Network Security White Paper
Network Security White Paper for Digital Multifunction and Printing Devices
NOTICE THIS DOCUMENT SHALL NOT BE REPRODUCED IN WHOLE OR IN PART, FOR ANY PURPOSE OR IN ANY FASHION AND DISTRIBUTED WITHOUT THE PRIOR WRITTEN CONSENT OF RICOH CORPORATION. WHICH CONSENT RICOH CORPORATION MAY GRANT OR DENY IN ITS SOLE DISCRETION. All product names, domain names or product illustrations, including desktop images, used in this document are trademarks, registered trademarks or the property of their respective companies. They are used throughout this book in an informational or editorial fashion only and for the benefit of such companies. Ricoh does not grant or intend to grant hereby any right to such trademarks or property to any third parties. No such use, or the use of any trade name, or web site is intended to convey endorsement or other affiliation with Ricoh products. Although best efforts were made to prepare this document, Ricoh Corporation makes no representation or warranties of any kind with regards to the completeness or accuracy of the contents and accepts no liability of any kind including but not limited to performances, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this document.
Technology Solutions Center Ricoh Corporation

Version: 1.1

Page 1 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation

Table of Contents

Section 1 1.1 1.2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.Title Introduction Terms Model Cross Reference Embedded Services and Potential Security Issues Telnet FTP HTTP SNMP SHELL (RSH/RCP) LPD IPP DIPRINT (RAW Print) NBT MDNS HTTPS Others Appendix Page 15
Page 2 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper 1. Introduction This document describes potential internal and external network threats and the recommended precautions for preventing them. The products have built-in network services for providing a variety of features for network clients, such as network scanning, printing or faxing, and also client services for accessing network servers running outside the products, such as an LDAP server, NetWare server, or Mail server. As the products are designed for use inside an Intranet where network clients and servers are protected by firewalls, the products rely on the Intranets security policy, like the security provided by other network servers and clients. However, some customers require more strict security levels for network devices, because potential threats from inside the firewalls are increasing, and some configurations even use a secure connection to the Internet as a part of the Intranet. To satisfy these demands, the products are all evaluated by security scanning applications during development, and also are checked for known vulnerability issues reported by Internet security organizations, such as CERT Coordination Center (CERT/CC : http:// www.cert.org/ ). Whenever we find security vulnerabilities in the products, we provide appropriate countermeasures. For more information, see the current version of the Network Security White Paper and information posted in our online Knowledge Base. 1.1 Terms The following terms are used in this document. Please familiarize yourself with them. The products: This refers to the digital multifunction and printing devices covered by this document, as noted in the Model Cross Reference table. It is intended to mean all of these machines collectively. The physical interface of the Ethernet board on the products.

Host Interface:

1.2 Model Cross Reference

Product Code

B129 B130 B168/B169 B121 B122 B123 B089 B093

Ricoh Corp Model Name

Aficio 1515 Aficio 1515F Aficio 1515MF/1515PS Aficio 2015 Aficio 2018 Aficio 2018D Aficio 2022 Aficio 2027
Savin (USA) Model Gestetner Model Name Name
3515 3515F 3515MF 4018D DSm415 DSm415f DSm415pf DSM615 DSM618 DSM618d DSm622 DSm627

Lanier Model Name

LD015 LD015f LD015spf/ LD015sp LD115 LD118 LD118D LD122 LD127
Page 3 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
B079 B135 B082 B138 B070 B071 B190 B146/B147 B148/B149 G094 G095 G091
Aficio 2035 Aficio 2035e/2035eG Aficio 2045 Aficio 2045e/2045eG Aficio 2090 Aficio 2105 Aficio 2228c Aficio 2232c Aficio 2238c AP400 AP400N AP600N
4035 4035e/4135eG 4045 4045e/4145eG C2820 C3224 C3828 P7325 P7325N P7132N 3532 DSM635/ DSM635g 4532 DSM645/DSM645g DSc328 DSc332 DSc338
LD035 LD135 LD045 LD145 LD090 LD0105 LD228c LD232c LD238c LP026 LP026N LP032
2. Embedded Services and Potential Security Issues
Some server services (Telnet, FTP, etc.) allow write access from network clients. Because of this, some customers may feel that the products are insecure against viruses, worms, or intruder access. The products are secure against such attacks and provide security measures against potential threats to specific services, but some of these measures can make the services unavailable. For example, disabling the LPD port will make the products unavailable for LPR clients. To avoid such an inconvenience, specifying an Access Control list of safe client host addresses is strongly recommended. Once you set up Access Control for specific IP addresses, the products will receive print or scan requests from the specified hosts only. This Access Control is applied for LPD printing, RCP/RSH access, HTTP/HTTPS access (where supported) FTP printing, TCP raw printing (DIPRINT), SMB printing, IPP printing, and scanning from DeskTopBinder. For information on how to set up access control, refer section 3.C of the Appendix. In the following sections, the potential threats and recommended precautions are given for each service. The recommended precautions should be accompanied by a firewall and restricted by Access Control. 2.1. Telnet: 2.1.1. Function Overview The Telnet service provides a virtual terminal service in order to use the maintenance shell (MSHELL). It is compliant with RFC 854. The MSHELL uses TCP port 23 and provides a dedicated command interface for the following functions. Configuring network settings of the products from remote terminals, Monitoring device status and settings from remote terminals,

Page 5 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper The FTP protocol enables the reception of print jobs and firmware files from remote clients. It also provides the files listed in the following table to clients.
File name Syslog Install Stat Prnlog Info Help Fax application files (hidden) Description System log information Install Shell script Printer Status Print log information Printer Information Help Fax job log information Fax counter Fax address book Attribute Read-only Read-only Read-only Read-only Read-only Read-only SmartDeviceMonitor for Admin/Client is required to read/ manage these files.
Table 1: Files Provided to FTP Clients NOTE Only Service Technicians can add firmware to the FTP server. In addition, some of the products do not have this function.
2.2.2. Potential threats and recommended precautions Destruction, corruption and modification of the file system: There is no possibility of destruction, corruption or modification of the file system. Although the FTP service permits write-access, any files that are received by the printer are considered to be a print job or firmware data. When the embedded FTP server receives an executable file, the product prints a binary representation (garbage characters) of the data contained in the executable. As for firmware, a dedicated account and password that are disclosed only to Service Technicians is required to input firmware to the printer using the FTP service. In addition, data is verified by checking the header, IDs and the file format before being used. It is impossible to make a pseudo firmware file to destroy the file system. Possibility of acting as a server for relaying viruses: There is the possibility of accessing other hosts through the products by using the PORT command. This is known as an FTP bounce attack (see: HTTP://cgi.nessus.org/plugins/dump.php3?id=10081 for more information). To prevent this type of attack, close the FTP port. Possibility of successful DoS (Denial of Service) attack: There is a possibility of coming under hostile DoS attack when using the PASV command (see: HTTP://cgi.nessus.org/plugins/dump.php3?id=10085 for more information). If the FTP
Page 6 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper server continues to receive the PASV command, other FTP connection requests will be refused. In order to recover the status of the products, rebooting is required. To prevent this vulnerability, close the FTP port. Theft of password: When accessing the FTP service, the user name and password are sent in clear text because the FTP protocol itself does not support encryption. However, this does not present a major security risk because no changes can be made to the system via FTP. In fact a password and dedicated account is only necessary when updating the firmware and they are given to only Service Technicians. There is no possibility of destruction of the file system from someone using a sniffed account and password because it is impossible to make a pseudo firmware file to destroy the file system. Recommended precautions: As stated earlier, the suggested precaution against the threats to the embedded FTP service is closing the FTP port if you maintain a strict security policy. The port for this service can be completely closed using Web Image Monitor or the MSHELL. 2.3. HTTP: 2.3.1. Function Overview The HTTP (HyperText Transfer Protocol) service provides web services. This service is compliant with RFC 1945 and uses TCP port 80. The following web functions are provided: Configuring machine settings via Web Image Monitor in Administrator mode, Viewing machine settings and status via Web Image Monitor, Managing files saved in the Document Server of the products via DeskTopBinder, Managing user information and retrieving counter information when using User Management Tool in SmartDeviceMonitor for Admin/Client, Managing the Products address book when using Address Management Tool in SmartDeviceMonitor for Admin.

NOTE When logging into Web Image Monitor in Administrator mode, the user must enter the password. The default password is the same as the one used for the MSHELL; password.
2.3.2. Potential threats and recommended precautions Destruction, corruption and modification of the file system: There is no possibility of destruction, corruption or modification of the file system, because no one can access the file system and executable files cannot be processed on the products web server.
Page 7 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper Possibility of acting as a server for relaying viruses: There is no possibility that the products will be used by a virus as an open relay server. The web server was developed by Ricoh and does not allow any malicious, executable files to be processed. Theft of password: When accessing Web Image Monitor, the password is sent with BASE64 encryption. In this case, the password is not sent in clear text, but it is also not particularly difficult to decrypt. Therefore, if the password is intercepted using a packet sniffer and then decrypted, the possibility of unauthorized access and changing of network settings does exist. Recommended precautions: The following are suggested precautions against threats to the HTTP service. The levels described below indicate the level of security (Level 1 is lowest). Take the appropriate action for your security policy. Level 1: Change the password from the default value to something difficult to guess and change it regularly. Since the password is the same as the one for Web Image Monitors Administrator mode, changing it for MSHELL means changing it for Web Image Monitors Administrator mode as well. Disable web function. If it is not needed, Web Image Monitor can be disabled using MSHELL. When the web setting is set to Down, Web Image Monitor does not activate and error 503 Service Unavailable is displayed. Even when not in use, TCP port 80 stays open. Close the HTTP port. The HTTP port can be completely closed with MSHELL. When HTTP is set to Down, Web Image Monitor does not activate and the IPP (Internet Print Protocol) function that allows a printer to be called via HTTP (e.g., HTTP://<printer host name or ip address>/), is not available. Calling a printer via IPP (e.g., IPP://<printer host name or ip address>/), is available.

Level 3:

2.4. SNMP: 2.4.1. Function Overview SNMP (Simple Network Management Protocol) is used to communicate network management information between the network management stations (SNMP manager), such as a PC running a management application, and the agents in the network (SNMP agent), such as printers, scanners, workstations or servers, routers and hubs. The SNMP service is embedded in the products, to provide a method of managing them on the network. This service is compliant with RFC 1157 for SNMP v1 and RFC 1902 for SNMP v2. UPD port 161 is used for SNMP service and UDP port 162 is used for SNMPtrap. The following functions are provided: Configuring the settings of the products, Monitoring the status of the products,
Page 8 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper Detecting the errors of the products.
Although SNMP service is not protected by a password, it is protected using unique community names and assigned access rights (read-only, read-write, trap) within those communities. You can only communicate with or configure an agent if it is a member of the same community and if the access rights allow you to get or modify data in the MIBs (Management Information Base) embedded in the products. Default settings of SNMP community names are follows; Read-only : public Read-Write : admin
2.4.2. Potential threats and recommended precautions Management hosts and agents belong to an SNMP community. An SNMP community is a collection of hosts grouped together for administrative purposes. Defining communities provides security by allowing only management systems and agents within the same community to communicate with each other. However community names are sent in clear text because of the specification of the protocol and can be compromised. The suggested precautions against this threat are as follows. The levels described below indicate the level of security (Level 1 is lowest). Take the appropriate action for your security policy. Level 1: Change the community names from the default value to something difficult to guess and change it regularly. When the community name settings are changed in the agents, the community name settings in the management utilities must also be changed. Close the SNMP port. If it is not absolutely necessary, the SNMP port should be closed via Web Image Monitor or the MSHELL.
2.5. SHELL (RSH/RCP): 2.5.1. Function Overview Remote shell (RSH/RCP) services provide the following functions via TCP port 514. Printing jobs from RSH/RCP clients. Monitoring machine status and settings from RSH/RCP clients. Providing print and system logs to RSH/RCP clients. Transferring scan data to the Twain driver.
2.5.2. Potential threats and recommended precautions Destruction, corruption and modification of the file system: There is no possibility of destruction, corruption or modification of the file system because no one can access the

Page 9 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper file system or kernel and executable files cannot be processed via the remote shell service. Possibility of acting as a server for relaying viruses: There is no possibility that the products will be used by a virus as an open relay server. Although the remote shell service permits write-access, all written data are treated as print jobs. Even if someone sent an executable file via the embedded remote shell service, the products prints the file as garbage data. Theft of user name: The user name is sent in clear text when using the remote shell service. If the user is concerned about this, the port for remote shell service can be completely closed via Web Image Monitor and MSHELL. Recommended precautions: As stated above, there are not many threats that apply to the products. However, if you want to maintain a strict security policy, the RCH/RCP service can be disabled and the port for this service can be completely closed using Web Image Monitor or the MSHELL. 2.6. LPD: 2.6.1. Function Overview The LPD service is one of the TCP/IP Printing Services known as LPD or LPR. This service is compliant with RFC 1179 and uses TCP port 515 for connection with a RFC 1179 compliant client. The following functions are provided by this service: Printing from LPR clients, Monitoring the status of the printer and print queues of LPR clients, Deleting print jobs from print queues of LPR clients.
2.6.2. Potential threats and recommended precautions Destruction, corruption and modification of the file system: There is no possibility of destruction, corruption or modification of the file system or kernel because no one can access it via the LPR service. Possibility of successful DoS (Denial of Service) attacks: There is no possibility of successful DoS attacks. When the products receive data that does not meet the protocol specification, the products will stop the LPD service, and the executed application (if any), at regular steps. Recommended precautions: If a strict security policy is to be maintained, the LPD service can be disabled and the port for this service can be completely closed using Web Image Monitor or the MSHELL. 2.7. IPP: 2.7.1. Function Overview

Page 10 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper The IPP (Internet Printing Protocol) service is used for Internet printing from IPP clients. This service is compliant with RFC 2565 and it uses TCP port 631 or TCP port 80. The following functions are provided by the IPP service: Printing a job from an IPP client, Providing job status to an IPP client.
The IPP service has a user authentication function. 10 accounts are available for IPP service and the password can be set for each account. Both basic and digest authentication are supported. Basic authentication is common, but the user name and password are sent in clear text. Digest authentication is more secure with the user name and password irreversibly encrypted. Both authentication methods are selectable in Web Image Monitor and MSHELL. IPP authentication can also be disabled. In this case, usernames and passwords are not authenticated (The default setting is disabled.). 2.7.2. Potential threats and recommended precautions Destruction, corruption and modification of the file system: There is no possibility of destruction, corruption or modification of the file system because it cant be accessed via the IPP service in the products. Possibility of successful DoS (Denial of Service) attacks: There is no possibility of successful DoS attacks. When the products receive data that can carry out a DoS attack, a waiting period is implemented in the reply process of the products. This reduces the system load and stops the service and application at regular steps if data that falls outside of the protocol specification is present in the system. Recommended precautions: As stated above, there are not many threats that apply to the products. However, if you want to maintain a strict security policy, we recommend the following precautions. The levels described below indicate the level of security (Level 1 is lowest). Take the appropriate action for your security policy. Level 1: Set IPP Authentication to either basic or digest from disabled in Web Image Monitor, MSHELL or the operation panel. Digest authentication is more secure than basic because the username and password are encrypted. Close the IPP (631/TCP) port. If it is not absolutely necessary, the IPP port should be closed via Web Image Monitor or MSHELL. However, using HTTP://<printer host name or IP address>/ (an IPP function) is available.

2.8. DIPRINT (RAW print) 2.8.1. Function Overview
Page 11 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper The DIPRINT (Direct Print or RAW Print) service is Ricoh Company Ltds name for port 9100 communication. This service provides direct printing from remote terminals using TCP port 9100. 2.8.2. Potential threats and recommended precautions There are not many threats in this service because all written data is treated as a print job. Even if someone sent an executable file via the embedded remote shell service, the products would print the file as garbage data. Recommended precautions: As stated above, there are not many threats that apply to the products. However, if you want to maintain a strict security policy, the DIPRINT port can be changed and the port for this service can be completely closed using Web Image Monitor or MSHELL. 2.9. NBT 2.9.1. Function Overview The NBT stands for NetBIOS over TCP/IP. The products provide the NetBIOS (Network Basic Input/Output System) service over TCP/IP instead of NetBEUI (NetBIOS Extended User Interface) so that a remote host can access network services of the products by the NetBIOS name (Computer Name) instead of IP address. This service uses 3 ports, UDP port 137 for NetBIOS-NS (NetBIOS Name Service), UDP port 138 for NetBIOS-DGM (NetBIOS Datagram Service) and TCP port 139 for NetBIOS-SSN (NetBIOS Session Service). SMB (Server Message Block) over TCP/IP is provided by this service as follows: Browsing the print servers from SMB clients, Printing a job from SMB clients, Sending notifications of a job completion to SMB clients.
2.9.2. Potential threats and recommended precautions Possibility of browsing the network by unauthorized parties: If you would not like the products to be browsed by unauthorized parties, the SMB service should be disabled using Web Image Monitor or MSHELL. Possibility of successful DoS (Denial of Service) attacks: There is no possibility of successful DoS attacks. Repeated access and disconnection to TCP port 139 is a well known DoS attack. The products are protected against this by accepting the connections sequentially. When the products receive data that can carry out a DoS attack, the connection with the sender will be disconnected. Recommended precautions: As stated above, if you want to maintain a strict security policy and it is not absolutely necessary, the NetBIOS Session Service (139/TCP) can be disabled using Web Image Monitor (set SMB to disable) or the MSHELL (set SMB to Down). When SMB is disabled, SMB over NetBEUI is also disabled. There is no

Page 12 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper method to disable only NetBIOS Session Service (139/TCP) without disabling SMB over NetBEUI. UDP port 137 and 138 cannot be closed even if SMB is disabled. 2.10. MDNS 2.10.1. Function Overview MDNS (Multicast DNS) is a way of using familiar DNS programming interfaces, packet formats and operating semantics, in a small network where no conventional DNS server has been installed. It uses UDP port 5353 The products only use MDNS for Apples Rendezvous application. If Rendezvous is not being used, port 5353 can be closed. 2.10.2. Potential threat and recommended precaution Destruction, corruption and modification of the file system: It may be possible for unauthorized parties to access available services and device information while Rendezvous and MDNS are being used. Possibility of successful Dos (Denial of Service) attacks: The possibility of a successful attack of this type is considered small at this time. Recommended precautions: If you want to maintain a strict security policy, the MDNS port (5353/udp) can be completely closed using Web Image Monitor or the MSHELL. (If Apples Rendezvous application is turned off, the MDNS port is closed automatically.) 2.11. HTTPS 2.11.1. Function Overview HTTPS is HTTP over SSL (Secure Socket Layer). HTTPS provides the same functions as HTTP. HTTPS maintains higher security than HTTP because SSL provides the following features: Server authentication/certification. (Protects against server spoofing.) Data Encryption. (Protects against wiretap/falsification.)
NOTE SSL is a communication technology used for secure connections between two hosts. The primary goal of the SSL Protocol is to provide privacy and reliability between two communicating applications. SSL is layered on top of some reliable transport protocol (e.g., TCP). SSL allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data.
2.11.2. Potential threats and recommended precautions
Page 13 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper Destruction, corruption or modification of the file system: There is no possibility of destruction, corruption or modification of the file system. Because no one can access the file system and executable files cannot be processed on the products web server. Possibility of acting as a server for relaying viruses: There is no possibility that the products will be used by a virus as an open relay server. The web server was developed by Ricoh and does not allow any malicious and executable files to be processed. Possibility of attacker taking advantage of a heap corruption error in OpenSSL: There is a possibility of causing a crash on the products by taking advantage of a heap corruption bug in the version of the OpenSSL used by the products. This will result in a crash which causes a DoS (Denial of Service) or which will disable secure communications (HTTPS). (see: http://cgi.nessus.org/plugins/dump.php3?id=11875 for more information). To prevent this vulnerability, close the HTTPS port. Theft of password: When using HTTPS, all data including the password is encrypted using SSL. This is safer than sending passwords encoded in Base 64 (using HTTP). Recommended precautions: The following are suggested precautions against threats to the HTTPS service. The levels described below indicate the level of security (Level 1 is lowest). Please take the appropriate action for your security policy. Level 1: Change the password from the default value to something difficult to guess and change it regularly. Note the password is the same as the one for logging in to the MSHELL. So, changing the password for Web Image Monitors Administrator mode means changing it for the MSHELL as well. Disable web function. If it is not needed, Web Image Monitor can be disabled using the MSHELL. When web is set to Down, Web Image Monitor does not activate and the error 503 Service Unavailable is displayed. Even when not in use, TCP port 443 stays open and is therefore HTTPS is available for IPP printing. Close the HTTPS port. The HTTPS port can be completely closed with MSHELL. In this case, both Web Image Monitor and IPP (Internet Print Protocol) are unavailable via HTTPS. If the HTTPS port is closed, Web Image Monitor and IPP printing are still available via HTTP.

Page 17 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Protocol SAP RIP APPLETALK PAP NetBeui Protocol Suite IPX/SPX IPX/SPX APPLETALK APPLETALK NETBEUI Commonly Used Port Description of the protocols function in GW Products. Num. 1) Broadcasts to availability of print services. 1) Broadcasts route information. 1) Providing APPLETALK connections. 1) Providing APPLETALK printing services 1) Providing NetBEUI connections.
Page 18 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper 3.C. The Purpose of Access Control The products will accept communication only from a set range of IP addresses. This can be applied to connections from LPR, RCP/RSH, HTTP, HTTPS (where supported), FTP, DIPRINT, SMB, IPP, and DeskTopBinder, but cannot be applied to Telnet, a web browser or SmartDeviceMonitor. 3.C.1. Web Image Monitor Web Image Monitor can be used for accessing the products. A supported browser such as Microsoft Internet Explorer and the products IP address is required. 1. Enter the IP address in the address field using the following form: http://printer host name or IP address and click on Go. The following page should be displayed:
NOTE Take note of the blue bar near the top of the web page shown below. This indicates that you are in normal, user mode
Click on Administrator Mode. A network password dialog will be displayed.
Page 19 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
In order to access Administrator mode, a password is required. (The default password is password). Login to enter Administrator mode. You will know that you are in administrator mode if the bar at the top of the main frame is brown instead of blue.
Page 20 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper 4. To open the access control settings, click Configuration then Security then Access Control in the left frame.
Enter the range of IP addresses that you wish to permit communication with and click the Apply button. The products will now accept communications from the IP addresses you have specified.
Page 21 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Page 22 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper 3.C.2. MSHELL 1. Access the products, using a Telnet client. In this case the Windows 2000 standard Telnet client is shown.

Open the Maintenance Shell (MSHELL) by entering telnet followed by the IP address of the product you need to access. A password will be required for this. (The default password is password). Using the access command input the access control range.
Page 23 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper NOTE For example: The command: msh> access 1 range 172.16.1.0 172.16.2.0 will permit access from 172.16.1.0 to 172.16.2.0 The command: msh> access flush will clear all access ranges.
If changes have been made, the following question will appear before the user logs out. Do you save configuration data? Enter yes to commit the changes or no to discard them.
Page 24 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Network Security White Paper 3.D. How to Disable Services The following services can be enabled or disabled by selecting up or down. TCPIP, NETWARE(1, below), SMB(2, below), APPLETALK, LPR, FTP(3, below), RSH, DIPRINT, web(Only MSHELL) (4, below), SNMP(5, below), IPP(6, below), HTTP(Only MSHELL) (7, below), IP1394, SCSIPRINT, Telnet (Only MSHELL) 1. NETWARE: Setting NETWARE to down, disables the IPX/SPX protocol and NCP/IP (Netware Core Protocol/Internet Protocol). Therefore if NETWARE is down, printing in the IPX/SPX environment and in the pure IP environment is unavailable. LPR in NDPS and iPrint (IPP Printing) are unaffected. SMB: Setting SMB to down, closes NetBIOS Session Service (139/TCP) as well as NetBEUI. However affects only the server service. The client service is not affected. Therefore, if SMB is down, Scan to SMB can still be used. FTP: Setting FTP to down, closes the FTP port (21/TCP), however the FTP client function is still available. Therefore if this function is down, Scan to FTP is still available. WEB: Setting web to down, disables the Web Image Monitor. However even if this function is disabled, HTTP Port (80/TCP) will still be open. Therefore if this function is disabled, IPP printing using HTTP Port (80/TCP) is still available. SNMP: Setting SNMP to down, closes SNMP port (161/UDP). In addition when SNMP is down, the SNMP trap function and SNMP function over IPX/SPX are not available. IPP; Setting IPP to down, disables the IPP printing function but doesnt close the IPP Port (631/TCP). Therefore if IPP is down, IPP printing using HTTP (80/TCP) is still available. HTTP; Setting HTTP to down, closes HTTP Port (80/TCP). Therefore, not only Web Image Monitor but also IPP printing using HTTP port (80/TCP) is disabled.

3.D.1. Web Image Monitor Refer to section 3.C.1. Web Image Monitor, for steps 1 through 3 of this procedure. Continue with step 4, below. 4: To access the protocol settings click Configuration, then Network, then Protocol, and then Protocol in the left frame as shown below.
NOTE All protocols are enabled by default.
Page 25 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation

5: 1. 2.

Set the services you wish to stop by selecting Disable in the drop down list box. Access MSHELL as described in 3.C.2. MSHELL above. When you reach the msh> prompt, enter set http down to disable HTTP.

3.D.2. MSHELL

NOTE The parameters in the following screen capture show the set command usage and protocols.
Page 26 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation
Close your MSHELL session by entering logout at the msh> prompt. Close Telnet by entering quit.

5. Summary

In this document you learned about potential threats to network security and the recommended precautions to take to protect the products. You should now be able to take appropriate actions to ensure the security of your networked devices. The following websites are provided as reference so you can learn more about network security: RFC: http://www.faqs.org/rfcs/ CVE: http://cve.mitre.org/ CERT: http://www.cert.org/ CIAC: http://www.ciac.org/ciac/ SecurityFocus: http://www.securityfocus.com/ NESSUS: http://www.nessus.org/index2.html
Page 27 of 27 Visit our knowledgebase at: HTTP://www.ricoh-usa.com/support/knowledgebase.asp Copyright 2004 Ricoh Corporation