Canon Paper Shredder User Manual

5

White Paper: Canon imageRUNNER ADVANCE Security

Section 2 — Device Security

2.1 — imageRUNNER ADVANCE Controller Security

The imageRUNNER ADVANCE series is built upon a new platform that provides powerful enhancements to
security and productivity. The new architecture centers on a new operating system powered by an embedded
version of Linux, which is quickly becoming the most widely adopted platform for sophisticated devices. The
source version used by imageRUNNER ADVANCE devices has been hardened by removing all unnecessary
drivers and services so that only the ones essential to its operation are included.

The nature of embedded Linux and the hardening of the operating system drastically reduce the exposure to
exploits as compared to a desktop or server version of a Linux or Windows operating system. Canon strives to
develop products that meet or exceed our customer’s security requirements. Some of the security related activities
include independent testing by security consulting companies of Canon imageRUNNER ADVANCE devices
during various phases of the development process to flush out any potential vulnerability prior to production. Also,
Canon has collaborated with industry initiatives, such as the development of the IEEE 2600.1 CC Certification
standards for hardcopy device and system security.

2.2 – Authentication

Canon imageRUNNER ADVANCE systems include a number of authentication options which administrators can
use to ensure that only approved walk-up and network-based users can access the device and its functions, such as
print, copy and Scan and Send features. Beyond limiting access to only authorized users, authentication also
provides the ability to control usage of color output, and total print counts by department or user.

Device-Based Authentication

Department ID Mode

An embedded feature within imageRUNNER ADVANCE systems, the Department ID Management mode
permits administrators to control device access. If Department ID authentication is enabled, end users are
required to enter a password before they are able to access the device. Up to 1,000 Department IDs can be
configured and each can be configured with device function limitations, such as limiting, printing, copying
and access to Advance Boxes, Mail Boxes and facsimile.

Access to Advanced Boxes, Mail Boxes, and Scan and Send (if applicable) can each be turned “On” or
“Off” from the Limit Functions screen located under Department ID Management.

The settings can be made under Settings / Registration > Management Settings > User
Management > Department ID Management

Single Sign On (SSO) and SSO Hybrid (SSO-H) Login

Single Sign On (SSO) is a Multifunctional Embedded Application Platform (MEAP) login service that can
be used stand-alone with user data registered locally on the device or in conjunction with an Active
Directory (AD) network environment. SSO supports the following modes:

 Local Device Authentication – with credentials stored in the device

 Domain Authentication – in this mode, user authentication can be linked to an Active Directory

environment on the network

 Domain Authentication + Local Device Authentication