Summary of Contents for Canon iR-ADV Security Kit-B1
Page 1
February 27, 2012 Revision 0 iR-ADV Security Kit-B1 for IEEE 2600.1 Service Manual Specifications Functions Installation Maintenance...
Page 2
This manual is copyrighted with all rights reserved. Under the copyright laws, this manual may changes in the contents of this manual over a long or short period, Canon will issue a new not be copied, reproduced or translated into another language, in whole or in part, without the edition of this manual.
Contents The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". Checking the Operation After Making the Settings -------------------3-5 Checking the Ping When IPSec is in Operation---------------------------- 3-5 Specifications Setting by the Device ------------------------------------------------------------- 3-5...
Page 4
Explanation of Symbols The following rules apply throughout this Service Manual: The following symbols are used throughout this Service Manual. Each chapter contains sections explaining the purpose of specific functions and the relationship between electrical and mechanical systems with reference to the timing of Symbols Explanation Symbols...
License is option Hardware option Standard function iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is an option to use the imageRUNNER ADVANCE 4000 Series(4051/4045/4035/4025) as the CC certified HDD Data imageRUNNER ADVANCE 4000 Series 2600.1 model (hereinafter called "2600.1 model")
Check that the machine configuration (such as the controller and options) is the same as that when IEEE 2600.1 CC certification was obtained on the touch paneldisplay. There are following mentions in "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification of Administrator Guide".
Page 8
Since versions are not given to any options other than HDD Data Encryption & Mirroring Kit, they are aggregated in the Controller Version. "ACCESS MANAGEMENT SYSTEM" and "iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification" are not displayed unless default authentication is switched to SSO-H.
Functions > Basic Function > What is IEEE2600? > IEEE2600.1 Basic Function ■ IEEE2600.1 IEEE 2600.1 describes security requirements of MFPs and printers, and is one of the PPs What is IEEE2600? (Protection Profiles) of IEEE 2600 series. PP is a document that describes a set of security requirements in certain product range which satisfies consumers' needs.
Functions > Basic Function > Target Function Purpose of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification: The iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria includes the security function iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is assumed to that it functions and met entirely of seven kinds of above.
Functions > Basic Function > Security Functional Requirements of MFP Security Functional Requirements of MFP The following shows the security functional requirements of MFP. Functional requirements Purpose Functions supported by iR-ADV User recognition/ To prevent unauthorized use by MEAP SSO-H authentication function unregistered persons Access control of device...
Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 New Function Function Settings Setting items Displayed Screen Setting Setting value (IEEE value (at iR-ADV Security Kit-B1 for IEEE2600.1 2600.1 the time of certification shipment) machine) Check that the following installation is complete before enabling the license of iR-ADV Report with TX Image [Send] >...
Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) (PS/PCL/UFR II Printer) > Restricting Printer Jobs, included with this product. ■ Setting value (IEEE 2600.1) 1. The Advanced Box is disabled since it is not targeted for audit log.
Page 15
Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) Use NetWare > OFF Setting value (IEEE 2600.1) Setting value (at the time of shipment) Use AppleTalk > OFF Setting value (IEEE 2600.1) Setting value (at the time of shipment) T-2-10 5.
Page 16
Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) 8. The remote fax reception function is configured not to be used since its job is executed 11. ON is selected for "Use I-Fax Memory Lock" to prevent the received I-Fax job from being without the SSO-H user authentication.
Page 17
Functions > New Function > iR-ADV Security Kit-B1 for IEEE2600.1 > Setting value (IEEE 2600.1) 13. The proof print setting (Print When Storing from Printer Driver) in the settings/registration Audit Log Retrieval of each Mail Box is grayed out to prohibit general users fromindividually changing the Setting value (IEEE 2600.1)
Functions > New Function > Audit Log (Standard Function of This Machine) 2-10 Audit Log (Standard Function of This Machine) ■ Installation location Settings/Registration > [Management Settings] > [Device Management] > [Unified Security The following logs are newly generated to audit the user operation. Settings] The following shows the description of each log.
Functions > New Function > Self Test Function (IPSec) 2-11 Log type User authentication log 4098 Job log 1001/8193 Mail Box operation log 8197 Mail Box authentication log 8199 Management function log 8198 Network log 8200 User authentication and user management log 3001 T-2-23 NOTE:...
IEEE2600.1 CC certification. To maintain the status of IEEE2600.1CC certification, install the firmware for the host machine from the CD included in the package of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification.
Installation > Installation Overview > The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". Installation Overview 2. Installing the System 1) Remove the VOID seal from the IEEE2600 certification kit, take out the CD-ROM and register the firmware to SST.
Page 23
Installation > Installation Overview > The following shows "installation overview of Installation Procedure for iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification". 6. Checking the Version and Configuration 1) Check that the following version matches with the version described in the User's Guide.
Installation > Checking the Operation After Making the Settings > Setting by the Device Checking the Operation After Making the Settings Enter a policy name and perform each setting in order. Checking the Ping When IPSec is in Operation In IEEE2600 certification, all communication is encrypted by IPSec when the device communicates via network.
Page 25
PFS > OFF Auth./Encryption > Auto F-3-5 IKE Settings Authentication Method > Shared Key, Enter "canon" here. This character string is used in the PC setting of the next section. F-3-7 Reference: You can compare it when You output a list of IPSec policy when a change entered later.
Authentication > Add First Authentication Method >Preshared key as usual and a response is returned after performing the setting accordingto the procedure (not recommended) (Ex: canon) Connection Security Rules Windows Firewall Properties Control Panel > All Control Panel Items > Administrative Tools >...
Installation > Checking the Operation After Making the Settings > IPSec defaults > Customize IPsec Setting IPSec defaults > Customize Create a new IP Security Policy. Select Start > Control Panel > System and Security > Administrative Tools > Local Security Policy.
Page 28
Installation > Checking the Operation After Making the Settings > IPSec defaults > Customize Note: Delete the security method that is set by default. F-3-14 Data protection (Quick Mode) Select "Require encryption for all connection security rules that use these settings." Add Intergrity and Encryption Algorithms, Protocol : ESP(recommended) Algorithms : AES-CBC 128...
Advanced Security F-3-15 Authentication method Authentication method > Advanced > Customize > First Authentication > Add First Authentication Method >Preshared key (not recommended) (Ex: canon) F-3-17 Open New Conection Security Rule Wizard. Note: This character string is used in the Device setting of the befor section.
Page 30
Installation > Checking the Operation After Making the Settings > Connection Security Rules 3-11 Rule Type Requirements Custom Require authentication for inbound and outbound connetions F-3-19 F-3-21 Endpoints Authentication Method Any IP address Default F-3-20 F-3-22 3-11 Installation > Checking the Operation After Making the Settings > Connection Security Rules...
Installation > Checking the Operation After Making the Settings > Assigning the Security Policy 3-12 Protocol and Ports Name Protocol type : Any Any (Ex : test) F-3-23 F-3-25 Profile Assigning the Security Policy Select : Domain, Private, Public IPsec communication starts when a policy is assigned. Control Panel >...
Installation > Checking the Operation After Making the Settings > Checking the Ping 3-13 Checking the Ping Be sure to check the ping from the device. At the initial connection, time-out may occur before encryption communication is established, which may result in the connection failure. Execute a ping repeatedly at some interval if connection failed.
CDS special upgrading. Recovery after Servicing Work When the setting of iR-ADV Security Kit-B1 for IEEE 2600.1 Common Criteria Certification is changed due to the servicing work (replacement of Main Controller,replacement of HDD, clearing of each service mode), the environment of the host machine needs to be returned to that of IEEE2600 certification.
Maintenance > Reference matter in market service > Functions Which Operates Normally Reference matter in market service Functions Which Operates Normally Version upgrade by SST Installation of IPSec Board encrypts communication. In the case of communication between SST and the host machine, system can be installed by SST vianetwork in the same way as the normal service since IPSec function is not used.