Overview
Printer firmware (FW6.1 or later) defines a default configuration that is reasonably secure and in compliance with regulations. This article highlights some of the key security related changes by firmware level.
Comparison of Secure Default Settings between Firmware Releases
Admin account in ISW
| FW6.1 | FW7 | FW8 |
---|
Admin Account in ISW | Not available | Available by default (opt-in) with option to skip setup (opt-out) | Available by default (opt-in) with option to skip setup (opt-out) |
Disk Encryption
| FW6.1 | FW7 | FW8 |
---|
Disk encryption | OFF | ON | ON |
Default cipher list
Cipher | FW6.1 | FW7 | FW8 |
---|
OWASP Cipher String ‘B’ | x | x | x |
DHE-RSA-AES256-GCM-SHA384 | x | x | x |
DHE-RSA-AES128-GCM-SHA256 | x | x | x |
ECDHE-RSA-AES256-GCM-SHA384 | x | x | x |
ECDHE-RSA-AES128-GCM-SHA256 | x | x | x |
DHE-RSA-AES256-SHA256 | x | x | x |
DHE-RSA-AES128-SHA256 | x | x | x |
ECDHE-RSA-AES256-SHA384 | x | x | x |
ECDHE-RSA-AES128-SHA256 | x | x | x |
ECDHE-RSA-AES256-SHA | x | x | x |
ECDHE-RSA-AES128-SHA | x | x | x |
DHE-RSA-AES256-SHA | x | x | x |
DHE-RSA-AES128-SHA | x | x | x |
TLS_AES_128_GCM_SHA256 | | | x |
TLS_AES_256_GCM_SHA384 | | | x |
Restricted ports
Restricted Ports | FW6.1 | FW7 | FW8 |
---|
TCP 79 (Finger) | x | x | x |
TCP 21 (FTP) | | x | x |
UDP 69 (TFTP) | | x | x |
TCP 5001 (IPDS) | | x | x |
TCP 9600 (IPDS) | | x | x |
TCP 10000 (Telnet) | | x | x |
Restricted functions in admin menu
Restricted Functions | FW6.1 | FW7 (opt‑in) | FW7 (opt‑out) | FW8 (opt‑in) | FW8 (opt‑out) |
---|
Security Menu | | x | | x | |
Network / Ports Menu | | x | | x | |
Function Configuration Menu | | x | | x | |
Option Card Menu | | x | | x | |
SE Menu | | x | | x | |
Restricted functions in device management
Restricted Functions | FW6.1 | FW7 (opt‑in) | FW7 (opt‑out) | FW8 (opt‑in) | FW8 (opt‑out) |
---|
Operator Panel Lock | x | x | x | x | x |
Import / Export All Settings | | x | | x | |
Out of Service Erase | | | | x | |
Solution
Additional security settings can be adjusted as usual after completing the account setup in the Initial Setup Wizard in order to customize the device security to the customers preference.
Further information about security setup can be found in the Embedded Web Server Administrator’s Guide for the product.
LEGACY ID: FA1301