Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.
30
Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010
-
Upload
rosamund-bishop -
Category
Documents
-
view
223 -
download
0
Transcript of Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010.
Cosmos Security Feature Overview
Product Planning Group
Samsung IT Solutions Business
12 July 2010
ContentsContents
1. Introduction
2. Secure User
3. Secure Data
4. Secure Network
5. Secure Document
6. Secure Management
MFP Security
1.Introduction
4
•As an information input and output device, a MFP requires the same level of security as other IT devices. Both paper-based printed information and electronically stored information pass through MFPs, requiring MFP security to be a part of the overall IT security strategy.
•MFP Hardcopy Vulnerability-Unintentional / intentional removal-Copying-Peeking
•MFP Electronic Vulnerability-Ethernet (network connection)-Hard Drive (Stored document from fax, E-mail, and scan)-Phone Line (Fax)
5
DocumentInformation
Leakage
UnauthorizedAccess
DataDisclosure
UnauthorizedDevice
ConfigurationChange
Network Intrusion
Multifunctional Device
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
Secure Network
Secure Document
Secure Data
Secure Management
Only authorized users can use device functions
•Enterprise Authentication•Function Level Authorization
Protect anonymous access to enterprise network throughthe device
•Data Encryption (Job, HDD, PDF)•Image Overwrite•Secure Scan Image Sending
Encryption to protect data from informationsecurity breach
•SSL/TLS•IP Sec, IP v6•Protocol & Port Mgmt.•IP/MAC Filtering
Protect hardcopy documents to prevent document security breach•Confidential Print•Secure Fax•Watermark•Stamp
Track print jobs and manage security configuration
•Job Auditing / Logging•E-mail notofiation
Secure User
AuthenticationAuthorizationAccounting
2.Secure User
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
8
•Authentication Method•Basic Authentication
•User is asked to login when they select options only available to administrator
•Device Authentication•User is asked to login before using all device functions
•Application Authentication•User cannot use the selected functions without logging in
9
Authentication Mode
Application Authentication
NEW
10
•Local Authentication•Authenticates the users through the local domain by using a user name and password
•Remote Authentication•Authenticates the users through the enterprise network authentication environment utilizing LDAP, ADS or SMB.
•Role / Group Management•The Administrator can set up the Role and Group Authorization.
•The Administrator can assign Role and Group for each user
•Accounting •Administrator can assign quota management for each user
•There are two accounting Method
•Accounting by using Local User Database
•Accounting by using SWAS5
11
Local Authentication
Remote Authentication
12
Log in Policy Settingusers can try to log-in 3 times in 3 minutes and if they fail, they cannot try to log-in for 3 minutes.
NEW
13
Role Management
Local Accounting
14
User Profile
Data Encryption / Digital Signature
3.Secure Data
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
16
• HDD Encryption•When the data stored in HDD, the data is encrypted. When data is read out, the data is decrypted.
• Encryption algorithm –AES 256/CBC• If the HDD is stolen, no one can read the Data
• HDD Image Overwrite• Image Overwrite Function to erase the data created during the copying, copying scanning.•Overwrite Method
•DoD 5220.28M, Australian ASCI 33, German standard VSITR, Custom (1 time~9times)
• Encrypted PDF•Encryption of Scanned PDF files•Selectable Encryption Level
•High (128-bit AES: Acrobat 7.0 or later)•Middle (128bit RC4: Acrobat 5.0 or later)•Low (40bit RC4: Acrobat 3.0 or later)
• PDF with digital signature •Digital signature ensures for author and not modifying in transmission
• Secure E-Mail (SMTPs)-Scan to E-Mail•From MFP to SMTP server data is sent thorough secure channel ( SSL)
17
HDD Image Overwrite Area
HDD Image Overwrite Method
Secure PDF provides to add passwords and restrictions to document
Add Digital Signature
Secure PDF
User can make or select the certificate for Digital Signature via SWS2.0 Set supports the option to add digital signature in PDF.
Architecture (Description / Figure)
Architecture•During opening, pop-up window asks the password.
• (Input User or Owner Password)
•We can apply RC4 or AES128 algorithm. O12_U123_AES.pdf
O12_U123_RC4.pdf
User PW : 123
User PW : 123
Network Security
4.Secure Network
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
21
•SSL / TLS•Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks
•SNMPv3•SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. SNMPv3 has enhanced security feature and Administration capability
• IP Sec <IPv4, IPv6>•IPSec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication
22
•Protocol and Port Management•Protocol Management can select whether a network protocol is used or not. According to a user’s network policy, some protocols can be disabled and this can protect an MFP from an external network attack like a port scan. Additionally Protocol Management can reduce network traffic.
• IP / MAC address filtering•IP Filtering to configure available IP Address Ranges. Only registered IP devices can print or scan through network. This can protect MFPs from unknown network devices•MAC address filtering is capable of rejecting the request comes from particular Ethernet MAC address
23
IP Address Filtering
MAC Address Filtering
Hardcopy Security
5.Secure Document
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
25
•Confidential Print•Restricting unauthorized people to access / see the printed documents.
•User input the PIN number through printer driver when sending the document to the device•Print out procedure
- Walk up to device Job Status button Select Secured Job Input User ID and PIN number Select Job Pint out
•Secure Fax•Restricting unauthorized people to access / see the received Fax
•All received Fax documents are stored in memory•Print out procedure Same as Confidential Print
26
•Watermark for Copy-Print text over copied documents
•“Top Secret” “Urgent” “Confidential” “Draft” Customized Charactors are selectable•Print Page ( All or First Page only), Text Color / Size, Printing Position are Selectable
•Stamp-Add tracking information on copied document
•Item: Page Number, Time & Date, User ID•Print Page (All or First Page only), Text Color / Size, Printing Position are selectable
27
Watermark Setting
Stamp Setting
Track Jobs, Operation, Security Event
6.Secure Management
12
345
SecureUser
SecureData
SecureNetwork
SecureDocument
SecureManagement
29
•Logging-Job Log
•Who (ID), Job Function (Print, Scan, Copy…..), When-Security Event Log
•Security related event Log (Authentication, PWD Change…) -Operation Log
•Operation Log (Configuration Change etc. )
•Email Notification-Job Complete Notification
•Notifies job completion alert via e-mail-Device Alert Notification
•Notifies error status via e-mail to administrator
Secure Management
END
