OPTIMIZING SECURITY WHITEPAPER

OPTIMIZING SECURITY WHITEPAPER
SAFEGUARD YOUR PRINTING ENVIRONMENT
TABLE OF CONTENTS
INTRODUCTION3
Canon’s Océ large format security strategy
4
1. Océ Large Format security policy
Regulatory standards
Following the STIG (Security Technical Implementation Guide)
New products
Vulnerability follow-up
Participation in regulatory bodies
5
5
5
6
6
6
2. Secure controller
Océ controllers and architecture
Océ controllers and Microsoft® Windows® embedded OS
Océ controller security hardening
Secure usage
Secure access
User credentials for access
USB removable media
7
7
7
8
8
8
9
9
3. Safeguard the network
Web access
Network protocols and services
Access control (IP filtering)
HTTPS
Print Files
Controller and antivirus software
10
10
10
10
10
11
11
4. Safeguard user data
Data on the network
HTTPS
IPsec
Data on the device
E-shredding
Hard disk encryption (option)
Protecting password data
Letter of volatility
12
12
12
12
12
12
13
13
13
5. Safeguard data privacy (user authentication)
Secure printing/scanning
Scan to(/Print from) Home (option)
uniFLOW
14
14
14
15
6. Safeguard management and support
Océ controller / OS updates
Controller security patch updates (Microsoft and others)
Servicing the printer system
Security log
Océ PlotWave® and ColorWave® Security Manual
16
16
16
17
17
17
Appendix: overview of security features per product
18
2
INTRODUCTION
In the digital age, sharing information via printers and other networked devices is vital to working efficiently, but it also
involves a certain level of risk. People, search engines and other devices may try to access your confidential business
information. That means security is becoming an increasingly important discussion topic as organizations seek to
protect their valuable assets within their large format working environment.
This Security White Paper is intended for IT administrators who would like to study the security features, system
architecture and network impact of Canon’s Océ large format printing systems. It explains the major security risks which
may be encountered within large format printing environments and the measures we have taken to help you address
them.
This security policy has been developed to ensure that our customers have a secure environment for printing, scanning
and copying with their Océ large format products. Our large format printing systems are designed to meet high security
standards and reduce the risk of any security vulnerability. Our active involvement with customers, government agencies
and security organizations enables us to identify and address new security threats in a timely manner as they arise.
Thanks to these measures, you can be confident that your Océ printing system contributes to a safe and secure IT
environment.
Controller
Management
and support
Network
Security Policy
Data privacy
User data
3
CANON’S OCÉ LARGE FORMAT SECURITY STRATEGY
• Secure controller
• Safeguard the network
• Safeguard user data
• Safeguard data privacy
• Safeguard management and support
The topics covered in this document relate to the following products:
• Océ PlotWave® 300/340/345/360/365/450/500/550/750/900
• Océ ColorWave® 300/500/650/700/810/900/910
A summary of security features per product is available at the end of this document.
Some technical information in this document is subject to change: please consult the Océ Large Format Security
Manual availble on the Canon Solutions America Corporate website (www. csa.canon.com) for the latest details.
4
1. OCÉ LARGE FORMAT SECURITY POLICY
Security Policy
•
•
•
•
Regulatory standards
Apply in New products
Vulnerability follow–up
Participation in regulatory
bodies
Canon is committed to providing customers with systems that optimize their large format workflow while also
providing a secure printing environment. To do this, we have established a comprehensive security policy and security
organization that sets, implements and updates security features in our products.
REGULATORY STANDARDS
The following regulatory standards are used to provide security guidelines for for the Oce large format printing
systems products:
• STIG (Security Technical Implementation Guide)
• Protection Profile for Hardcopy Devices: IPA (Information-technology Promotion Agency, Japan) 2, NIAP (National Information Assurance Partnership USA) 3 and MFP (Multifunction Printer, Community)
FOLLOWING THE STIG (SECURITY TECHNICAL INPLEMENTATION GUIDE)
Since security vulnerability can have a negative impact on customer business, Canon has taken preventative
measures to minimize potential threats by following the multifunction device and network printers STIG. These rules
provide a framework for our security program and aim to:
• Protect the global system integrity against attempts to modify the original controller, which can potentially jeopardize the productivity of the printing and/or scanning process
• Mitigate the risk of the controller being used to penetrate the customer network
• Prevent virus infection and protect against hacking actions
• Protect Océ system resources against illegal use
• Ensure a high level of confidentiality for Canon and customer data
• Increase the robustness of the global system (host application, controller, engines)
• Ensure system availability by avoiding Denial of Service
5
1
https://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=371
2
https://www.ipa.go.jp/index-e.html
3
https://www.niap-ccevs.org /
NEW PRODUCTS
Canon’s Océ-Technologies Research and Development group has implemented the security standard to ensure that
all newly developed products comply with the latest security requirements. These standards are regularly updated
based on changing market requirements.
VULNERABILITY FOLLOW-UP
Canon’s Océ security organization checks the disclosed vulnerabilities related to our printing systems and their
operating systems monthly and takes preventive/corrective (patch) measures if necessary.
PARTICIPATION IN REGULATORY BODIES
Canon works closely with customers, government agencies and security organizations to improve and develop
security features for its products. We actively participate in the MFP Technical Community which is responsible
for defining a Protection Profile (PP) to facilitate the efficient procurement of Commercial Off-The-Shelf (COTS)
Hardcopy Devices (HCDs) using the Common Criteria (CC) methodology for information technology security
evaluation. As a result, we are involved at the earliest stage in developing new technologies to meet new
requirements described in the Protection Profile.
6
2. SECURE CONTROLLER
Controller
• Architecture
• Operating System
• Security hardening
• Secure Usage
• Secure Access
If printer settings and controls are not secure, a person could intentionally or unintentionally change the settings
on the printer, send print jobs somewhere else or infiltrate your network. To prevent this, controllers and customer
networks must be protected from the risk of using the controller as a conduit for security threats. The Océ
controllers provide security features to ensure that only the authorized individuals can print, copy and scan. This
section explains how we have safeguarded the system architecture as well as the main operating systems to prevent
unauthorized access and changes to system settings. These measures have been put in place to guarantee that the
system is used only for its intended purposes and to prevent system access to unauthorized persons or devices.
OCÉ CONTROLLERS AND ARCHITECTURE
An Océ large format printing system is composed of an:
•
Océ printer and/or scanner
•
Océ controller
The Océ controller is the heart of Océ ColorWave® and PlotWave® printing systems, driving the printing, copying
and scanning processes. It has been developed and structured to ensure that the customer printing and working
environment remains secure. The Océ controller has been tailored to offer the best performance, productivity,
reliability as well as the best serviceability. As such, it has been designed as a closed system.
•
It is installed and supported by authorized technicians in the Canon Solutions America Service and support
organization and those of authorized Canon Solutions America Large Format dealers
•
A user can only access the features for printing, copying and scanning
OCÉ CONTROLLERS AND MICROSOFT® WINDOWS® EMBEDDED OS
The Océ controllers use an up-to-date Microsoft Windows embedded operating system (OS) which provides a very
secure environment for printing, copying and scanning. To further improve security and reduce vulnerability, we
have:
•
Disabled the most highly vulnerable modules on the Microsoft Windows embedded operating system
7
•
Either not installed or completely disabled all the components/features/services not used
•
Used a Windows account with reduced privilegesfor the controller programs
•
Configured the Windows firewall for minimal open ports for incoming and outgoing connections
•
Used ACL’s on system files to reinforce system security and integrity
•
Followed the windows security reinforcement, including virtual account and keyboard filtering
OCÉ CONTROLLER SECURITY HARDENING
To strengthen the security of the Océ controllers, we are continuously hardening our software design policy. The
latest measures include:
- Assessing all threats from security scanner reports. We evaluate them according to the actual level of threat to your printer/network and identify the false positive threats
- USB hardening to prevent unauthorized USB usage and deny booting from USB
- Prohibiting the system from being controlled with a keyboard/mouse including a virtual keyboard on the Océ ClearConnect touch panel
- Hardening web access with Océ Express WebTools, for example disabling weak ciphers
- Validation of input/output network traffic (e.g. foreliminating Cross site/Cross frame scripting, path traversal attacks and command injection)
SECURE USAGE
With Océ Large Format printing systems, the user has no access to the software of the user interface and the
Microsoft Windows embedded operating system. Only the functions for the printing, copying and scanning are
provided to the user. The end user cannot do the following:
•
Modify, install and run any other application (except a special secured option which exists for installing a third
party application, such as installing an antivirus application)
•
View, modify, delete or create any operating system setting
•
Browse the content of the disk
SECURE ACCESS
It is not possible to modify any operating system settings directly:
•
The end user has no access to any direct operating system features
•
There is no possibility to directly update or upgrade the operating system
Some operating system settings (like Network settings) can be changed within the password protected application:
Océ Express WebTools or with the Océ ClearConnect touch screen interface.
8
USER CREDENTIALS FOR ACCESS
Four accounts have been designed with the permission to update configuration settings or to manage print, scan
or copy jobs: Key Operator, System Administrator, Power User and Service. these accounts are specific to the
controller application and are not Windows accounts. All four accounts are under costomer control and are password
protected (with salted Hash). Passwords are not readable. Three of the accounts are available to customers:
•
Key Operator - can manage jobs and change some printing and scanning settings without the authority to change
network or system settings, such as Print/Copy and Scan preferences or Page Description Language (HPGL2,
PDF, etc.)
•
System Administrator - can manage the configuration settings, such as:
- Connectivity settings
- Security settings
- External location settings
Since this account has high access privileges it should be held confidential and only be accessible to select
individuals
•
Power User - has the rights of both the Key operator and the System Administrator
The Service role is used exclusively by the service technician/dealer. With the latest controller releases, sensitive
configurations/operations under the Service role are controlled by the System Administrator authorization.
USB REMOVABLE MEDIA
Preventative measures have been taken to provide a secure environment even when using USB removable media. It
is not possible to boot from the USB key (except on a blank hard disk in cases where the hard disk is being replaced).
It is not possible for the end user to browse to or execute any program present on a USB key.
9
3. SAFEGUARD THE NETWORK
Network
• Web access
• Network protocols and
services
• Access control (IP filtering)
• HTTPS
• Print files
• Controller and antivirus
software
In a printing environment, security risks can be present when connecting printers to the network. Canon has taken
measures to reinforce network security to prevent unauthorized access and hacking of print files and infection of the
controller.
WEB ACCESS
Access to the Océ controller is available remotely through the web application “Océ Express WebTools” which is
based on a third party web server that generates pages on the fly with strong file restriction access and no link with
the operating system.
NETWORK PROTOCOLS AND SERVICES
To reduce the likelihood of an attack, only network protocols for printing and scanning have been implemented.
All other protocols have been completely disabled. It is also possible for the end user to completely disable some
protocols that are not used.
For a detailed specification of network protocols and services, please consult the Océ Security Manual “Océ
PlotWave - ColorWave Systems Security” via the Manuals section on http://csa.canon.com
ACCESS CONTROL (IP FILTERING)
Access control is a feature which uses IP filtering to limit the access to the Océ system. That means only equipment
with specific IP addresses are allowed to communicate with the controller. This restricts the communications
between the controller and other network equipment.
HTTPS
To protect the network traffic for Océ Express WebTools/Océ Publisher Express using the HTTP protocol from
being intercepted or altered, the HTTPS protocol can be used instead of HTTP traffic with the controller. Moreover
trusted certificates from a Certificate Authority can be embedded in the controller to prevent a man-in-themiddle attack, where a malicious party which happens to be on the path to the controller server pretends to be the
controller.
10
PRINT FILES
The Océ controller has been designed so that it will not execute or print any print files (or parts of print files) that
are not recognized as a valid print file by the internal Page Description Languages (PDL) interpreter. This greatly
reduces the chances of a corrupted file from infecting or damaging the actual controller. The PDLs supported
are: HP-GL, HP-GL/2, CALS, TIFF, NIRS, CALCOMP, C4, JPEG, DWF, PostScript and PDF. PDF and PostScript are
supported via the optional Adobe® PS3/PDF driver.
CONTROLLER AND ANTIVIRUS SOFTWARE
Canon does not promote the installation of antivirus software on any controller since:
•
Canon has taken significant preventive security measures to greatly reduce possible security threats, which
should be sufficient in most customer environments
•
Antivirus software cannot be installed by the customer since there is no access to the normal Windows desktop
and there are no privileges to install any software
•
The Windows operating system has been tailored with limited running components/services, and some of them
may be required to run the antivirus installation program
However, we understand that antivirus software may be requested by some customers. IT policy may dictate that
particular antivirus software must be installed on all devices with a well-known operating system. To accommodate
these situations, Océ has tested and approved two antivirus packages:
•
Symantec AntiVirus Endpoint Protection
•
McAfee VirusScan Enterprise Edition with ePolicy Orchestrator
A Canon Solution America Océ Large Format Service Technician is needed to install these antivirus packages. The
complete procedure to install these antivirus software packages is described in the Océ Antivirus Installation
Guideline. Please consult your local Canon Solutions America representative for more information.
Important note: With antivirus software, there may be a situation in which the Océ controller is reported as being
infected when it is not actually infected. Antivirus software installed on the Océ controller may intercept a virus
infection hidden in a print file submitted to the controller. However, the controller never executes the malicious code.
Therefore, the report to the Central Antivirus Server that the controller has been infected is incorrect.
11
4. SAFEGUARD USER DATA
User data
• Data on the network
• Data on the device
In a printing environment, protecting confidential data and proprietary information is essential. Canon has taken
measures to protect user data from being altered or copied at all points in the workflow: during network transfer as
well as on the device itself.
DATA ON THE NETWORK
Some encryption mechanisms have been embedded to safeguard user data when it is being sent through the network
to prevent any malicious hacker on the network from intercepting user data:
HTTPS
The HTTPS protocol can be used to:
•
Send encrypted print data to the printer controller via Océ Publisher Express
•
Save encrypted scan jobs from the printer controller (Scans Inbox)
•
Securely manage the configuration of the system through Océ Express WebTools
Certificates are used to check the identity of the controller during the communication. The HTTPS protocol is always
available.
IPsec
IPsec is a protocol that provides authentication, data confidentiality and integrity in the network communication
between the controller and other devices. You can connect up to 5 IPsec stations to the controller. The encryption
mechanism guarantees the confidentiality of the users’ print and scan data on the network.
DATA ON THE DEVICE
Once the user data has been transferred to the controller, Canon has embedded various mechanisms on the controller
to prevent any malicious user from accessing this data.
E-SHREDDING
The e-shredding feature is a security feature which allows the system to overwrite any user print/copy/scan data
after it has been deleted from the system. This feature prevents the recovery of any deleted user data including file
content and file attributes, for instance if the disk is stolen.
12
Three e-shredding algorithms may be set up on the controller by the System Administrator:
•
DOD 5220.22-M: 3-pass overwriting algorithm (compliant with the US Department of Defense directive)
•
Gutmann: 35-pass overwriting algorithm with random data
•
Custom: the user can set the number of passes, from 1 to 35
HARD DISK ENCRYPTION (OPTION)
The hard disk encryption (option) of the Océ POWERsync controller encrypts all files present on the entire drive
(including the operating system and all data). The encryption mechanism is based on a Trusted Platform Module
(TPM) and Microsoft BitLocker mechanism which is compliant to FIPS 140-2 certification. The AES 128 encryption
method is used.
The disk encryption is performed during installation on the customer site. Two types of hard disk encryption can be
chosen:
Normal encryption which encrypts only the space used
•
This option speeds up the encryption at installation time (compared to full encryption) and is recommended for a
new system integration
•
Full encryption which encrypts all the disk space used as well as empty space
•
This option is preferred for a system which is not new that may contain residual user data
•
This option is mandatory for some customers who must comply with strong security requirements (like the
Department Of Defense)
The hard disk encryption option guarantees that customer data cannot be retrieved if the hard disk is stolen even if
the TPM is stolen.
PROTECTING PASSWORD DATA
All of the user passwords embedded in the system (Key Operator, System Administrator, Power User, external
location passwords for Scan to File operations, pre-shared key for IPsec, Proxy authentication) are encrypted using
strong cryptographic algorithms (AES128). No (encrypted) password can be transmitted outside the customer site
without the authorization of the system administrator, for instance when he is performing a ‘Save configuration’ with
Océ Express WebTools.
LETTER OF VOLATILITY
A letter of volatility detailing the volatility of customer data stored in the various memory devices and engine is
provided for each product. In other words, this letter outlines which data are stored on which memory when the
printer is powered off (non-volatile) or powered on (volatile).
13
5. SAFEGUARD DATA PRIVACY (USER AUTHENTICATION)
Data privacy
• Secure printing/scanning
• Scan to/print from home
directory
• uniFLOW
The User Authentication option is designed to protect sensitive print jobs and information from unauthorized access.
Only the owner of the job can access his job.
SECURE PRINTING/SCANNING
When user authentication is enabled
•
Print jobs sent by the job owner are not printed until the job owner authenticates on the system user panel and
releases them for printing
•
The print jobs are stored in the printer and only the job owner can access them
•
Copying and scanning operations are accessible only after the user authenticates on the system user panel
Two different methods can be used for user authentication
•
User name and password
•
User name and password are required on the printer panel. This authentication method is mainly targeted for
Windows-based environments (Microsoft Active Directory).
•
Smart card (PKI card MS Active Directory Certificates Services compatible)
A valid smart card must be inserted into the smart card reader (plugged into the USB outlet on the printer)
SCAN TO (/PRINT FROM) HOME (OPTION)
The Scan to (/Print from) Home option is available with the user name and password authentication method. After
entering authentication on the printer panel, the user can scan a file to (or print a file from) his home directory on the
network as configured for his own account on MS Windows Active directory. Access to home directory is performed
through LDAP protocol with an Authentication performed through Kerberos protocol; data transfer (scan to/print
from) is performed through SMB protocol. For the Scan to Home option, that means only the respective user can
retrieve his scans after he has authenticated on his own account on any workstation.
14
uniFLOW
The latest Océ PlotWave and Océ ColorWave printing systems with the Océ ClearConnect user interface can be
integrated in uniFLOW environments of the customer. This gives users additional functionalities and help them to
control and reduce printing and copying costs, increase document security and improve employee productivity. For
more information, read http://nt-ware.com/home/about-us/news/single/article/uniflow-version-54-launched.html.
15
6. SAFEGUARD MANAGEMENT AND SUPPORT
Management
and support
• Controller and OS updates
• Controller security patch
updates
• Servicing
• Remote Service
• Security log
• Security Manual
Despite the fact that preventive security measures have been taken, Canon also takes measures to protect the
product after it has been released, including:
•
Some vulnerabilities may be discovered after the product has been installed. Canon has put a process in place
to keep track of vulnerabilities and provide new releases with OS updates and patches when necessary after a
product has been installed
•
Ensuring that the serviceability of the products is secure
OCÉ CONTROLLER/OS UPDATES
In addition to new features, Océ provides regular software releases with the latest security updates. Océ also
embeds the latest OS service pack in every new release of the Océ large format controller, ensuring the highest level
of security for customers.
CONTROLLER SECURITY PATCH UPDATES (MICROSOFT AND OTHERS)
Canon checks for Microsoft reports on operating system vulnerabilities and whether these vulnerabilities affect
the Océ controllers monthly. Whenever vulnerability is reported, Canon updates the Océ Security Web page (http://
downloads.oce.com) for each product.
If the Océ controller may be vulnerable, we follow a set procedure to provide a software patch as soon as possible.
Patches developed by Canon are rigorously tested for the three latest releases for each Océ large format product.
Because of this thorough testing, there is a delivery delay between genuine operating system patch availability and
Océ patch availability.
Note: The patches provided by Microsoft on the Microsoft website cannot be directly installed on the Océ
controllers. Please use the appropriate Océ patches instead.
The Océ patch procedure is a procedure for customers to use. The patch (applicable through our web application Océ
Express WebTools) is applied only if it is recognized as an Océ genuine patch. This patch procedure has been designed
to prevent someone from corrupting the Océ controller. It is not possible to modify or corrupt the patch, and if this is
attempted, the patch will be discarded.
16
SERVICING THE PRINTER SYSTEM
Canon Solutions America Océ Large Format service employees use special procedures/features to configure,
diagnose and troubleshoot the Océ system. With the latest generation of Océ controllers, sensitive service
operations are controlled by the System Administrator.
For service operations and systems requiring a service laptop:
•
The connection between the laptop of the Canon Solutions America Océ Large Format service technician and the
Océ controller is made through a dedicated Ethernet connection
•
Océ Service uses a dedicated account
Canon has a Security Policy which guarantees that the laptop of the service technician is always secured, updated
with the latest Microsoft Security updates, with the latest antivirus signatures and protected by a firewall.
SECURITY LOG
All the changes in the security section of the system are logged in a file which can be downloaded at any moment by
the System Administrator (Audit Log feature). This allows the System Administrator to track all changes made to the
settings.
OCÉ PLOTWAVE AND COLORWAVE SECURITY MANUAL
The Océ PlotWave and ColorWaveSecurity Manual provides customers with detailed information about security
measures implemented in Océ printing systems, such as:
•
Details of security features for each product
•
Network ports used for external firewalls
•
Tips, tricks and FAQs
This Security Manual is periodically updated to reflect the latest security enhancements in current and new products.
It is available on the Canon Solutions America website on the Download/User Manual section of each product page
under the heading “Océ Large Format Systems Security”.
17
APPENDIX
LIST OF OCÉ PRODUCT
ABBREVIATIONS
OVERVIEW OF SECURITY FEATURES PER
PRODUCT
This section contains the security features for all Océ
large format printers, for further details, please consult
the Security Manual.
PW750
PW900 R2
PW300 >= 1.5
PW350 >= 1.5
CW300 >= 1.5
Operating system
Windows
Embedded
Standard 2009
Windows
Embedded
Standard 7 SP1
Windows
Embedded
Standard 7 SP1
CW600
CW650
CW810
CW900
CW910
PW340
PW360
PW500
CW300 — Océ ColorWave 300
CW500 — Océ ColorWave 500
CW600 — Océ ColorWave 600
CW650 — Océ ColorWave 650
CW700 — Océ ColorWave 700
CW810 — Océ ColorWave 810
CW900 — Océ ColorWave 900
CW910 — Océ ColorWave 910
PW300 — Océ PlotWave 300
PW340 — Océ PlotWave 340
PW345 — Océ PlotWave 345
PW350 — Océ PlotWave 350
PW360 — Océ PlotWave 360
PW365 — Océ PlotWave 365
PW450 — Océ PlotWave 450
PW500 — Océ PlotWave 500
PW550 — Océ PlotWave 550
PW750 — Océ PlotWave 750
PW900 R2 — Océ PlotWave 900 R2
Microsoft Windows Windows Embedded
Embedded Standard Standard 7 SP1 for
CW650 R3
8 64 bits
CW500
CW700
PW345
PW365
PW450
PW550
Microsoft Windows Microsoft Windows
Embedded Standard Embedded Standard
8 64 bits
8 64 bits
Linux for CW550,
CW600(PP) and
CW650
Linux and WES 2009
for CW650 and
CW550 multifunctional (with scanner)
Integrated Firewall
Yes
Yes
Yes
Yes
Yes
Yes
Yes
MS security flaws
follow up/Security
patches
Océ released
patches
Océ released
patches
Océ released
patches
Océ released
patches
Océ released
patches
Océ released
patches
Océ released
patches
Network protocols
protection
3 Océ Security
Levels
4 Océ Security
levels
Yes. Protection
configurable
per protocol
Yes. Protection
configurable
per protocol
Yes. Protection
configurable
per protocol
Yes. Protection
configurable
per protocol
Yes. Protection
configurable
per protocol
User authentication
for Print/Scan
No
No
No
No
No
Yes, by:
- User name and
password
- Smart card
Yes, by:
- User name and
password
- Smart card
Scan to/print from
Home directory (MS
Active Directory)
No
No
No
No
No
No
Yes (Through Local
User Authentication
on Printer panel)
Antivirus
Compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
Compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
Compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
No
Only for CW650 R3 :
compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
Compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
Compatible with :
- Symantec EPP 12.1
- McAfee VirusScan
Enterprise Edition
8.8i
IPV6
Yes (IPV6 and IPV4
combination)
Yes (IPv6 only or
IPv6 and IPv4
combination)
Yes (IPv6 only or
IPv6 and IPv4
combination)
No
Yes (IPv6 only or
IPv6 and IPv4
combination)
Yes (IPv6 only or
IPv6 and IPv4
combination)
Yes (IPv6 only or
IPv6and IPv4
combination)
SMB authentication
NTLMV1
NTLMV2
NTLMV2
NTLMV2
NTLMV2 or NTLMV1 NTLMV2
for:
-CW550 R2.2.3 and
higher
- CW650 R2.2.3 and
higher
- CW650 R3
NTLMV2
NTLMV1 for all other
releases
Data overwrite
E-shredding
E-shredding
E-shredding
No
E-shredding for :
- CW600 1.5 (and
higher version)
- CW650(PP) and
CW550
E-shredding
E-shredding
Data encryption on
the network
- IPsec
- IPsec
- HTTPS (for administration with Océ
Express WebTools
and for job submission through Océ
Publisher Express)
- IPsec
- HTTPS (for administration with Océ
Express WebTools
and for job submission through Océ
Publisher Express)
- HTTPS (for administration with Océ
Express WebTools
and for job submission through Océ
Publisher Express)
IPsec for:
- CW550 R2.3.1 and
higher
- CW650 R2.3.1 (PP)
and higher
- IPsec
- HTTPS (for administration with Océ
Express WebTools
and for job submission through Océ
Publisher Express)
- IPsec
-H
TTPS (for administration with Océ
Express WebTools
and for job submission through Océ
Publisher Express)
Hard disk encryption No
No
No
No
No
No
Yes (Option) (TPM
module required):
2 modes:
- Normal
- Full encryption
Access control (IP
filtering)
No
No
Yes
No
Yes for:
-C
W550 R2.3.1 and
higher
-C
W650 R2.3.1 (PP)
and higher
Yes
Yes
Security logging
No
No
Auditing of security
related events
Auditing of security
related events
Only for CW650 R3
Auditing of security
related events
Auditing of security
related events
Service operation
restriction
No
No
No
No
No
Yes (with System
Yes (with System
Admin authorization) Admin authorization)
Océ Publisher
Express access
Access by everyone
Access restriction
possible
Access restriction
possible
Access restriction
possible
Access restriction
possible
Access restriction
possible
Access restriction
possible
Removable Hard
drive (option)
Yes
No
Yes
No
Yes (for CW550 R3/
CW650 R3)
Yes
Yes
Letter of volatility
Yes
Yes
Yes
Yes
Yes
Yes
Yes
18
WHY CANON SOLUTIONS AMERICA.
Canon Solutions America recommends forward-thinking strategies to achieve the
highest levels of information management efficiency for your unique business needs.
Using superior technology and innovative services, we then design, implement and track
solutions that improve information flow throughout your organization in environmentally
conscious ways, resulting in greater productivity and reduced costs.
There are many reasons why you should choose Canon Solutions America as your
provider for document management solutions. Benefits include:
• A Canon U.S.A. Company
• Managed Document Services
• Business Services
• Nationwide Coverage
• Professional Services
• Customized Industry Solutions
• Global Capabilities
• G
enuine Canon and Océ Parts
and Supplies
• Certified Training and Support
• Flexible Finance Options
• Single-Source Solutions Provider
• D
iverse Range of Input-to-Output
Technology
But that’s not all. As a company that is dedicated to your needs, we support our solutions
with highly skilled professionals and advanced diagnostic systems to maintain peak
performance. And with ongoing consultation, we can further your document management
capabilities to ensure the highest level of satisfaction and productivity.
LARGE FORMAT SOLUTIONS
100 PARK BOULEVARD, ITASCA, IL 60143
1-800-714-4427 | 1-773-714-4076 | FAX 1-773-714-4056
us.info@csa.canon.com CSA.CANON.COM
Canon is a registered trademark of Canon Inc. in the United States and elsewhere. Océ is a registered trademark of Océ-Technologies B.V. in the United States and elsewhere.
All other referenced product names and marks are trademarks of their respective owners and are hereby acknowledged.
© 2016 Canon Solutions America, Inc. All rights reserved.
LFS-51373 DS 5/16 CC/PDF
Open as PDF
Similar pages