1 / 30

Cosmos Security Feature Overview

Cosmos Security Feature Overview. Product Planning Group Samsung IT Solutions Business 12 July 2010. Introduction 2. Secure User 3. Secure Data 4. Secure Network 5. Secure Document 6. Secure Management. Contents. 1.Introduction. MFP Security. 1. Introduction.

Download Presentation

Cosmos Security Feature Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010

  2. Introduction • 2. Secure User • 3. Secure Data • 4. Secure Network • 5. Secure Document • 6. Secure Management Contents

  3. 1.Introduction MFP Security

  4. 1. Introduction • As an information input and output device, a MFP requires the same level of security as other IT devices. Both paper-based printed information and electronically stored information pass through MFPs, requiring MFP security to be a part of the overall IT security strategy. • MFP Hardcopy Vulnerability • Unintentional / intentional removal • Copying • Peeking • MFP Electronic Vulnerability • Ethernet (network connection) • Hard Drive (Stored document from fax, E-mail, and scan) • Phone Line (Fax)

  5. MFP Security Threats Document Information Leakage Unauthorized Access Data Disclosure Unauthorized Device Configuration Change Network Intrusion Document Document Multifunctional Device PC PC

  6. MFP Security Framework Secure Management Secure User Track print jobs and manage security configuration Only authorized users can use device functions • Job Auditing / Logging • E-mail notofiation • Enterprise Authentication • Function Level Authorization Secure Data Secure Document Encryption to protect data from information security breach Protect hardcopy documents to prevent document security breach Secure Network • Data Encryption • (Job, HDD, PDF) • Image Overwrite • Secure Scan Image Sending • Confidential Print • Secure Fax • Watermark • Stamp Protect anonymous access to enterprise network through the device • SSL/TLS • IP Sec, IP v6 • Protocol & Port Mgmt. • IP/MAC Filtering

  7. 2.Secure User Authentication Authorization Accounting

  8. Secure User • AuthenticationMethod • Basic Authentication • User is asked to login when they select options only available to administrator • Device Authentication • User is asked to login before using all device functions • Application Authentication • User cannot use the selected functions without logging in

  9. Secure User Authentication Mode Application Authentication NEW

  10. Secure User • Local Authentication • Authenticates the users through the local domain by using a user name and password • Remote Authentication • Authenticates the users through the enterprise network authentication environment utilizing LDAP, ADS or SMB. • Role / Group Management • The Administrator can set up the Role and Group Authorization. • The Administrator can assign Role and Group for each user • Accounting • Administrator can assign quota management for each user • There are two accounting Method • Accounting by using Local User Database • Accounting by using SWAS5

  11. Secure User Local Authentication Remote Authentication

  12. Secure User NEW Log in Policy Setting users can try to log-in 3 times in 3 minutes and if they fail, they cannot try to log-in for 3 minutes.

  13. Secure User Role Management Local Accounting

  14. Secure User User Profile

  15. 3.Secure Data Data Encryption / Digital Signature

  16. Secure Data • HDD Encryption • When the data stored in HDD, the data is encrypted. When data is read out, the data is decrypted. • Encryption algorithm –AES 256/CBC • If the HDD is stolen, no one can read the Data • HDD Image Overwrite • Image Overwrite Function to erase the data created during the copying, copying scanning. • Overwrite Method • DoD 5220.28M, Australian ASCI 33, German standard VSITR, Custom (1 time~9times) • Encrypted PDF • Encryption of Scanned PDF files • Selectable Encryption Level • High (128-bit AES: Acrobat 7.0 or later) • Middle (128bit RC4: Acrobat 5.0 or later) • Low (40bit RC4: Acrobat 3.0 or later) • PDF with digital signature • Digital signature ensures for author and not modifying in transmission • Secure E-Mail (SMTPs)-Scan to E-Mail • From MFP to SMTP server data is sent thorough secure channel ( SSL)

  17. Secure Data HDD Image Overwrite Area HDD Image Overwrite Method

  18. Secure Data- Secure PDF (PDF Encryption) • Architecture (Description / Figure) • User can make or select the certificate for Digital Signature via SWS2.0 • Set supports the option to add digital signature in PDF. Add Digital Signature Secure PDF • Secure PDF provides to add passwords and restrictions to document

  19. Secure Data - Secure PDF (PDF Encryption) • Architecture • During opening, pop-up window asks the password. • (Input User or Owner Password) • We can apply RC4 or AES128 algorithm. User PW : 123 User PW : 123

  20. 4.Secure Network Network Security

  21. Secure Network • SSL / TLS • Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks • SNMPv3 • SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. SNMPv3 has enhanced security feature and Administration capability • IP Sec <IPv4, IPv6> • IPSec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication

  22. Secure Network • Protocol and Port Management • Protocol Management can select whether a network protocol is used or not. According to a user’s network policy, some protocols can be disabled and this can protect an MFP from an external network attack like a port scan. Additionally Protocol Management can reduce network traffic. • IP / MAC address filtering • IP Filtering to configure available IP Address Ranges. Only registered IP devices can print or scan through network. This can protect MFPs from unknown network devices • MAC address filtering is capable of rejecting the request comes from particular Ethernet MAC address

  23. Network Security IP Address Filtering MAC Address Filtering

  24. 5.Secure Document Hardcopy Security

  25. Secure Document • Confidential Print • Restricting unauthorized people to access / see the printed documents. • User input the PIN number through printer driver when sending the document to the device • Print out procedure • Walk up to device Job Status button  Select Secured Job Input User ID and PIN number Select Job  Pint out • Secure Fax • Restricting unauthorized people to access / see the received Fax • All received Fax documents are stored in memory • Print out procedure  Same as Confidential Print

  26. Secure Document 26 • Watermark for Copy • Print text over copied documents • “Top Secret” “Urgent” “Confidential” “Draft” Customized Charactors are selectable • Print Page ( All or First Page only), Text Color / Size, Printing Position are Selectable • Stamp • Add tracking information on copied document • Item: Page Number, Time & Date, User ID • Print Page (All or First Page only), Text Color / Size, Printing Position are selectable

  27. Secure Document Watermark Setting Stamp Setting 27

  28. 6.Secure Management Track Jobs, Operation, Security Event

  29. Secure Management • Logging • Job Log • Who (ID), Job Function (Print, Scan, Copy…..), When • Security Event Log • Security related event Log (Authentication, PWD Change…) • Operation Log • Operation Log (Configuration Change etc. ) • Email Notification • Job Complete Notification • Notifies job completion alert via e-mail • Device Alert Notification • Notifies error status via e-mail to administrator 29

  30. END

More Related