Network Security White Paper - Ricoh

1 Network Security White Paper ver. Copyright 2013 Ricoh Americas Corporation. All rights reserved. Page 1 of 72 Visit our Knowledgebase at: 6/21/2013 Technical Information: Network Security White Paper Document Version Product Code Ricoh Savin Gestetner Lanier D081 D082 MP C6501SP MP C7501SP C9065 C9075 MP C6501 MP C7501 LD365c LD375c M065 M066 aficio SP C430 DN aficio SP C431 DN CLP37 DN CLP42 DN SP C430 DNSP C431 DNLP137CN/SP C430 DN LP142CN/SP C431 DN D094 aficio MP W3601 3406WD GWD3006 LW426 M075 aficio SP c320dn SP c320dn SP c320dn SP c320dn M080 aficio SP 4310N SP 4310N SP 4310N SP 4310N M020 M021 aficio SP 5200DN aficio SP 5210DN SP 5200DN SP 5210DN SP 5200DN SP 5210DN SP 5200DN SP 5210DN Network Security White Paper ver.

2 2 NOTICE: This document may not be reproduced or distributed in whole or in part, for any purpose or in any fashion without the prior written consent of Ricoh Company limited. Ricoh Company limited retains the sole discretion to grant or deny consent to any person or party. Copyright 2013 by Ricoh Company Ltd. All product names, domain names or product illustrations, including desktop images, used in this document are trademarks, registered trademarks or the property of their respective companies. They are used throughout this book in an informational or editorial fashion only. Ricoh Company, Ltd. does not grant or intend to grant hereby any right to such trademarks or property to any third parties.

3 The use of any trade name or web site is not intended to convey endorsement or any other affiliation with Ricoh products. The content of this document, and the appearance, features and specifications of Ricoh products are subject to change from time to time without notice. While care has been taken to ensure the accuracy of this information, Ricoh makes no representation or warranties about the accuracy, completeness or adequacy of the information contained herein, and shall not be liable for any errors or omissions in these materials. The only warranties for Ricoh products and services are as set forth in the express warranty statements accompanying them. Nothing herein shall be construed as constituting an additional warranty.

4 Ricoh does not provide legal, accounting or auditing advice, or represent or warrant that our products or services will ensure that you are in compliance with any law. Customer is responsible for making the final selection of solution and technical architectures, and for ensuring its own compliance with various laws such as the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act (HIPAA). Version Issue Date Revised item 2/22/2010 Initial release 11/24/2010 Added SSL features information 03/07/2011 Added Models (M065, M066, D094 and M075) 10/25/2011 Added Models (M080, M020 and M021) 06/10/2013 Updated model information NOTE: Throughout this document you may see references such as 04A (2004 Autumn) or 05S (2005 Spring).

5 You will only see an A (Autumn) or S (Spring) attached to the last two digits of a year. These two seasons reflect the time period the machines were manufactured. Target Readers: 1. End users: The information contained in the document can be distributed to end users as long as you follow the restrictions outlined on page 2. Before distributing this document to end users, region specific information including model names must be modified. 2. The support and marketing staff of Ricoh Sales companies including Ricoh family group companies and their subsidiaries. 3. The support staff of dealers. Network Security White Paper ver. 3 Terms: The following terms are used in this document. Please familiarize yourself with them.

6 Host Interface: This refers to the physical interface of the Ethernet board on the products . SSL: SSL is a communication technology used for secure connections between 2 hosts. The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications. SSL is layered on top of some reliable transport protocol ( , TCP). SSL allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. SSH2 (Secure Shell) is intended as a replacement for rlogin, rsh, and rcp. Additionally, ssh provides secure X connections and secure forwarding of arbitrary TCP connections.

7 Ricoh s implementation of SSH is based on OpenSSH Model Cross Reference: The products: This refers to the digital multifunction and printing devices covered by this document, as noted in the Model Cross Reference table. The term the products refers to all of these machines collectively. Product Code Ricoh Savin Gestetner Lanier D081 MP C6501SP C9065 MP C6501 LD365c D082 MP C7501SP C9075 MP C7501 LD375c M065 aficio SP C430 DN CLP37 DN SP C430 DNLP137CN/SP C430 DN M066 aficio SP C431 DN CLP42 DN SP C431 DNLP142CN/SP C431 DN D093 aficio MP W2401 N/A N/A N/A D094 aficio MP W3601 3406WD GWD3006 LW426 M075 aficio SP c320dn SP c320dn SP c320dn SP c320dn M080 aficio SP 4310N SP 4310N SP 4310N SP 4310N M020 aficio SP 5200DN SP 5200DN SP 5200DN SP 5200DN M021 aficio SP 5210DN SP 5210DN SP 5210DN SP 5210DN NOTE: Parts of this document may not apply to some models.

8 For example, printer models do not have scanners. Therefore some uses of RSH (for scanning) do not apply to these models. Network Security White Paper ver. 4 Table of Contents: 1. 8 1-1 Port Based Network Services and Potential Security Issues .. 8 1-2 TELNET .. 9 1-2-1 Function Overview: .. 9 1-2-2 Potential 9 1-2-3 Possibility of Acting as a Server for Relaying Viruses .. 9 1-2-4 Theft of Username and Password .. 9 1-2-5 Possibility of Successful DoS (Denial of Service) 10 1-2-6 Recommended Precautions .. 10 1-3 FTP .. 10 1-3-1 Function Overview .. 10 1-4 Potential Threats .. 11 1-4-1 Destruction, corruption and modification of the file system .. 11 1-4-2 Possibility of acting as a server for relaying viruses.

9 11 1-4-3 Theft of username and password .. 11 1-4-4 Theft of print 11 1-4-5 Possibility of successful DoS (Denial of Service) attacks .. 11 1-4-6 Recommended precautions .. 11 1-5 SFTP (SSH2) .. 12 1-5-1 Function Overview .. 12 1-5-2 Potential threats .. 12 1-5-3 Possibility of successful DoS (Denial of Service) attacks .. 12 1-6 SSH Port Forwarding .. 13 1-6-1 Function Overview .. 13 1-6-2 Potential 13 1-6-3 Recommended precautions .. 14 1-7 HTTP .. 14 1-7-1 Function Overview .. 14 1-7-2 Potential 14 1-8 HTTPS .. 15 1-8-1 Function Overview .. 15 1-8-2 Potential 15 1-9 SNMP v1/v2 .. 16 1-9-1 Function Overview .. 16 Network Security White Paper ver. 51-9-2 Potential Threats and Recommended Precautions.

10 17 1-10 SNMP v3 .. 18 1-10-1 Function Overview .. 18 1-10-2 Potential Threats and Recommended Precautions .. 18 1-10-3 Recommended Precaution .. 18 1-11 SHELL (RSH/RCP) .. 19 1-11-1 Function Overview .. 19 1-11-2 Potential threats and recommended precautions .. 19 1-12 LPD .. 20 1-12-1 Function Overview .. 20 1-12-2 Potential threats and recommended precaution .. 20 1-13 IPP .. 21 1-13-1 Function Overview .. 21 1-13-2 Potential Threats and Recommended Precautions: .. 21 1-14 DIPRINT (RAW print) .. 22 1-14-1 Function Overview.. 22 1-14-2 Potential Threats and Recommended Precautions .. 22 1-15 SMB .. 22 1-15-1 Function Overview.. 22 1-15-2 Potential threats and recommended precautions .. 23 1-16 MDNS.