300 likes | 477 Views
Cosmos Security Feature Overview. Product Planning Group Samsung IT Solutions Business 12 July 2010. Introduction 2. Secure User 3. Secure Data 4. Secure Network 5. Secure Document 6. Secure Management. Contents. 1.Introduction. MFP Security. 1. Introduction.
E N D
Cosmos Security Feature Overview Product Planning Group Samsung IT Solutions Business 12 July 2010
Introduction • 2. Secure User • 3. Secure Data • 4. Secure Network • 5. Secure Document • 6. Secure Management Contents
1.Introduction MFP Security
1. Introduction • As an information input and output device, a MFP requires the same level of security as other IT devices. Both paper-based printed information and electronically stored information pass through MFPs, requiring MFP security to be a part of the overall IT security strategy. • MFP Hardcopy Vulnerability • Unintentional / intentional removal • Copying • Peeking • MFP Electronic Vulnerability • Ethernet (network connection) • Hard Drive (Stored document from fax, E-mail, and scan) • Phone Line (Fax)
MFP Security Threats Document Information Leakage Unauthorized Access Data Disclosure Unauthorized Device Configuration Change Network Intrusion Document Document Multifunctional Device PC PC
MFP Security Framework Secure Management Secure User Track print jobs and manage security configuration Only authorized users can use device functions • Job Auditing / Logging • E-mail notofiation • Enterprise Authentication • Function Level Authorization Secure Data Secure Document Encryption to protect data from information security breach Protect hardcopy documents to prevent document security breach Secure Network • Data Encryption • (Job, HDD, PDF) • Image Overwrite • Secure Scan Image Sending • Confidential Print • Secure Fax • Watermark • Stamp Protect anonymous access to enterprise network through the device • SSL/TLS • IP Sec, IP v6 • Protocol & Port Mgmt. • IP/MAC Filtering
2.Secure User Authentication Authorization Accounting
Secure User • AuthenticationMethod • Basic Authentication • User is asked to login when they select options only available to administrator • Device Authentication • User is asked to login before using all device functions • Application Authentication • User cannot use the selected functions without logging in
Secure User Authentication Mode Application Authentication NEW
Secure User • Local Authentication • Authenticates the users through the local domain by using a user name and password • Remote Authentication • Authenticates the users through the enterprise network authentication environment utilizing LDAP, ADS or SMB. • Role / Group Management • The Administrator can set up the Role and Group Authorization. • The Administrator can assign Role and Group for each user • Accounting • Administrator can assign quota management for each user • There are two accounting Method • Accounting by using Local User Database • Accounting by using SWAS5
Secure User Local Authentication Remote Authentication
Secure User NEW Log in Policy Setting users can try to log-in 3 times in 3 minutes and if they fail, they cannot try to log-in for 3 minutes.
Secure User Role Management Local Accounting
Secure User User Profile
3.Secure Data Data Encryption / Digital Signature
Secure Data • HDD Encryption • When the data stored in HDD, the data is encrypted. When data is read out, the data is decrypted. • Encryption algorithm –AES 256/CBC • If the HDD is stolen, no one can read the Data • HDD Image Overwrite • Image Overwrite Function to erase the data created during the copying, copying scanning. • Overwrite Method • DoD 5220.28M, Australian ASCI 33, German standard VSITR, Custom (1 time~9times) • Encrypted PDF • Encryption of Scanned PDF files • Selectable Encryption Level • High (128-bit AES: Acrobat 7.0 or later) • Middle (128bit RC4: Acrobat 5.0 or later) • Low (40bit RC4: Acrobat 3.0 or later) • PDF with digital signature • Digital signature ensures for author and not modifying in transmission • Secure E-Mail (SMTPs)-Scan to E-Mail • From MFP to SMTP server data is sent thorough secure channel ( SSL)
Secure Data HDD Image Overwrite Area HDD Image Overwrite Method
Secure Data- Secure PDF (PDF Encryption) • Architecture (Description / Figure) • User can make or select the certificate for Digital Signature via SWS2.0 • Set supports the option to add digital signature in PDF. Add Digital Signature Secure PDF • Secure PDF provides to add passwords and restrictions to document
Secure Data - Secure PDF (PDF Encryption) • Architecture • During opening, pop-up window asks the password. • (Input User or Owner Password) • We can apply RC4 or AES128 algorithm. User PW : 123 User PW : 123
4.Secure Network Network Security
Secure Network • SSL / TLS • Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide security and data integrity for communications over TCP/IP networks • SNMPv3 • SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. SNMPv3 has enhanced security feature and Administration capability • IP Sec <IPv4, IPv6> • IPSec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication
Secure Network • Protocol and Port Management • Protocol Management can select whether a network protocol is used or not. According to a user’s network policy, some protocols can be disabled and this can protect an MFP from an external network attack like a port scan. Additionally Protocol Management can reduce network traffic. • IP / MAC address filtering • IP Filtering to configure available IP Address Ranges. Only registered IP devices can print or scan through network. This can protect MFPs from unknown network devices • MAC address filtering is capable of rejecting the request comes from particular Ethernet MAC address
Network Security IP Address Filtering MAC Address Filtering
5.Secure Document Hardcopy Security
Secure Document • Confidential Print • Restricting unauthorized people to access / see the printed documents. • User input the PIN number through printer driver when sending the document to the device • Print out procedure • Walk up to device Job Status button Select Secured Job Input User ID and PIN number Select Job Pint out • Secure Fax • Restricting unauthorized people to access / see the received Fax • All received Fax documents are stored in memory • Print out procedure Same as Confidential Print
Secure Document 26 • Watermark for Copy • Print text over copied documents • “Top Secret” “Urgent” “Confidential” “Draft” Customized Charactors are selectable • Print Page ( All or First Page only), Text Color / Size, Printing Position are Selectable • Stamp • Add tracking information on copied document • Item: Page Number, Time & Date, User ID • Print Page (All or First Page only), Text Color / Size, Printing Position are selectable
Secure Document Watermark Setting Stamp Setting 27
6.Secure Management Track Jobs, Operation, Security Event
Secure Management • Logging • Job Log • Who (ID), Job Function (Print, Scan, Copy…..), When • Security Event Log • Security related event Log (Authentication, PWD Change…) • Operation Log • Operation Log (Configuration Change etc. ) • Email Notification • Job Complete Notification • Notifies job completion alert via e-mail • Device Alert Notification • Notifies error status via e-mail to administrator 29