Security problem definition, Threats – Dell C7765DN MFP Color Laser Printer User Manual

Page 24

Advertising
background image

Dell C7765dn Security Target

- 20 -

3.

SECURITY PROBLEM DEFINITION

This chapter describes the threats, organizational security policies, and the assumptions for the use of

this TOE.

3.1. Threats

3.1.1. Assets Protected by TOE

This TOE protects the following assets (Figure 5):

(1) Right to use MFD functions

The general user’s right to use each function of the TOE is assumed as an asset to be protected.

(2) Document data stored for job processing

When a general user uses MFD functions of copy, print, fax, and scan, the document data are

temporarily stored in the internal HDD for image processing, transmission, and Store Print. The

user can retrieve the stored document data in the MFD from a general user client by

Configuration Web Tool and Network Scan Utility (with local authentication only). The stored

data include general user’s confidential information and are assumed as assets to be protected.

(3) Used document data

When a general user uses MFD functions of copy, print, fax, and scan, the document data are

temporarily stored in the internal HDD for image processing, transmission, and Store Print. When

the jobs are completed or canceled, only the management information is deleted but the data itself

remains. The residual data include general user’s confidential information and are assumed as

assets to be protected.

(4) Security audit log data

In the function of Security Audit Log, the important events such as device failure, configuration

change and user operation are recorded based on when and who operated what function. For

preventive maintenance and response to the events and detection of unauthorized access, only a

system administrator can retrieve the log data stored in MFD by Configuration Web Tool.

The log data are assumed as assets to be protected.

(5) TOE setting data

A system administrator can set TOE security functions from the MFD control panel or system

administrator client by the function of System Administrator’s Security Management. The setting

data stored in the TOE (see Table 4) can be a threat to other assets if used without authorization

and are assumed as assets to be protected.

Advertising
Popular Brands
Popular manuals