Read Sharp MX-PE10 FIERY (serv.man47) Regulatory Data online
Fiery Security White Paper
Fiery FS100 and FS100 Pro, Version 2.6.1
Date of Issue: 01/23/2013
White Paper Series
2
Fiery Security White Paper
Table of Contents
1 Document Overview .............................................................................. 3
1.1 Electronics For Imaging (EFI) Security Philosophy .............................. 3
1.2 Configure the Security Feature Via Fiery Configure ............................ 3
1.1 Electronics For Imaging (EFI) Security Philosophy .............................. 3
1.2 Configure the Security Feature Via Fiery Configure ............................ 3
2 Hardware and Physical Security ............................................................ 4
2.1 Volatile Memory .................................................................................. 4
2.2 Non-Volatile Memory and Data Storage ............................................. 4
2.2.1 Flash Memory ............................................................................... 4
2.2.2 CMOS ........................................................................................... 4
2.2.3 NVRAM ......................................................................................... 4
2.2.4 Hard Disk Drive ............................................................................. 4
2.2.5 Physical Ports ................................................................................ 4
2.3 Local Interface .................................................................................... 4
2.4 Removable HDD Kit Option ................................................................ 4
2.4.1 For External Servers ...................................................................... 4
2.4.2 For Embedded Servers ................................................................. 4
2.1 Volatile Memory .................................................................................. 4
2.2 Non-Volatile Memory and Data Storage ............................................. 4
2.2.1 Flash Memory ............................................................................... 4
2.2.2 CMOS ........................................................................................... 4
2.2.3 NVRAM ......................................................................................... 4
2.2.4 Hard Disk Drive ............................................................................. 4
2.2.5 Physical Ports ................................................................................ 4
2.3 Local Interface .................................................................................... 4
2.4 Removable HDD Kit Option ................................................................ 4
2.4.1 For External Servers ...................................................................... 4
2.4.2 For Embedded Servers ................................................................. 4
3 Network Security .................................................................................... 5
3.1 Network Ports ..................................................................................... 5
3.2 IP Filtering ........................................................................................... 5
3.3 Network Encryption ............................................................................ 5
3.3.1 IPsec ............................................................................................. 5
3.3.2 SSL and TLS .................................................................................. 5
3.3.3 Certificate Management ............................................................... 6
3.4 IEEE 802.1X ........................................................................................ 6
3.5 SNMP V3 ............................................................................................. 6
3.6 Email Security ..................................................................................... 6
3.6.1 POP before SMTP......................................................................... 6
3.6.2 OP25B ........................................................................................... 6
3.1 Network Ports ..................................................................................... 5
3.2 IP Filtering ........................................................................................... 5
3.3 Network Encryption ............................................................................ 5
3.3.1 IPsec ............................................................................................. 5
3.3.2 SSL and TLS .................................................................................. 5
3.3.3 Certificate Management ............................................................... 6
3.4 IEEE 802.1X ........................................................................................ 6
3.5 SNMP V3 ............................................................................................. 6
3.6 Email Security ..................................................................................... 6
3.6.1 POP before SMTP......................................................................... 6
3.6.2 OP25B ........................................................................................... 6
4 Access Control ........................................................................................ 7
4.1 User Authentication ............................................................................ 7
4.2 Fiery Software Authentication ............................................................ 7
4.1 User Authentication ............................................................................ 7
4.2 Fiery Software Authentication ............................................................ 7
5 Operating System Environment ........................................................... 8
5.1 Start Up Procedures ........................................................................... 8
5.2 Linux ................................................................................................... 8
5.2.1 Linux Anti-Virus Software .............................................................. 8
5.3 Windows 7 Professional ..................................................................... 8
5.3.1 Microsoft Security Patches ........................................................... 8
5.3.2 SMS Tools ...................................................................................... 8
5.3.3 Windows Anti-Virus Software ....................................................... 8
5.4 Email Viruses ....................................................................................... 8
5.1 Start Up Procedures ........................................................................... 8
5.2 Linux ................................................................................................... 8
5.2.1 Linux Anti-Virus Software .............................................................. 8
5.3 Windows 7 Professional ..................................................................... 8
5.3.1 Microsoft Security Patches ........................................................... 8
5.3.2 SMS Tools ...................................................................................... 8
5.3.3 Windows Anti-Virus Software ....................................................... 8
5.4 Email Viruses ....................................................................................... 8
6 Data Security ........................................................................................... 9
6.1 Encryption of Critical Information ....................................................... 9
6.2 Standard Printing ................................................................................ 9
6.2.1 Hold, Print and Sequential Print Queues ...................................... 9
6.2.2 Printed Queue ............................................................................... 9
6.2.3 Direct Queue (Direct Connection) ................................................ 9
6.2.4 Job Deletion .................................................................................. 9
6.2.5 Secure Erase ................................................................................. 9
6.2.6 System Memory ..........................................................................10
6.3 Secure Print .......................................................................................10
6.3.1 Workflow ......................................................................................10
6.4 Email Printing .....................................................................................10
6.5 Job Management ...............................................................................10
6.6 Job Log ..............................................................................................10
6.7 Setup ..................................................................................................10
6.8 Scanning ............................................................................................10
6.1 Encryption of Critical Information ....................................................... 9
6.2 Standard Printing ................................................................................ 9
6.2.1 Hold, Print and Sequential Print Queues ...................................... 9
6.2.2 Printed Queue ............................................................................... 9
6.2.3 Direct Queue (Direct Connection) ................................................ 9
6.2.4 Job Deletion .................................................................................. 9
6.2.5 Secure Erase ................................................................................. 9
6.2.6 System Memory ..........................................................................10
6.3 Secure Print .......................................................................................10
6.3.1 Workflow ......................................................................................10
6.4 Email Printing .....................................................................................10
6.5 Job Management ...............................................................................10
6.6 Job Log ..............................................................................................10
6.7 Setup ..................................................................................................10
6.8 Scanning ............................................................................................10
7 Conclusion ..............................................................................................11
Copyright © 2012 Electronics For Imaging, Inc. All rights reserved.
This publication is protected by copyright, and all rights are reserved. No part of it may be copied, reproduced, distributed, disclosed or transmitted in any form or by any means for any purpose without express prior written
consent from Electronics For Imaging. Information in this document is subject to change without notice and does not represent a commitment on the part of Electronics For Imaging. Electronics For Imaging, Inc. assumes
no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind (express, implied or statutory) with respect to this publication, and expressly disclaims any and all warranties of merchantability,
fitness for particular purposes, and non-infringement of third party rights. The software described in this publication is furnished under license and may only be used or copied in accordance with the terms of such license.
This publication is protected by copyright, and all rights are reserved. No part of it may be copied, reproduced, distributed, disclosed or transmitted in any form or by any means for any purpose without express prior written
consent from Electronics For Imaging. Information in this document is subject to change without notice and does not represent a commitment on the part of Electronics For Imaging. Electronics For Imaging, Inc. assumes
no responsibility or liability for any errors or inaccuracies, makes no warranty of any kind (express, implied or statutory) with respect to this publication, and expressly disclaims any and all warranties of merchantability,
fitness for particular purposes, and non-infringement of third party rights. The software described in this publication is furnished under license and may only be used or copied in accordance with the terms of such license.
3
1 Document Overview
This document gives end users an overview
of the Fiery
of the Fiery
®
server’s architecture and
functional aspects as they relate to device
security in Fiery FS100 Pro/FS100.
Fiery server is available in two options, an
embedded server option and a stand-alone
server option. This document refers to the
embedded server option as integrated Fiery
server and refers to both options as Fiery
server. It covers hardware, network security,
access control, operating system and data
security. The document’s intent is to help
end users understand all the Fiery server’s
security features that they can benefit from
and to understand its potential vulnerabilities.
security in Fiery FS100 Pro/FS100.
Fiery server is available in two options, an
embedded server option and a stand-alone
server option. This document refers to the
embedded server option as integrated Fiery
server and refers to both options as Fiery
server. It covers hardware, network security,
access control, operating system and data
security. The document’s intent is to help
end users understand all the Fiery server’s
security features that they can benefit from
and to understand its potential vulnerabilities.
1.1 Electronics For Imaging (EFI)
Security Philosophy
EFI
™
understands that security is one of the top concerns
for business worldwide today, so we’ve built strong security
features into the Fiery servers to protect companies’ most
valuable assets. We also proactively work with our global
partners and our cross-functional teams to determine
companies’ current and future security requirements, so
security is never an issue with our products. As always,
we still recommend that end users combine Fiery security
features with other safeguards, such as secure password
and strong physical security procedures, to achieve overall
system security.
features into the Fiery servers to protect companies’ most
valuable assets. We also proactively work with our global
partners and our cross-functional teams to determine
companies’ current and future security requirements, so
security is never an issue with our products. As always,
we still recommend that end users combine Fiery security
features with other safeguards, such as secure password
and strong physical security procedures, to achieve overall
system security.
1.2 Configure the Security Feature
via Fiery Configure
An Administrator of a Fiery server can configure all Fiery
features via Fiery Configure. Fiery Configure can be launched
from Fiery Command WorkStation
features via Fiery Configure. Fiery Configure can be launched
from Fiery Command WorkStation
®
or Webtools
™
under the
configure tab.
4
2 Hardware and Physical Security
2.1 Volatile Memory
The Fiery server uses volatile RAM for the CPU’s local memory
and for the operating system, Fiery system software and image
data’s working memory. Data that is written to RAM is held while
the power is on. When the power is turned off, all data is deleted.
and for the operating system, Fiery system software and image
data’s working memory. Data that is written to RAM is held while
the power is on. When the power is turned off, all data is deleted.
2.2 Non-Volatile Memory and Data Storage
The Fiery server contains several types of non-volatile data
storage technologies to retain data on the Fiery server
when the power is turned off. This data includes system
programming information and user data.
storage technologies to retain data on the Fiery server
when the power is turned off. This data includes system
programming information and user data.
2.2.1 Flash Memory
Flash memory stores the self diagnosis and boot program
(BIOS) and some system configuration data. This device is
programmed at the factory and can be reprogrammed only
by installing special patches created by EFI. If the data is
corrupted or deleted, the system does not start.
A portion of the flash memory also is used to record the
use of dongle to activate Fiery software options.
No user data is stored on this device, and the user does
not have data access on it.
Flash memory stores the self diagnosis and boot program
(BIOS) and some system configuration data. This device is
programmed at the factory and can be reprogrammed only
by installing special patches created by EFI. If the data is
corrupted or deleted, the system does not start.
A portion of the flash memory also is used to record the
use of dongle to activate Fiery software options.
No user data is stored on this device, and the user does
not have data access on it.
2.2.2 CMOS
The battery-backed CMOS memory is used to store the
server’s machine settings. None of this information is
considered confidential or private. Users may access these
settings on a Windows
The battery-backed CMOS memory is used to store the
server’s machine settings. None of this information is
considered confidential or private. Users may access these
settings on a Windows
®
7 Professional Server via the FACI
(local monitor, keyboard and mouse) kit if installed.
2.2.3 NVRAM
There are a number of small NVRAM devices in the
Fiery server that contain operational firmware. These devices
contain “non-customer specific” operational information. The
user does not have access to the data contained on them.
Fiery server that contain operational firmware. These devices
contain “non-customer specific” operational information. The
user does not have access to the data contained on them.
2.2.4 Hard Disk Drive
During normal print and scan operations as well as during
job management information is created, image data is
written to a random area on the Hard Disk Drive (HDD).
Image data and job management information can be deleted
by an Operator or at the end of a pre-set time period, so
image data becomes inaccessible.
To protect the image data from unauthorized access,
EFI provides a Secure Erase feature (see section 6.2.4).
Once enabled by the system administrator, the selected
operation is carried out at the appropriate time to securely
erase deleted data on HDD.
During normal print and scan operations as well as during
job management information is created, image data is
written to a random area on the Hard Disk Drive (HDD).
Image data and job management information can be deleted
by an Operator or at the end of a pre-set time period, so
image data becomes inaccessible.
To protect the image data from unauthorized access,
EFI provides a Secure Erase feature (see section 6.2.4).
Once enabled by the system administrator, the selected
operation is carried out at the appropriate time to securely
erase deleted data on HDD.
2.2.5 Physical Ports
The Fiery server can be connected through the following
external ports:
The Fiery server can be connected through the following
external ports:
Fiery Ports
Function
Access
Access Control
Ethernet RJ-45
connector
Ethernet
connectivity
connectivity
Network connections
(see printing and
network connections
below)
(see printing and
network connections
below)
Use Fiery IP filtering
to control access
to control access
Copier interface
connector
connector
Print/Scan
Dedicated for sending/
receiving to/from the
print engine
receiving to/from the
print engine
N/A
USB Port
USB device
connection
connection
Plug and play
connector designed
for use with optional
removable media
devices
connector designed
for use with optional
removable media
devices
USB printing can be
turned off. Access to
USB storage devices
can be turned off
through Windows’
Group Policy.
turned off. Access to
USB storage devices
can be turned off
through Windows’
Group Policy.
2.3 Local Interface
The user can access the Fiery functions via the FACI kit (if
enabled on a Windows 7 Professional server) or via the Fiery
LCD on Fiery servers. Security access on the Fiery Server
with FACI kit is controlled through Windows administrator
password if the FACI kit is enabled. The Fiery LCD provides
very limited functions that do not impose any security risk.
enabled on a Windows 7 Professional server) or via the Fiery
LCD on Fiery servers. Security access on the Fiery Server
with FACI kit is controlled through Windows administrator
password if the FACI kit is enabled. The Fiery LCD provides
very limited functions that do not impose any security risk.
2.4 Removable HDD Kit Option
The Fiery server supports a Removable Hard Disk Drive
option kit for increased security. This kit provides the user
with the ability to lock the server drive(s) into the system for
normal operation and the ability to remove the drives to a
secure location after powering down the server.
option kit for increased security. This kit provides the user
with the ability to lock the server drive(s) into the system for
normal operation and the ability to remove the drives to a
secure location after powering down the server.
2.4.1 For External Servers
Fiery servers support a Removable Hard Disk Drive option kit.
Whether this option kit is available for a specific Fiery product
depends on the terms of EFI’s development and distribution
agreements with its individual engine manufacturers.
Fiery servers support a Removable Hard Disk Drive option kit.
Whether this option kit is available for a specific Fiery product
depends on the terms of EFI’s development and distribution
agreements with its individual engine manufacturers.
2.4.2 For Embedded Servers
Integrated Fiery servers can only offer a removable HDD
as an option through an authorized Fiery dealer because
the mounting location and brackets for the multifunction
printer (MFP) must be developed jointly with the engine
manufacturer. The option kit is to take the internal HDD
out from embedded chassis and mount to an external and
separately powered enclosure.
Integrated Fiery servers can only offer a removable HDD
as an option through an authorized Fiery dealer because
the mounting location and brackets for the multifunction
printer (MFP) must be developed jointly with the engine
manufacturer. The option kit is to take the internal HDD
out from embedded chassis and mount to an external and
separately powered enclosure.