Security Policy Setting Items
The setting items related to the security policy of the machine are described below. Select the check boxes for the items that you want to apply on the setting screen.
Note
-
The same security policy settings are available regardless of differences in the features between models to ensure that a common security policy is shared among Canon printers.
As a result, changes in security policy settings may have no effect on printer function.
Settings that do not affect printer function when configured are presented on the Security Policy Settings page with one of the following explanations.
Note: This setting does affect any functions on this printer. Restrictions will not be applied.
Note: The feature is restricted on this printer, regardless of the security policy.
Default settings are marked with an asterisk (*).
Interface
Wi-Fi policy
Prevent unauthorized access by prohibiting wireless connections.
| Prohibit use of direct connection | ON/OFF* |
|---|---|
| Prohibit use of wireless LAN (Wi-Fi) | ON/OFF* |
USB policy
Prevent unauthorized access and data breaches by prohibiting USB connection.
| Prohibit use of USB connection | ON/OFF* |
|---|---|
| Prohibit use of external USB devices | ON/OFF* |
Network
Communication policy
Increase the security of communications by requiring the verification of signatures and certificates.
| Always verify signatures for SMB/WebDAV server functions | ON/OFF* |
|---|---|
| Always verify server certificate when using TLS | ON/OFF* |
| Prohibit cleartext authentication for server functions | ON/OFF* |
| Prohibit use of SNMPv1 | ON/OFF* |
Port usage policy
Prevent external breaches by closing unused ports.
| Restrict LPD port (port number: 515) | ON/OFF* |
|---|---|
| Restrict RAW port (port number: 9100) | ON/OFF* |
| Restrict FTP port (port number: 21) | ON/OFF* |
| Restrict WSD port (port number: 3702, 60000) | ON/OFF* |
| Restrict BMLinkS port (port number: 1900) | ON/OFF* |
| Restrict IPP port (port number: 631) | ON/OFF* |
| Restrict SMB port (port number: 139, 445) | ON/OFF* |
| Restrict SMTP port (port number: 25) | ON/OFF* |
| Restrict dedicated port (port number: 9002, 9006, 9007, 9011-9015, 9017-9019, 9022, 9023, 9025, 20317, 47545-47547) | ON/OFF* |
| Restrict remote operation's software port (port number: 5900) | ON/OFF* |
| Restrict SIP (IPFAX) port (port number: 5004, 5005, 5060, 5061, 49152) | ON/OFF* |
| Restrict mDNS port (port number: 5353) | ON/OFF* |
| Restrict SLP port (port number: 427) | ON/OFF* |
| Restrict SNMP port (port number: 161) | ON/OFF* |
Authentication
Authentication policy
Prevent unregistered users from performing unauthorized operations by implementing secure user authentication.
| Prohibit guest users from using the printer | ON/OFF* |
|---|---|
| Force auto logout | OFF*, 10, 20, 30, 40, 50 seconds, 1, 2,...9 minutes |
Pwd operation policy
Impose strict limits for password operations.
| Prohibit caching of password for external servers | ON/OFF* |
|---|---|
| Display warning when default password is in use | ON/OFF* |
| Prohibit use of default password for remote access | ON/OFF* |
Password settings policy
Prevent third parties from easily guessing passwords by setting a minimum level of complexity and a period of validity for user authentication passwords.
| Minimum number of characters for password | OFF*, 1 - 32 |
|---|---|
| Password validity period | OFF*, 01-180 days |
| Prohibit use of 3 or more identical consecutive characters | ON/OFF* |
| Require use of at least 1 uppercase character | ON/OFF* |
| Require use of at least 1 lowercase character | ON/OFF* |
| Require use of at least 1 number | ON/OFF* |
| Require use of at least 1 symbol | ON/OFF* |
Lockout policy
Block users from logging in for a specified period of time after a certain number of consecutive invalid login attempts.
| Enable lockout | ON/OFF* |
|---|---|
| Lockout threshold (times) | 1* - 10 |
| Lockout period (minutes) | 1* - 60 |
Key/Certificate
Protect important data by preventing the use of weak encryption, or by saving encrypted user passwords and keys in a designated hardware component.
| Prohibit use of weak encryption | ON/OFF* |
|---|---|
| Prohibit use of keys/certificates with weak encryption | ON/OFF* |
| Use TPM to store password and key | ON/OFF* |
Log
You can periodically survey how the machine is used, by requiring logs to be recorded.
| Force recording of audit log | ON/OFF* |
|---|---|
| Require SNTP settings | ON/OFF* |
| Server name | Address string (Not set*) |
Job
Printing policy
Prevent information leakage from occurring when printing.
| Prohibit immediate printing of received jobs | ON/OFF* |
|---|
Send/Receive policy
Limit the sending operations for destinations, and limit how received data is processed.
| Allow sending only to registered addresses | ON/OFF* |
|---|---|
| Force confirmation of fax number | ON/OFF* |
| Prohibit auto forwarding | ON/OFF* |
Storage
Prevent information leakage by deleting unnecessary data on the storage device.
| Force complete deletion of data | ON/OFF* |
|---|
