Common Criteria Certification for Samsung Multifunction Printers



Similar documents
MFP Security Overview

2 Enterprise. CounThru TM. Managed Print Solution. CounThru TM 2 Enterprise Managed Print Solution WHITE PAPER. Introduction. What is CounThru TM

Document Capture and Distribution

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

Grading and Survey Solution

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

WHITE PAPER. CounThru TM 2 Professional Managed Print Service. Introduction. Management Science

Samsung Security Solutions

Ricoh Security Solutions Comprehensive protection for your documents and information. ecure. proven. trusted

Digital Scanning Solutions. Versatile, affordable scanning solutions for every day business. Digital Printing Solutions

Codici errore Universal Send Kit

SyncThru TM Web Admin Service Administrator Manual

File Management Utility User Guide

IMAGER security solutions. Protect Your Business with Sharp s Comprehensive Document Security Solutions

Samsung SmarThru Workflow 2 Digitize your print environment with secure, cost effective document workflow

Samsung device management solutions Manage, monitor and diagnose multiple print devices easily and cost effectively

IEEE 2600-series Standards for Hardcopy Device Security

bizhub C3850/C3350 USER S GUIDE Applied Functions

SeCUritY. Safeguarding information Within Documents and Devices. imagerunner ADVANCE Solutions. ADVANCE to Canon MFP security solutions.

User s Guide [Security Operations]

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

Legal Notes. Regarding Trademarks KYOCERA MITA Corporation

The main difference between environments is the level of accountability for individual user actions.

Canon imagerunner Hard Disk Drive Data Security Options. Data Encryption and Overwrite

Cloud Portal for imagerunner ADVANCE

Evaluation. Common Criteria. Questions & Answers Xerox and Canon. Xerox Advanced Multifunction Systems

Security White Paper. for KYOCERA MFPs and Printers

User s Guide. Security Operations Ver. 1.02

One Platform for all your Print, Scan and Device Management

Security Solutions. Concerned about information security? You should be!

PrinterOn Embedded Application For Samsung Printers and MFPs

Scan to Cloud Installation Guide

BUSINESS CORE PRINTING SOLUTIONS

Samsung SyncThru Admin 6 Manage, monitor and diagnose printer fleets remotely

Addressing document imaging security issues

Enabling bizhub HDD Security Features

Thick Client Application Security

Security White Paper for KYOCERA MFPs and Printers

Sharp s MFP Security Suite The best of the best in the Market

SECURITY WITHOUT SACRIFICE

SAMSUNG Multifunction Printer Security

I-Fax (Internet Fax) 1: Basic Overview. 2: Benefits to the customer. Machines included:

Installation and Setup Guide

Certification Report

Scan to Network and Scan to Network Premium. Administrator's Guide

Xerox WorkCentre 5325/5330/5335 Security Function Supplementary Guide

Document ID. Cyber security for substation automation products and systems

SECURITY. Konica Minolta s industry-leading security standards SECURITY

Integrated Cloud Environment Google Drive User s Guide

Samsung MobilePrint Convenient, easy printing and scanning from mobile devices

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

This is an example of MFP password entry in the administration mode for hard-disk protection:

Hard Drive Data Security. Chris Bilello Director, Business Development Konica Minolta Business Solutions U.S.A., Inc.

SyncThru Database Migration

Setting Up Scan to SMB on TaskALFA series MFP s.

NERC CIP Requirements and Lexmark Device Security

ACER ProShield. Table of Contents

MULTIFUNCTIONAL DIGITAL SYSTEMS. Operator s Manual for AddressBook Viewer

Integrated Cloud Environment Box User s Guide

NETWORK PRINT MONITOR User Guide

Chapter 4 Managing Your Network

PCI Compliance. Top 10 Questions & Answers

Service Managed Gateway TM. How to Configure a T1/E1 Connection

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Xerox D95/D110/D125 Copier/Printer

Copy Audit Touch Installation and Operating Guide

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

X644e, X646e. User s Guide. January 2006

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Web Connect Guide MFC-J825DW MFC-J835DW. Version 0 USA

SafeCom Smart Printing. Product Overview 40%

DATA SECURITY INFORMATION COMMON CRITERIA ISO-IEC15408

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

HP FutureSmart Firmware Device Hard Disk Security

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Samsung REACH and SIRCH Content management tools for simplified hospitality management of multi-displays

Working Folder Linkage Setup Guide

Common Criteria. Introduction Magnus Ahlbin. Emilie Barse Emilie Barse Magnus Ahlbin

AnyWeb Print Application

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

Software Version 1.0 ConnectKey TM Share to Cloud April Xerox ConnectKey Share to Cloud User / Administrator s Guide

Installation Supplement and Administrator Guide

Certification Report

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

CentreWare Internet Services Setup and User Guide. Version 2.0

Integrated Cloud Environment Scan to Oracle Cloud User s Guide

Contents. Before You Install Server Installation Configuring Print Audit Secure... 10

Manage Address Book. Administrator's Guide

WorkCentre 7425/7428/7435 Security Function Supplementary Guide

PCI Compliance Top 10 Questions and Answers

User s Manual. Management Software for Inverter

IBM Managed Security Services Vulnerability Scanning:

Transcription:

Common Criteria Certification for Samsung Multifunction Printers WHITE PAPER Common Criteria Certification for Samsung Multifunction Printers Introduction This white paper describes the Common Criteria certification process used for the Samsung multifunction printers (MFPs) and the MFP security features. The MFPs this paper applies to include the MultiXpress 6345N, 6555N, and C8380ND models. Overview The Common Criteria (CC) certification process provides the same level of scrutiny and evaluation to IT security products as the Underwriters Laboratories (UL) provides for electrical products, and ISO 9000 certification provides for manufacturing quality processes. By establishing common evaluation requirements and by standardizing the evaluation methods, the Common Criteria system allows testing facilities to evaluate and certify IT products for use in secure environments. In creating a standardized system for evaluating IT security products, the Common Criteria certification process makes it easier for IT departments to identify which products meet their security requirements.

Common Criteria Certification White Paper Many government and military IT departments have adopted CC certification as a requirement for the IT products they purchase. These customers have large IT departments that can account for a significant market share. Samsung s desire to participate in this market sector has led to the pursuit and the acquisition of CC certification for our MFP security features. Target of Evaluation Target of Evaluation or TOE is the designation given to the IT security product submitted to the CC laboratory for evaluation. Samsung submitted the MFP TOE with the designation of Samsung MFP Security Kit Type_A V1.0 to the CC laboratory for evaluation and received an EAL 3 certification. CC Certified Samsung MFP Security Features Malicious attacks on IT infrastructure have increased over the years in exponential numbers. The products that make up our IT systems, which we once thought of as passive and unrelated to security, have been exploited. To counteract these attacks, we have employed new security strategies. Samsung has employed security features on its MFPs to eliminate vulnerabilities to malicious attacks and to protect sensitive information. The Samsung MFP security features include the following: Image Overwrite User Authentication Security Management Security Audit Log Data Flow Management SyncThru TM Web Service User Interface MFP User Interface Image Overwrite User information created during the copying, printing, network scanning, scanning to e-mail, or scanning to server processes is immediately recorded on the MFP s hard drive. To secure this information, the MFP software implements an image overwrite function to erase image data created during the copying, printing, network scanning, scanning to e-mail, or scanning to server processes. The MFP software performs three overwrite passes of the data using the methods defined in Department of Defense (DoD) 5200.28- M. The MFPs can perform two kinds of image overwrites: Immediate Image Overwrite (IIO) The IIO overwrites temporary image files automatically at the completion of each job. On Demand Image Overwrite (ODIO) The ODIO function can be performed manually by the system administrator only. The MFP software implements a hard drive image overwrite security function (IIO) to overwrite temporary files created during the copying, printing, network scan, scan to e-mail, or scan to server process. Immediately after the job has completed, the files on the hard drive are overwritten using a three pass overwrite procedure as described in DoD 5200.28-M. The MFP does not write Fax jobs to the hard drive. 2

White Paper Common Criteria Certification IIO automatically overwrites temporary files created during processing and manually overwrites temporary files created during processing on a specially reserved section of the hard drive. The image overwrite security function can also be invoked manually by the system administrator (ODIO). Once invoked, the ODIO cancels all print and scan jobs, halts the printer interface (network), overwrites the contents of the reserved section on the hard drive, and then the main controller reboots. User Authentication The MFP requires the system administrator to enter authentication before permitting access to the system management items. System administrators include SyncThru TM Web Service administrators and the local system administrators. The SyncThru TM Web Service interface requires you to enter an account and a password to gain administrative access, while the local MFP user interface requires you to enter a PIN to gain administrative access. The MFP can restrict the unauthorized network transmission of scanned data in NetScan, Scan to Server, or Scan to Email jobs. The SyncThru TM Web Service administrator creates, modifies, and deletes the accounts and passwords for the network scan service users. Documents stored on the MFP can be stored using the following methods: Public A document stored using the Public option allows all users to access and use the file. Secured A document stored using the Secured option restricts access to only the user who stored the file. During storage, the user must create a PIN number for accessing the file. Later, when the user wants to access the file, they must enter the correct PIN number or the MFP denies access. System Authentication The system administrator must enter a PIN to access the system administration functions. The SyncThru TM Web Service administrator must enter their account and password in to the SyncThru TM Web Service UI, and the local administrator must type their PIN number in to the MFP UI. The security software displays asterisks instead of characters to hide what they enter. The authentication process will be delayed at the MFP UI for three minutes when 3 wrong PINs are entered in succession. When 3 wrong PINs are entered in the SyncThru TM Web Service UI from one particular browser session, the security software will send an error message to the browser session screen. Security Management Samsung provides tools for managing security features and security data. Managing Security Features The MFP security management features allow authorized administrators to manage the MFP security features locally or remotely. Local administrators can manage the following security features: Enable or disable IIO Enable or disable ODIO Start or stop ODIO Change the local administrator PIN 3

Common Criteria Certification White Paper Remote administrators using SyncThru TM Web Service can manage the following security features when using local certification in network scan service authentication: Create/Change/Delete user account for network scan service. Configure the authentication option for the network scan service (No Authentication, Require Network Authentication, or Require Local Authentication) Change the local administrator s name and password. Enable or disable system audit logs. Download system audit report. Managing Security Data The MFP security management features allow authorized administrators to manage the MFP security data locally or remotely. Local administrators can manage the following security data: Authentication data for local administrators Configuration data for IIO enabling or disabling Remote SyncThru TM Web Service administrators can manage the following security data: Authentication data for web administrators. Configuration data for enabling or disabling system audit logs. Configuration data about network scan service authentication. System audit logs. User information for network scan service System administrators must configure IIO and ODIO to always be enabled. SyncThru TM Web Service administrators must select between Require Network Authentication and Require Local Authentication for network scan service. When selected, the Require Local Authentication option stores user account information on the MFP hard drive, then network administrator must manage them safely. When selected, the Require Network Authentication option stores user information on an authorized server. Users must authenticate by entering their account and password information prior to being granted access to the network resources. That is assuming that the authorized server and remote authentication service are managed safely. Data Flow Management Data flow management security prevents unauthorized access to the internal network from a telephone line or a modem used for fax communication. This feature is standard on MFPs that have built-in fax functionality. If the fax functionality is optional, this feature is enabled when the fax option is installed. The main controller software controls all of the functions of the main controller board as well as the Fax modem board. There is a physical interface between the two. Separation between the PSTN port on the Fax modem board and the network port on the main controller board is established through the architectural design of the main controller software. For incoming faxes, the Fax modem board will signal a request for service from the main controller, which will initiate the fax receive function of the Fax modem board. The main controller software buffers the entire incoming fax data into the main controller board memory. Once the MFP receives the entire job, the main controller software will disconnect the call at the PSTN port. When fax data is determined to be free of malicious codes and verified to be proper information, the main controller software will initiate the marking function of the IOT software to produce hardcopy output. 4

White Paper Common Criteria Certification Security Audit Logs The MFP software generates audit logs that track events/actions (e.g., print/scan/fax job submission) to users based on their network login. Each audit log provides the user s identification, event number, date, time, ID, description, and data. The audit logs are available to SyncThru TM Web Service administrators who can export them for viewing and analysis by using the SyncThru TM Web Service UI. The audit log consists of the following fixed-size input data: Input Number (An integer number from 1 to the number of log data) Event Date (mm/dd/yyyy) Event Time (hh:mm:ss) Event ID (Specific number Refer to the following table) Event ID Event Explanation Input Data 1 System startup Device name, serial number of the device. 2 System shutdown Device name, serial number of the device. 3 ODIO started Device name, serial number of the device. 4 ODIO complete Device name, serial number of the device, completion status. 5 Print Job Job name, user name, completion status, IIO job status, SyncThru TM user s account. 6 Network scan job Job name, user name, completion status, IIO job status, SyncThru TM user s account, total number of the destination address, destination address. 7 Server fax job Job name, user name, completion status, IIO job status, SyncThru TM user s account, total number of faxes received, fax number to receive, destination address. 8 IFAX The security audit does not support this feature. 9 Scan To Email job Job name, user name, completion status, IIO job status, SyncThru TM user s account, total number of SMTP receivers, SMTP receivers. 10 Audit Log Disabled Device name, serial number of the device. 11 Audit Log Enabled Device name, serial number of the device. 12 Copy job Job name, user name, completion status, IIO job status, SyncThru TM user s account. 13 Embedded fax job Job type (sending fax, receiving fax), job name, user name, completion status, IIO job status, SyncThru TM user s account, total number of faxes, faxes received, destination address. 14 PC-Fax job Job name, user name, completion status, IIO job status, SyncThru TM user s account, total number of the faxes, faxes received, destination address. 5

Common Criteria Certification White Paper SyncThru TM Web Service MFP User Interface The browser-based SyncThru TM Web Service UI allows administrators to perform security tasks remotely over the network. The following is an example of the CC certified SyncThru TM Web Service UI: 6

White Paper Common Criteria Certification MFP User Interface The user interface built in to the Samsung MFP allows administrators to perform security tasks locally on the MFP. The following is an example of the CC certified local MFP UI: Users can also securely store and retrieve pages from the MFP by using the Secured option on the local MFP UI: Samsung s Roadmap for Common Criteria and Security Samsung develops more smart devices every day, and the opportunity for malicious attacks on these devices is increasing daily. Samsung is dedicated to providing secure devices throughout its vast product line. As we bring more devices to the market and our customers identify areas of security requirements, we will work hard to create solutions that protect our devices from the latest threats. By obtaining Common Criteria certification, we are confirming our dedication to our customers and letting them know that we have met the challenge and successfully secured our devices for their protection. Samsung is not only reacting to the needs of our customers, we are also helping to define the requirements of all future devices. An example of this effort is the development of a protection profile used for Common Criteria Certification. This will be an industry standard developed by many manufacturers. This program will allow printer and MFP manufacturers to have a set of guidelines to use for building secure devices and it will provide Common Criteria laboratories with a checklist for evaluating printer/mfp security. P2600 is the name of this IEEE Computer Society sponsored program. For more information about P2600, please refer to the following web site: http://grouper.ieee.org/groups/2600/ 7

Common Criteria Certification White Paper About Samsung Electronics America, Information Technology Division Samsung's Information Technology Division (ITD) markets the award-winning line of Samsung printers including; black & white laser printers, black & white multifunction printers, color laser printers, and color multifunction printers. Samsung ITD is committed to supporting the needs of its channel partners in the professional, commercial, corporate, and small/home markets. ITD is a division of Samsung Electronics America (SEA), a U.S. subsidiary of Samsung Electronics Company, Ltd. (SEC). The SEA organization oversees the North American operations of Samsung, including Samsung Telecommunications America, LP, Samsung Electronics Canada, Inc. and Samsung Electronics Mexico, Inc. For more information, please visit www.samsung.com, or call 1-800-SAMSUNG. About Samsung Electronics Samsung Electronics Co., Ltd. is a global leader in semiconductor, telecommunication, digital media and digital convergence technologies with 2007 consolidated sales of $103.4 billion. Employing approximately 150,000 people in 134 offices in 62 countries, the company consists of five main business units: Digital Media Business, LCD Business, Semiconductor Business, Telecommunication Business and Digital Appliance Business. Recognized as one of the fastest growing global brands, Samsung Electronics is a leading producer of digital TVs, memory chips, mobile phones and TFT-LCDs. For more information, please visit www.samsung.com. Samsung MultiXpress C8380ND For more information, please visit www.samsung.com WP_CCC_Rev0A, 14 April 2009 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information