

[Timer/Energy Settings] > [Restrict Auto Reset Time]

ON OFF

Report with TX Image [Function Settings] > [Send] > [Common Settings] > [TX Report ]

ON OFF

Use IPSec [Preferences] > [Network] > [TCP/IP Settings] > [IPSec Settings]

ON OFFReceive Non-Policy Packets

Reject Allow

Use NetWare [Network] > [NetWare Settings] OFF*1 OFF Use AppleTalk [Network] > [AppleTalk Settings] OFF*1 OFF MIB Access Permission [Network] > [SNMP Settings] > [Use SNMPv1]

> then,[ON]Read Only Read Only

[Network] > [SNMP Settings] > [Use SNMPv3] > then, [ON]

Read Only Read/Write

T-2-4

Function Settings

Setting items Displayed Screen Setting value (IEEE 2600.1 certification machine)

Setting value (at the time of shipment)

Report with TX Image [Send] > [Common Settings] > [TX Report] OFF ON[Send] > [Fax Settings] > [Fax TX Report]

Use Remote Fax [Send] > [Fax Settings] > [Remote Fax Settings] > [Use Remote Fax]

OFF OFF

Restrict Printer Jobs*3 [Printer] > [Restrict Printer Jobs] ON OFF Use Fax Memory Lock*4 [Receive/Forward] > [Common Settings] > [Set

Fax/I-Fax Inbox]ON OFF

Use I-Fax Memory Lock*5

[Receive/Forward] > [Common Settings] > [Set Fax/I-Fax Inbox]

ON OFF

Limit Box PIN to 7 Digits/Restrict Access

[Store/Access Files] > [Mail Box Settings] > [Box Security Settings]

ON OFF

Print upon Storing from Printer Driver

OFF ON

Print upon Storing from Printer Driver

[Store/Access Files] > [Mail Box Settings] > [Settings for All Mail Boxes]

OFF ON

Management Settings

Setting items Displayed Screen Setting value (IEEE 2600.1 certification machine)

Setting value (at the time of shipment)

Settings/Reg. Value [Device Management] > [Device Information Delivery Settings] > [Restrict Receiving for Each Function]

ON*1 ON

Audit Log Retrieval*6 [Device Management] > [Audit Log Retrieval] ON OFFRemote Operation Settings*7

[License/Other] > [Remote Operation Settings] OFF *1 OFF

*1Indicates a setting that is the same as the default setting.*2If you set [Restrict Auto Reset Time] to ‘On’, general users become unable to operate the following functions:

[Auto Reset Time] in [Preferences] (Settings/Registration)[Function After Auto Reset] in [Preferences] (Settings/Registration)

*3To permit reception of secured print jobs, it is necessary to set [Rsrvd Jobs + Secured Print] separately. For more information on the settings, see e-Manual > Print > Setting the Machine

T-2-5

T-2-6

2

22-6

2-6

Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1)


(PS/PCL/UFR II Printer) > Restricting Printer Jobs, included with this product.*4After unifying the settings, the Fax Memory Lock setting is changed to ‘On’ in [Memory RX Inbox] in [Fax/I-Fax Inbox] in [Main Menu].*5After unifying the settings, the I-Fax Memory Lock setting is changed to ‘On’ in [Memory RX Inbox] in [Fax/I-Fax Inbox] in [Main Menu].*6To maintain the reliability of the time recorded on the audit log, if [Audit Log Retrieval] is set to ‘On’, administrators and general users are restricted from setting [Adjust Time] in [Timer/Energy Settings] in [Preferences] (Settings/Registration).*7Indicates an item displayed when the Remote Operator’s Software Kit is enabled.

■ Setting value (IEEE 2600.1)1. The Advanced Box is disabled since it is not targeted for audit log. 2. Memory media is disabled since the information may be carried away.

Setting value (IEEE 2600.1) Setting value (at the time of shipment)

3. A general user cannot change the setting to "0 min=off" by "0 mins" since it disables auto logout due to session timeout, which increases risks such asscreen hijacking as the user forgets to log out.


4. Execution of Unified Security Settings disables network connection in the communication whose IPSec policy has not been set, since encrypted data cannotbe received. OFF is set for AppleTalk and NetWare since IPSec cannot be used.


T-2-7

T-2-8

T-2-9

2

22-7

2-7



Use NetWare > OFFUse AppleTalk > OFF


5. "Read Only" is set for SNMPv1, SNMPv2 and SNMPv3 in the MIB access restriction setting since the use of MIB allows the user to change the devicesetting without the user authentication from Remote UI.

SNMPv1

SNMPv3


6. OFF is set for the image display of TX report since images printed in the TX report may result in the leakage of information.

T-2-10

F-2-2

T-2-11


7. Report with TX Image


T-2-12

T-2-13

2

22-8

2-8



8. The remote fax reception function is configured not to be used since its job is executed without the SSO-H user authentication.


9. Restrict Printer Jobs


10. Use Fax Memory Lock


T-2-14

T-2-15

T-2-16

11. ON is selected for "Use I-Fax Memory Lock" to prevent the received I-Fax job from being printed without limit.


12. • The number of digits for Mail Box PIN is fixed to 7, however, since the PIN less than 7 digits

created before the execution of Unified Security Settingsremains enabled, the Mail Box PIN needs to be reset.

• Only secured print is accepted to prevent PDL print from taken away. The printer driver setting for PC is also necessary. Direct print is also disabled.


T-2-17

T-2-18

2

22-9

2-9



13. The proof print setting (Print When Storing from Printer Driver) in the settings/registration of each Mail Box is grayed out to prohibit general users fromindividually changing the settings.


14. ON (restricted) is set for [Device Information Delivery Settings] > [Restrict Receiving for Each Function] > [Settings/Registration Value] so that the setting will not be changed by the device information delivery from other devices.


T-2-19

T-2-20

15. Audit Log Retrieval


16. OFF is set for Remote Operation Settings so that the Control Panel of the host machine cannot be operated from Remote UI.


T-2-21

T-2-22

2

22-10

2-10

Functions > New Function > Audit Log (Standard Function of This Machine)

Functions > New Function > Audit Log (Standard Function of This Machine)

■ Installation locationSettings/Registration > [Management Settings] > [Device Management] > [Unified Security Settings]

Checking the Unified Security SettingsAfter the execution of Unified Security Settings, [Start Unifying] key is grayed out and the message "Security is set to the unified settings." is displayed.

F-2-3

F-2-4

Audit Log (Standard Function of This Machine)The following logs are newly generated to audit the user operation.The following shows the description of each log. The 4-digit number next to the log name indicates the type of exported log.

User authentication log and user management log (4098) • Logs generated when the user authentication using the authentication application

(SSO-H) succeeded/failed • Logs generated when registering, editing, deleting, importing and exporting users in

the authentication application (SSO-H) • Logs generated when registering, editing, deleting, importing and exporting roles in

the authentication application (SSO-H)Job log (1001)

Operation of PRINT/COPY/SCANTransmission/reception log (8193)

Transmission of SENDMail Box document operation log (8197) and Mail Box authentication log (8199)

• Target box: Mail Box, Memory RX Inbox, Fax Inbox * Advanced Box and Hold Box are not targeted.

• Logs generated when copying, moving and deleting the document in the Mail Box or changing the name of the document in the Mail Box

• Logs generated when Mail Box PIN authentication succeeded

Network connection log (IPSec only) (8200) Logs generated when the negotiation failed at the time of starting network connection by IPSec

Device management log (8198) • Logs generated when a device is started or shut down • Logs generated when the user mode setting is changed

• Changing the time • Changing On/Off for the network port • Changing the items to be set in the 2600 security setting (Unified Security

Settings)

2

22-11

2-11

Functions > New Function > Self Test Function (IPSec)

Functions > New Function > Self Test Function (IPSec)

Log typeUser authentication log 4098Job log 1001/8193Mail Box operation log 8197Mail Box authentication log 8199Management function log 8198Network log 8200User authentication and user management log 3001

NOTE:Logs generated when [Unified Security Settings] is performed to audit logsA log as the operation of Unified Security Settings does not remain. Logs for the individual change of settings are recorded as the device management logs.

Date display format Set the date display format in the service mode LEVEL 2 (COPIER>Option>USER>DATE-DSP).

Setting value Date display format0 YYYY MM/DD1 DD/MM YYYY2 MM/DD/YYYY

Display language The display language of Remote UI is followed. English is displayed when unsupported language has been specified. Display language can also be changed in the service mode setting (COPIER>Option>USER>DATE-DSP).

Display location Settings/Registration: Management Settings : Device Management > Export/Clear Audit Log

• Audit Log Infomation• Export Audit Logs• Delete Audit Logs

T-2-23

T-2-24

Limitations: 1. Collected logs are stored in a file in order. The logs are not guaranteed to be stored in chronological order since those of different storage destinations or typesare collected. 2. The number of managed logs is 20,000. "Delete logs from device after export" can also be selected at the time of log export. When the log collection function is stopped after it once started, logs which have been collected up to that point continue to be kept instead of being deleted. 3. Logs are not targeted for backup/restoration. 4. When the display language of a device is changed from the time of log generation to the time of log export, garbled characters may appear when CSV file is browsed.

Self Test Function (IPSec)Self test function of the IPSec encryption module is added.

- When a device is started, whether it operates normally against the encryption module used by IPSec is verified.

• Verification of the falsification of encryption library • Verification of the operation of encryption algorithm

• Service call occurs when the result of verification fails. • Occurrence factor: Damaged data in the HDD, etc.

Detail: Self test of encryption module is performed when a device is started. E615-0001 is displayed when an error occurs as a result of the self test. Error code indicates that the encryption module has been damaged. Software upgrade needs to be performed from HDD format. When E615 occurs, normal operation is not guaranteed for neither clear text nor IPSec network communication.

F-2-5

3

3 Installation

Installation ■Points to Note About Installation ■Installation Overview ■Checking the Operation After Making the Settings

3

33-2

3-2

Installation > Points to Note About Installation > Handling the Options with VOID Seal

Installation > Points to Note About Installation > Handling the Options with VOID Seal

Points to Note About Installation

Before InstallationEnable iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification after installation of the options which is a prerequisite has been completed.

Important

When obtaining IEEE2600.1CC certification, the firmware of the host machine is also a prerequisite for obtaining it. When the firmware is changed to the one usually used in the host machine by the field remedy, the machine is excluded from IEEE2600.1 CC certification. To maintain the status of IEEE2600.1CC certification, install the firmware for the host machine from the CD included in the package of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification.

Handling the Options with VOID SealLMS options are sealed by the VOID seal (seal to prevent falsification). Check that they are sealed before opening. If opened, do not use them because of concern about changed contents.

Important

Check the VOID seal with the user.

The options targeted for VOID seal in the IEEE2600.1 CC certification configuration are as follows.

• iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria• Access Management System Kit-B• HDD Data Encryption & Mirroring Kit-C• Data Erase Kit-C

F-3-1

3

33

3

Installation > Installation Overview > The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification".


Installation Overview

The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification".

Products required when installing iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification

HDD Data Encryption & Mirroring Kit-C *1 Access Management System-B *1 Data Erase Kit-C *1 Canon imageRUNNER ADVANCE 4000 Series *2

*1 Check that VOID seals are affixed to HDD Data Encryption/Mirroring Kit-C, Access Management System-B, and Data Erase Kit-C.

*2 Visually check the host machine hardware to ensure that there is no sign of falsification or fraudulent switching of parts.

1. Installing the Hardware

Installing the Host Machine (Refer to imageRUNNER ADVANCE 4051/4045/4035/4025 Series Service Manual: Installation.)

Installing the Encryption/ Mirroring Board (Refer to imageRUNNER ADVANCE 4051/4045/4035/4025 Series Service Manual: Installation > Combination of HDD Options.)

2. Installing the System

1) Remove the VOID seal from the IEEE2600 certification kit, take out the CD-ROM and register the firmware to SST.

2) Install the registered firmware after formatting according to the following Installation Procedure.HDD Data Encryption & Mirroring Kit-C Series HDD Data Encryption Kit-C Series Installation Procedure (Refer to FT1-0323.)

3) Install the 2600 CC certification firmware.

3. License CertificationEnable all the following licenses.

Access Management System-B Data Erase Kit-C iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification

4. Change in Login Service1) Using SMS, change the login service of the host machine to SSO-H.

Choose "Service Management Service" with a screen of "Remote UI : Portal". Login in Service Management Service. In System Management > Enhanced System Application Management > Login

Service,push the switch button of Single Sigen-On H.

2) After registration, restart the host machine to enable the setting.

5. IEEE2600 Unified Security Settings

Settings/Registration / Registration > Management Settings > Device Management Settings > Unified Security Settings

3

34

4



6. Checking the Version and Configuration1) Check that the following version matches with the version described in the User's

Guide.

<Controller version> 9100.0.408

<Scanner version> 201.101

<Canon MFP Security Chip *> 2.01 (* Refers to the encryption board included in the HDD Data Encryption & Mirroring Kit.)

2) Counter check screen > Device configuration checkCheck that the following 4 options are displayed.

ACCESS MANAGEMENT SYSTEM Data erase Security Kit-B1 for IEEE2600.1

3) Counter check screen > MEAP counter checkCheck that the following version matches with the version described in the User's Guide.

<MEAP Contents>: 10.14

Check that a key mark is displayed at the bottom of the Touch Panel Display when encryption is recognized.

3

33-5

3-5

Installation > Checking the Operation After Making the Settings > Setting by the Device


Checking the Operation After Making the Settings

Checking the Ping When IPSec is in OperationIn IEEE2600 certification, all communication is encrypted by IPSec when the device communicates via network. Therefore, encryption communication needs to be established with the other party's PC when sending a ping from the device. Ask the user to check the connection. Refer to the following procedure if it is necessary to assume troubleshooting and understand the connection work performed by the user. Under this environment, the response of ping can be confirmed, which has been sent to the PC with which the encryption communication has been established.The procedure introduces the setting by which the communication only between a device connected to the local network and a PC on which Windows7 operates isenabled.

Setting by the DeviceComplete the device setting before executing Settings/Registration >[Preferences] > [Device Management] > [Unified Security Settings].Settings/Registration > Preferences > Network > TCP/IP Settings > IPSec Settings

Press the Reg button when no policy has been specified. Press Edit when changing a policy which has already been created.

F-3-2

Enter a policy name and perform each setting in order.

Selector SettingsLocal Address > All IP AddressesRemote Address > All IP Addresses

F-3-3

F-3-4

3

33-6

3-6



Local Port > All PoartsRemote Port > All Poarts

IKE SettingsAuthentication Method > Shared Key, Enter "canon" here. This character string is used in the PC setting of the next section.

F-3-5

F-3-6

IPSec Network SettingsLeave everything as they are by default. Validity > 480 minsSize > 0 MBPFS > OFFAuth./Encryption > Auto

Reference:You can compare it when You output a list of IPSec policy when a change entered later.Settings/Registration > Preferences > Network > TCP/IP Settings > IPSec Settingsthen List Print

F-3-7

F-3-8

3

33-7

3-7

Installation > Checking the Operation After Making the Settings > Overview of the Security Policy Setting

Installation > Checking the Operation After Making the Settings > Overview of the Security Policy Setting

Setting by the PCCommunication condition of the PC:

In this procedure, the PC performs encryption communication with a device connected by IPSec encryption. It communicates with a device which has not been encrypted without encryption.

Checking the setting: Encryption communication is regarded as successful when a ping is sent from the device as usual and a response is returned after performing the setting accordingto the procedure

F-3-9

Overview of the Security Policy SettingIn this procedure, a new policy is created by selecting Control Panel > All Control Panel Items > Administrative Tools > Windows Firewall with Advanced Security.Flow of setting procedure:

Setting location Setting item

Windows Firewall with Advanced Security on Local Computer

Windows Firewall Properties Control Panel > All Control Panel Items > Administrative Tools > Windows Firewall with Advanced Security

IPsec Settings Windows Firewall with Advanced Security on Local Computer

IPsec defaults CustomizeKey exchage(Main Mode)

Advanced > Customize > Edit Security Method > AddIntegrity algorithm : SHA-1Encryption algorithm : AES-CBC 128Key exchange algorithm : Diffie-Hellman Group 2Do not choose "Use Deffie-Hellman for enhanced security" in Key exchange options

Data protection (Quick Mode)

Select "Require encryption for all connection security rules that use these settings."Add Intergrity and Encryption Algorithms,Protocol : ESP (recommended)Algorithms : AES-CBC 128Integrity algorithm : SHA-1

Authentication methodAuthentication method > Advanced > Customize > First Authentication > Add First Authentication Method >Preshared key (not recommended) (Ex: canon)

Connection Security Rules Windows Firewall Properties Control Panel > All Control Panel Items > Administrative Tools >

Windows Firewall with Advanced SecurityConnection Security Rules

Rule Type CustomEndpoints Any IP addressRequirements Require authentication for inbound and outbound connetionsAuthentication Method DefaultProtocol and Ports Protocol type : AnyProfile Select : Domain, Private, PublicName Any (Ex : test)

Connection Security RulesEnable Rule Select the created policy and assign it by right-clicking the mouse.

T-3-1

3

33-8

3-8

Installation > Checking the Operation After Making the Settings > IPSec defaults > Customize


IPsec SettingCreate a new IP Security Policy.

Select Start > Control Panel > System and Security > Administrative Tools > Local Security Policy.

Select the Windows Firewall Properties.F-3-10

F-3-11

IPSec defaults > Customize

F-3-12

3

33-9

3-9



Key exchage(Main Mode)Advanced > Customize > Edit Security Method > AddIntegrity algorithm : SHA-1Encryption algorithm : AES-CBC 128Key exchange algorithm : Diffie-Hellman Group 2Do not choose "Use Deffie-Hellman for enhanced security" in Key exchange options

F-3-13

Note:Delete the security method that is set by default.

Data protection (Quick Mode)Select "Require encryption for all connection security rules that use these settings."Add Intergrity and Encryption Algorithms,Protocol : ESP(recommended)Algorithms : AES-CBC 128Integrity algorithm : SHA-1

Note:Delete the security method that is set by default.

F-3-14

3

33-10

3-10

Installation > Checking the Operation After Making the Settings > Connection Security Rules


Authentication methodAuthentication method > Advanced > Customize > First Authentication > Add First Authentication Method >Preshared key (not recommended) (Ex: canon)

Note:This character string is used in the Device setting of the befor section.

F-3-15

F-3-16

Connection Security RulesThe setting can be done in the wizard format. The following shows each setting screen to be checked after the setting.

Control Panel > All Control Panel Items > Administrative Tools > Windows Firewall with Advanced Security

Open New Conection Security Rule Wizard.F-3-17

F-3-18

3

33-11

3-11



Rule TypeCustom

EndpointsAny IP address

F-3-19

F-3-20

RequirementsRequire authentication for inbound and outbound connetions

Authentication MethodDefault

F-3-21

F-3-22

3

33-12

3-12

Installation > Checking the Operation After Making the Settings > Assigning the Security Policy

Installation > Checking the Operation After Making the Settings > Assigning the Security Policy

Protocol and PortsProtocol type : Any

ProfileSelect : Domain, Private, Public

F-3-23

F-3-24

NameAny (Ex : test)

Assigning the Security PolicyIPsec communication starts when a policy is assigned.

Control Panel > All Control Panel Items > Administrative Tools > Windows Firewall with Advanced Security

Select the created policy and assign it by right-clicking the mouse.

F-3-25

F-3-26

3

33-13

3-13

Installation > Checking the Operation After Making the Settings > Checking the Ping

Installation > Checking the Operation After Making the Settings > Checking the Ping

Checking the PingBe sure to check the ping from the device. At the initial connection, time-out may occur before encryption communication is established, which may result in the connection failure. Execute a ping repeatedly at some interval if connection failed.

Settings/Registration > Preferences > Network > TCP/IP Settings > IPv4 Settings > PING Command Enter the IP address of the PC whose policy has been set. Press the Start button.

Connection is successful when "Response from the host." is displayed.

F-3-27

F-3-28

Reference: When the IP address of a PC is determined by the DHCP server, the IP address cannot be located even by referring to the network setting. Select Start > All Programs > Accessories > Command Prompt and check the IP address by executing ipconfig.

C:\Users>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : 1234.net Link-local IPv6 Address . . . . . : fe80::e5f4:cbb9:2d98:75e6%11 IPv4 Address. . . . . . . . . . . : 172.16.184.175 Subnet Mask . . . . . . . . . . . : 255.255.240.0 Default Gateway . . . . . . . . . : 172.16.191.254

F-3-29

T-3-2

4

4 Maintenance

Maintenance ■Notes when service ■Reference matter in market service

4

44-2

4-2

Maintenance > Notes when service > Recovery after Servicing Work

Maintenance > Notes when service > Recovery after Servicing Work

Notes when service

Supporting the Modified Items After the Release of iR-ADV Security Kit-B1 for IEEE2600.1

1. Means for users to make inquiries about troubles (acceptance of troubles) Support the user inquires by the general escalation procedure. Technicians give users contact information for security-related inquires.

2. Means for users to receive information on modified remedies (notice to users)If the inquiry is judged to be about a security problem as a result of cause investigation by the division in charge, contact the service technician by the normalservice information route about the cause, detail of modification and countermeasure at the site. The service technician explains detail of modification and countermeasure to a user.

3. Remedy procedures for users (follow-up of the remedy for troubles)When applying correction firmware, use "SST", "USB storage", or "CDS"to upgrade the firmware. Before or when applying problem correction firmware, be sure to notify the user. Firmware update via CDS is handled as special upgrading which is differentiated from the normal firmware delivery since its version is that of IEEE2600certification. Obtain the ID and password information in advance for the CDS special upgrading.

Recovery after Servicing WorkWhen the setting of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is changed due to the servicing work (replacement of Main Controller,replacement of HDD, clearing of each service mode), the environment of the host machine needs to be returned to that of IEEE2600 certification.

1. When the firmware of the host machine needs to be installed due to the replacement of the Main Controller, HDD, etc., use the system CD included in thepackage of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification. 2. Restore the contents of user data or settings/registration using the backup made after the IEEE2600 certification environment was created and the exporteddata.3. Refer to the section on the backup data in Appendix of the Service Manual of the host machine for the cleared settings or user data when Function > CLEARis performed or HDD/Main Controller is replaced.

4

44-3

4-3

Maintenance > Reference matter in market service > Functions Which Operates Normally

Maintenance > Reference matter in market service > Functions Which Operates Normally

Reference matter in market service

Functions Which Operates NormallyVersion upgrade by SST

Installation of IPSec Board encrypts communication. In the case of communication between SST and the host machine, system can be installed by SST vianetwork in the same way as the normal service since IPSec function is not used.

ir-adv security kit-b1 for ieee 2600.1 service...

Documents