Ricoh Mp 3351 User Guide
Have a look at the manual Ricoh Mp 3351 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 127 Ricoh manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Page 1 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Aficio MP 2851/3351 series with Fax Option Type 3351 Security Target Author : RICOH COMPANY, LTD., Yasushi FUNAKI Date : 2010-06-17 Version : 1.00
Page 2 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Revision History Version Date Author Details 1.00 2010-06-17 Yasushi FUNAKI Released version.
Page 3 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Table of Contents 1 ST Introduction....................................................................................7 1.1 ST Reference..................................................................................7 1.2 TOE Reference................................................................................7 1.3 TOE Overview................................................................................8 1.3.1 TOE Type.....................................................................................................8 1.3.2 TOE Usage and Major Security Features of TOE.............................................8 1.3.3 Environment for TOE Usage and Non-TOE Configuration Items.......................8 1.4 TOE Description.............................................................................10 1.4.1 Physical Boundaries of TOE.........................................................................10 1.4.2 Guidance Documents...................................................................................13 1.4.3 User Roles..................................................................................................16 1.4.3.1 Responsible Manager of MFP.................................................................16 1.4.3.2 Administrator.......................................................................................16 1.4.3.3 Supervisor............................................................................................16 1.4.3.4 General User........................................................................................17 1.4.3.5 Customer Engineer...............................................................................17 1.4.4 Logical Boundaries of TOE...........................................................................17 1.4.4.1 Basic Functions....................................................................................17 1.4.4.2 Security Functions................................................................................19 1.4.5 Protected Assets..........................................................................................23 1.4.5.1 Document Data.....................................................................................23 1.4.5.2 Print Data............................................................................................24 2 Conformance Claims.............................................................................25 2.1 CC conformance Claim.....................................................................25 2.2 PP Claims, Package Claims................................................................25 2.3 Conformance Rationale.....................................................................25 3 Security Problem Definitions...................................................................26 3.1 Threats.......................................................................................26 3.2 Organisational Security Policies...........................................................26
Page 4 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 3.3 Assumptions.................................................................................27 4 Security Objectives...............................................................................28 4.1 Security Objectives for TOE................................................................28 4.2 Security Objectives of Operational Environment........................................29 4.3 Security Objectives Rationale..............................................................29 4.3.1 Tracing.......................................................................................................29 4.3.2 Tracing Justification....................................................................................30 5 Extended Components Definition...............................................................33 6 Security Requirements..........................................................................34 6.1 Security Functional Requirements........................................................34 6.1.1 Class FAU: Security audit............................................................................34 6.1.2 Class FCS: Cryptographic support................................................................38 6.1.3 Class FDP: User data protection...................................................................39 6.1.4 Class FIA: Identification and authentication.................................................42 6.1.5 Class FMT: Security management................................................................45 6.1.6 Class FPT: Protection of the TSF..................................................................51 6.1.7 Class FTP: Trusted path/channels................................................................52 6.2 Security Assurance Requirements.........................................................54 6.3 Security Requirements Rationale..........................................................55 6.3.1 Tracing.......................................................................................................55 6.3.2 Justification of Traceability..........................................................................56 6.3.3 Dependency Analysis...................................................................................60 6.3.4 Security Assurance Requirements Rationale..................................................62 7 TOE Summary Specification....................................................................63 7.1 TOE Security Function.....................................................................63 7.1.1 SF.AUDIT Audit Function.........................................................................64 7.1.1.1 Generation of Audit Logs.......................................................................64 7.1.1.2 Reading Audit Logs...............................................................................66 7.1.1.3 Protection of Audit Logs........................................................................66 7.1.1.4 Time Stamps........................................................................................66 7.1.2 SF.I&A User Identification and Authentication Function..............................66 7.1.2.1 User Identification and Authentication...................................................67 7.1.2.2 Actions in Event of Identification and Authentication Failure...................67
Page 5 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 7.1.2.3 Password Feedback Area Protection.......................................................68 7.1.2.4 Password Registration...........................................................................68 7.1.3 SF.DOC_ACC Document Data Access Control Function................................69 7.1.3.1 General User Operations on Document Data...........................................69 7.1.3.2 File Administrator Operations on Document Data...................................70 7.1.4 SF.SEC_MNG Security Management Function............................................70 7.1.4.1 Management of Document Data ACL......................................................70 7.1.4.2 Management of Administrator Information.............................................71 7.1.4.3 Management of Supervisor Information..................................................72 7.1.4.4 Management of General User Information..............................................72 7.1.4.5 Management of Machine Control Data....................................................73 7.1.5 SF.CE_OPE_LOCK Service Mode Lock Function...........................................74 7.1.6 SF.CIPHER Encryption Function...............................................................74 7.1.6.1 Encryption of Document Data................................................................74 7.1.7 SF.NET_PROT Network Communication Data Protection Function.................75 7.1.7.1 Use of Web Service Function from Client Computer.................................75 7.1.7.2 Printing and Faxing from Client Computer.............................................75 7.1.7.3 Sending by E-mail from TOE.................................................................75 7.1.7.4 Delivering to Folders from TOE.............................................................75 7.1.8 SF.FAX_LINE Protection Function for Intrusion via Telephone Line.............75 7.1.9 SF.GENUINE MFP Control Software Verification Function..........................76 8 Appendix..........................................................................................77 8.1 Definitions of Terminology.................................................................77 8.2 References....................................................................................81
Page 6 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. List of Figures Figure 1: Example TOE environment..............................................................................................................9 Figure 2: Hardware configuration of TOE.....................................................................................................11 Figure 3: Logical boundaries of TOE.............................................................................................................17 List of Tables Table 1: List of administrator roles................................................................................................................16 Table 2: Correspondence between operations authorised by permissions to process document data and operations possible on document data............................................................................................................21 Table 3: Relationship between security environment and security objectives...............................................30 Table 4: List of auditable events....................................................................................................................34 Table 5: List of cryptographic key generation................................................................................................39 Table 6: List of Cryptographic operations......................................................................................................39 Table 7: List of subjects, objects, and operations among subjects and objects..............................................40 Table 8: Subjects, objects and security attributes...........................................................................................40 Table 9: Rules governing access....................................................................................................................40 Table 10: Rules governing access explicitly..................................................................................................41 Table 11: List of subjects, information and operation....................................................................................41 Table 12: Security attributes corresponding to subjects or information.........................................................42 Table 13: List of authentication events...........................................................................................................42 Table 14: Lockout release actions..................................................................................................................43 Table 15: Rules for initial association of attributes........................................................................................45 Table 16: Management roles of security attributes.........................................................................................45 Table 17: Characteristics of static attribute initialisation...............................................................................46 Table 18: List of TSF data management.........................................................................................................47 Table 19: List of specifications of Management Functions............................................................................48 Table 20: Services requiring trusted paths.....................................................................................................53 Table 21: TOE Security assurance requirements (EAL3)..............................................................................54 Table 22: Relationship between security objectives and functional requirements.........................................55 Table 23: Correspondence of dependencies of TOE security functional requirements..................................60 Table 24: Relationship between TOE security functional requirements and TOE security functions...........63 Table 25: Auditable events and auditable information...................................................................................65 Table 26: User roles and authentication methods...........................................................................................67 Table 27: Unlocking administrators for each user role..................................................................................68 Table 28: Default value for document data ACL...........................................................................................69 Table 29: Operations on document data ACL and Authorised users..............................................................70 Table 30: Access to administrator information...............................................................................................71 Table 31: Authorised operations on general user information........................................................................72 Table 32: Administrators authorised to specify machine control data............................................................73 Table 33: List of encryption operations on data stored on the HDD..............................................................74 Table 34: Specific terms used in this ST........................................................................................................77
Page 7 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. 1 ST Introduction This section describes the ST reference, TOE reference, TOE overview, and TOE description. 1.1 ST Reference The following are the identification information of this ST. ST Title : Aficio MP 2851/3351 series with Fax Option Type 3351 Security Target ST Version : 1.00 Date : 2010-06-17 Author : RICOH COMPANY, LTD., Yasushi FUNAKI 1.2 TOE Reference This TOE is a digital multi function product (hereafter called an MFP) with an optional product, Fax Controller Unit (hereafter called an FCU), and is identified by the name of the MFP, version of software/hardware, and the name and version of the FCU. The TOE is a combination of one of the following MFPs and an FCU, and also matches the following software/hardware version. Manufacturer : RICOH COMPANY, LTD. MFP Name : Ricoh Aficio MP 2851, Ricoh Aficio MP 3351 Savin 9228, Savin 9233 Lanier LD528, Lanier LD533 Lanier MP 2851, Lanier MP 3351 Gestetner MP 2851, Gestetner MP 3351 nashuatec MP 2851, nashuatec MP 3351 Rex-Rotary MP 2851, Rex-Rotary MP 3351 infotec MP 2851, infotec MP 3351 MFP Software /Hardware Version : Software System/Copy 1.00 Network Support 7.29.3 Scanner 01.12 Printer 1.01 Fax 01.00.00 Web Support 1.01 Web Uapl 1.03 Network Doc Box 1.00 Hardware Ic Key 1100 Ic Hdd 01 FCU Name : Fax Option Type 3351
Page 8 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. FCU Version : GWFCU3-20(WW) 01.00.00 Keywords : Digital MFP, Documents, Copy, Print, Scanner, Fax, Network, Office 1.3 TOE Overview This section defines the TOE type, TOE usage and major security features of the TOE, the environment for the TOE usage and non-TOE configuration items. 1.3.1 TOE Type The TOE is a digital MFP, which is an IT device that provides the functions of a copier, scanner, printer, and fax (optional). These functions are for digitising paper documents and managing and printing them. 1.3.2 TOE Usage and Major Security Features of TOE The TOE has functions for inputting paper and electronic documents into the TOE, storing the input document data, and outputting it. Paper documents are input using the MFPs scanning device, and electronic documents are input by receiving them from a client computer via a network, USB connection, or fax. The output function includes printing, Fax Transmission, and transferring to networked servers or client computers. The TOE incorporates some of these functions and provides a Copy Function, Scanner Function, Printer Function, and Fax Function. Users can use these functions from the Operation Panel. Users can also use some of these functions remotely. The following are the major Security Functions of the TOE in this ST: 1. Audit Function 2. Identification and Authentication Function 3. Document Data Access Control Function 4. Stored Data Protection Function 5. Network Communication Data Protection Function 6. Security Management Function 7. Service Mode Lock Function 8. Telephone Line Intrusion Protection Function 9. MFP Control Software Verification Function For the Security Functions listed above, each function is described in 1.4.4.2 Security Functions. 1.3.3 Environment for TOE Usage and Non-TOE Configuration Items The TOE is assumed to be located in a general office. The TOE can be connected to other devices over a network, telephone line, or USB connection, according to users needs. Users can operate the TOE from the Operation Panel, a client computer connected to the local network, or a client computer connected to the TOE through USB. Figure 1 shows an example of the assumed TOE environment.
Page 9 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. Internal networkInternet (External network) Telephone lineOfficeFirewallUSB ConnectPrinter driver Fax driver Web browserPrinter driver Fax driverMFP (TOE)Client computerClient computerSMTP serverFTP serverSMB server Figure 1: Example TOE environment The following describes non-TOE configuration: Internal Network The internal network connects the TOE with various types of servers (FTP, SMB, and SMTP servers) and client computers. It is connected to the Internet via firewall. IPv4 is for the protocol of the internal network. Client Computer A Web browser of a client computer that is connected to the internal network allows users to access and operate the TOE, and permits data communications. Internet Explorer 6.0 or later must be pre-installed on the client computer. To print and fax from the client computer via the internal network or USB connection, the PCL printer driver and fax driver must be downloaded and installed into the client computer from the website indicated in the user guidance. FTP Server An FTP server is used for the TOE to deliver the document data stored in the TOE to folders in the FTP server.
Page 10 of 81 Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved. SMB Server An SMB server is used for the TOE to send the document data stored in the TOE to folders in the SMB server. SMTP Server An SMTP server is used for the TOE to send the document data stored in the TOE to a client computer by e-mail. Telephone Line A telephone line is a line used to send and receive fax data from an external fax when the optional fax is installed. Firewall A firewall is a device that is set between the internal and the external network and protects the internal network from the external network. 1.4 TOE Description This section describes the Physical boundaries of the TOE, user guidance documents, user roles, logical boundaries of the TOE, and protected assets. 1.4.1 Physical Boundaries of TOE The physical boundary of the TOE is the MFP, which consists of the following hardware (shown in Figure 2): Operation Panel Unit, Engine Unit, Fax Unit, Controller Board, Ic Hdd, HDD, Network Unit, USB Port, and SD Card Slot. Figure 2 outlines the configuration of the TOE hardware.