KYOCERA PA4500ci Versatile Color Printer User Guide
- May 15, 2024
- Kyocera
Table of Contents
KYOCERA PA4500ci Versatile Color Printer
Introduction
This Setup Guide explains the procedures for installing and operating the Data Encryption/Overwrite Functions (hereinafter called Security Functions) and the procedure for system initialization. Organization administrators should read and understand this manual.
- Nominate a reliable person for the machine administrator when installing the security functions.
- Sufficiently supervise the nominated administrator so that it can observe the security policy and operation rules at the organization to which it belongs and properly operate the machine in accordance with the operation guide of the product.
- Sufficiently supervise the general users so that they can operate the machine while observing the security policy and operation rules at the organization to which they belong.
Instructions for General Users (for Both General Users and Administrators)
Security Functions
The security functions enable overwriting and encryption
Overwriting
Printers store print jobs as data in the SSD and print from that data. Users
can also store various types of data in the SSD. As the data storage area used
for such data remains in the SSD as is until it is overwritten by other data,
the data stored here remains restorable using special tools for undesirable
use. The security functions delete and overwrite (hereinafter collectively
referred to as overwrite(s)) the unnecessary data storage area used for the
output data or deleted data to ensure that data cannot be restored.
Overwriting is performed automatically, without user intervention.
CAUTION: When you cancel a job, the machine immediately starts overwriting the data that has been already stored in the SSD.
Encryption
Printers store Custom Box and Job Box data in the SSD. It means the data could
be possibly leaked or tampered with if the SSD is stolen. The security
functions encrypt data before storing it in the SSD. It guarantees higher
security because no data cannot be decoded by ordinary output or operations.
Encryption is automatically performed and no special procedure is required.
Security Functions
Touch Panel Display after the Security Functions are Installed
The hard disk icon display changes as follows during overwriting The table below shows the icons displayed and their descriptions.
When the security kit has been installed and is running properly, Icon appears in the touch panel while unneeded data is being overwritten.
CAUTION: Do not turn the power switch off during overwriting. It may crash the SSD.
NOTE: If you turn the machine off at the power switch during overwriting, data may not be overwritten completely from the SSD. Turn the machine back on at the power switch. Overwriting automatically resumes.
Instructions for Administrators (for Those in Charge of Installation and Operations of the Security Functions)
If any kind of problem occurs in the installation or use of the security functions, contact your dealer or service technician.
Installing the Security Functions
Before Installation
- Make sure that the service representative must be a person who belongs to the supplying company.
- Install the machine in a safe location with controlled access, and unauthorized access to the machine can be prevented.
- The system will be initialized during the installation of the security functions. This means that the data stored in the SSD will be all overwritten. Special attention should be given if you install the security kit on the Printer currently used.
- The network to which the machine is hooked up must be protected by a firewall to prevent extraneous attacks.
- When installing the security functions, change the machine settings as follows.
| Item | Value |
|---|
User Login/Job
Accounting
| User Login Setting| Local User List| Change the administrator
password.
Date/Timer/ Energy Saver| Date/Timer| Set the date and time.
Installation
Installation of the security functions should be performed by the service
personnel. The administrator should log in to the menu to enter the
encryption code under the supervision of the service representative.
Encryption Code
An encryption code of 8 alphanumeric characters (0 to 9, A to Z, a to Z) to
encrypt data needs to be entered. By default, the code is set to 00000000. As
an encryption key is then created from this code, it is safe enough to
continue using the default code.
Installation Procedure
Use the procedure below to select the interface.
- Press the [System Menu/Counter] key.
- Press [ ] and [System/Network].
- If user login is disabled, the user authentication screen appears. Enter your login username and password and then press [Login]. For this, you need to log in with administrator privileges. Refer to the machine’s Operation Guide for the default login username and password.
- Press and [Option Function]. The optional function screen is displayed. Select Data Encr./Overwrite and press [Activate].
- This function will be activated. The data saved in the large-capacity storage will be deleted and the storage will be formatted and encrypted. If there is no problem, press [Yes].
- Turn the power switch on again following to the indication in the panel screen.
- The screen for entering the encryption code is displayed. To change the encryption code, erase the “00000000” and then enter the 8-digit alphanumeric encryption code (0 to 9, A to Z, a to z) and press [OK]. SSD formatting begins. If the encryption code is not changed, press [OK]. SSD formatting begins.
- When formatting finishes, follow the on-screen instructions to turn the Power Switch off and on again.
- After the opening screen is displayed, confirm that a hard disk icon (Overwritten completion icon of unnecessary data) is shown in the top right corner of the screen.
After Installation
Change the machine setting as follows to securely operate it. If the system in
the machine is initialized, it returns to the settings before installation, so
make changes in the same way. If you allow service personnel to conduct
maintenance operations, confirm the set values
Items changed in Command Center RX
| Item | Value |
|---|
Device
Settings
| Energy
Saver/Timer
| Timer Settings| Auto Panel
Reset
| On
Panel
Reset Timer
| Setting any value
Function Settings| Printer| General| Remote Printing| Prohibit
Network Settings| TCP/IP| TCP/IP Settings| Bonjour Settings| Bonjour| Off
IPSec Settings| IPSec| On
Restriction| Allowed
Allowed
IPSec Rules*
(“Settings” selection of any of Rule No.)
| Policy| Rule| On
Key
Manageme nt Type
| IKEv1
Encapsulate
on Mode
| Transport
IP Address| IP Version| IPv4
IP Address
(IPv4)
| IP Address of the
destination terminal
Subnet
Mask
| Setting any
value
Authentication| Local Side| Authentication
on Type
| Pre-shared Key
Pre-shared
Key
| Setting any
value
Key Exchange (IKE phase1)| Mode| Main mode
Hash| MD5:Disable,
SHA1:Disable, SHA-256:Enable, SHA-384:Enable, SHA-512:Enable AES-
XCBC:Disable
Encryption| 3DES: Enable,
AES-CBC-128:
Enable,
AES-CBC-192:
Enable,
AES-CBC-256:
Enable
| Item | Value |
|---|
Network
Settings
| TCP/IP| Allowed
IPSec Rules*
(“Settings” selection of any of Rule No.)
| Key Exchange (IKE phase1)| Diffie-
Hellman Group
| Select one from
following option. modp2048(14), modp4096(16), modp6144(17), modp8192(18), ecp256(19), ecp384(20), ecp521(21), modp1024s160 (22),
modp2048s224 (23),
modp2048s256 (24)
Lifetime(Time)| 28800 seconds
Data Protection (IKE phase2)| Protocol| ESP
Hash| MD5:Disable,
SHA1:Disable, SHA-256:Enable, SHA-384:Enable, SHA-512:Enable, AES-XCBC:
Setting any value,
AES-GCM-
128:Enable, AES-GCM-
192:Enable, AES-GCM-
256:Enable, AES-GMAC128:
Setting any value,
AES-GMAC-192:
Setting any value,
AES-GMAC-256:
Setting any value
Encryption| 3DES : Enable,
AES-CBC-128 :
Enable ,
AES-CBC-192 :
Enable ,
AES-CBC-256 :
Enable,
AES-GCM-128 :
Enable,
AES-GCM-192 :
Enable,
AES-GCM-256 :
Enable, AES-CTR :
Disable
PFS| Off
Lifetime
Measurement
| Time & Data Size
Lifetime (Time)| 3600 seconds
Lifetime
(Data Size)
| 100000 KB
Extended
Sequence Number
| Off
Item| Value
---|---
Network
Settings
| Protocol| Protocol Settings| Print
Protocols
| NetBEUI| Off
LPD| Off
FTP Server
(Reception)
| Off
IPP| Off
IPP over TLS| On
IPP
Authenticati on
| Off
Raw| Off
WSD Print| Off
POP3
(E-mail RX)
| Off
Send
Protocols
| SMTP
(E-mail TX)
| On
SMTP (E-
mail TX) – Certificate Auto Verification
| Validity Period:
Enable
Other
Protocols
| SNMPv1/v2c| Off
SNMPv3| Off
HTTP| Off
HTTPS| On
HTTP(Client
side) – Certificate Auto Verification
| Validity Period :
Enable
Enhanced
WSD
| Off
Enhanced
WSD(TLS)
| On
LDAP| On
IEEE802.1X| Off
LLTD| Off
REST| Off
REST over
TLS
| Off
VNC(RFB)| Off
VNC(RFB)
over TLS
| Off
Enhanced
VNC(RFB)
over TLS
| Off
OCSP/CRL
Settings
| Off
Syslog| Off
Item| Value
---|---
Security
Settings
| Device
Security
| Device
Security Settings
| Job Status/Job Log Settings| Display Jobs
Detail Status
| My Jobs Only
Display Jobs
Log
| My Jobs Only
Authenticatio
n Security Settings
| Password
Policy Settings
| Password
Policy
| On
Maximum
password age
| Setting any
value
Minimum
password length
| On
8 or more characters
Password
complexity
| Setting any
value
User Account
Lockout Settings
| Lockout
Policy
| On
Number of
Retries until Locked
| Setting any
value
Lockout
Duration
| Setting any
value
Lockout
Target
| All
Network
Security
| Network
Security Settings
| Secure
Protocol Settings
| TLS| On
Serverside
Settings
| TLS Version| TLS1.0: Disable
TLS1.1: Disable TLS1.2: Enable TLS1.3: Enable
Effective
Encryption
| ARCFOUR:
Disable,
DES: Disable, 3DES: Enable, AES: Enable, AES-GCM:
Setting any value CHACHA20/ POLY1305:
Setting any value
Hash| SHA1 : Enable, SHA2(256/384):
Enable
HTTP
Security
| Secure Only
(HTTPS)
IPP Security| Secure Only
(IPPS)
Enhanced
WSD
Security
| Secure Only
(Enhanced WSD over TLS)
REST
Security
| Secure Only
(REST over TLS)
| Item | Value |
|---|
Security
Settings
| Network
Security
| Network
Security Settings
| Secure
Protocol Settings
| Clientside
Settings
| TLS Version| TLS1.0: Disable
TLS1.1: Disable TLS1.2: Enable TLS1.3: Enable
Effective Encryption| ARCFOUR:
Disable,
DES: Disable, 3DES: Enable, AES: Enable, AES-GCM:
Setting any value CHACHA20/ POLY1305:
Setting any value
Hash| SHA1 : Enable, SHA2(256/384):
Enable
Management
Settings
| Authentication| Settings| Authentication Settings| General| Authentication|
Network Authentication
Network
Authentication Server
| Default Host
Name
| Setting any
value
Port
Number
| Setting any
value
Server Type| Setting any
value
Default
Domain
| Setting any
value
Network
User Settings
| Obtain
Network User Property
| On
Give Local
User Authority
| Off
Server
Settings
| LDAP| On
LDAP Server
Name
| Setting any
value
LDAP Port
Number
| Setting any
value
Search
Timeout
| Setting any
value
LDAP
Security
| Setting any
value
Authentication
Type
| Setting any
value
Group
Authorization Settings
| Group
Authorization
| On
Group List| Group
Authorization List
| Add Group
Guest
Authorization Settings
| Guest
Authorization
| Off
Item| Value
---|---
Management
Settings
| Authentication| Settings| Authentication
Settings
| Unknown
User Settings
| Unknown ID
Job
| Reject
My Print
Settings
| Print all at
Login
| Off
History
Settings
| History Settings| Job Log
History
| Recipient
E-mail Address
| E-mail Address
for the administrator of the machine
Auto
Sending
| On
Items changed on the machine
| Item | Value |
|---|---|
| System Menu | System/Network |
For the procedures for changing the settings, refer to the machine Operation
Guide and Command Center RX User Guide. After changing the settings, run
[Software verification] in the system menu to verify that the machine operates
correctly. Periodically perform [Software verification] after installation as
well. After installing the security functions, you can change the security
password. Refer to page 12 for the procedures. The administrator of the
machine should periodically store the histories, and check each history to
make sure there was no unauthorized access or abnormal operation. Grant
regular users permission based on your company rules, and promptly delete any
user accounts that stop being used due to retirement or other reasons.
IPsec setting
It is possible to protect data by enabling the IPsec function that encrypts
the communication path. Please note the following points when enabling the
IPsec function.
- The value set by the IPsec rule has to be matched with the destination PC. Communication error occurs in case the setting does not match.
- IP address set by the IPsec rule has to be matched with the IP address of the SMTP server which is set on the main unit.
- In case the setting does not match, data sent by mail can’t be encrypted.
- Pre-shared key set by the IPsec rule has to be created by using the alphanumeric symbols of 8 digits or more which will not be easily guessed.
Changing Data Security Functions
Changing Security Password
You can customize the security password so that only the administrator can use
the security functions.
-
Press the [System Menu/Counter] key.
-
Press and [System/Network].
-
If user login is disabled, the user authentication screen appears. Enter your login user name and password and then press [Login]. For this, you need to log in with administrator privileges. Refer to the machine’s Operation Guide for the default login username and password.
-
Press , [Data Security] and [SSD Initialization].
-
Enter the security password, and press [OK]. The initial setting for the Security Password is “000000”.
-
Press [Security Password].
-
Enter a new security password 6 alphanumeric characters and symbols, and press [Next].
CAUTION : Avoid any easy-to-guess numbers for the security password (e.g. 111111 or 123456). -
Enter the same password again.
-
Press [OK].
System Initialization
Overwrite all the data stored in the SSD when disposing of the machine.
CAUTION: If you accidentally turn the power switch off during initialization, the SSD might possibly crash or initialization might fail
NOTE : If you accidentally turn the power switch off during initialization, turn the power switch on again. Initialization automatically restarts.
- Press the [System Menu/Counter] key.
- Press and [System/Network].
- If user login is disabled, the user authentication screen appears. Enter your login user name and password and then press [Login]. For this, you need to log in with administrator privileges. Refer to the machine’s Operation Guide for the default login username and password.
- Press , [Data Security] and [SSD Initialization].
- Enter the security password, and press [OK]. The initial setting for the Security Password is “000000”.
- Press [System Initialization].
- Press [Start] on the screen to confirm the initialization. Initialization starts.
- When the screen appears to show initialization is completed, check that the memory indicator is OFF, and turn the power switch off and then on.
Warning Message
If the encryption code information of the machine has been lost for some
reason, the screen shown here appears when the power is turned on
Follow the steps below.
-
Enter the encryption code that was entered during the installation of the security functions.
CAUTION: Even though entering a different encryption code can also enable the continuation of a job, this will overwrite all the data stored in the SSD. Exercise extreme caution when entering an encryption code. The encryption code is not the same as the security password. -
Press [OK].
-
Confirm that the memory indicator is off. After that, turn the power switch off and on.
Disposal
If the machine is unused and demolished, initialize the system of this product
to erase the SSD data. If the machine is unused and demolished, obtain
directions for disposal from the dealer (from which you purchased the machine)
or your service representative.
Appendix
List of factory default settings
The default settings for security mode are shown below. Items changed in
Command Center RX
| Item | Value |
|---|---|
| Device Settings | Energy |
Saver/Timer
| Timer Settings| Auto Panel
Reset
| On
Panel
Reset Timer
| 90 seconds
Function Settings| Printer| General| Remote Printing| Permit
Network Settings| TCP/IP| TCP/IP Settings| Bonjour Settings| Bonjour| On
IPSec Settings| IPSec| Off
Restriction| Allowed
IPSec
Rules
(“Settings” selection of any of Rule No.)
| Policy| Rule| Off
Key
Management Type
| IKEv1
Encapsulation
Mode
| Transport
IP Address| IP Version| IPv4
IP Address
(IPv4)
| No setting
Subnet
Mask
| No setting
Authentication| Local Side| Authentication
Type
| Pre-shared Key
Pre-shared
Key
| No setting
Key Exchange (IKE phase1)| Mode| Main Mode
Hash| MD5: Disable,
SHA1: Enable, SHA-256:
Enable, SHA- 384: Enable, SHA-512:
Enable AES-XCBC:
Disable
Encryption| 3DES: Enable,
AES-CBC-128:
Enable,
AES-CBC-192:
Enable,
AES-CBC-256:
Enable
Diffie-
Hellman Group
| modp1024(2)
Lifetime
(Time)
| 28800 seconds
Item| Value
---|---
Network
Settings
| TCP/IP| IPSec
Rules
(“Settings” selection of any of Rule No.)
| Data Protection (IKE phase2)| Protocol| ESP
Hash| MD5: Disable,
SHA1: Enable, SHA-256:
Enable, SHA-384:
Enable, SHA-512:
Enable, AES-XCBC:
Disable,
AES-GCM-128:
Enable,
AES-GCM-192:
Enable,
AES-GCM-256:
Enable,
AES-GMAC-128:
Disable, AES-GMAC-
192: Disable, AES-GMAC-256:
Disable
Encryption| 3DES: Enable,
AES-CBC-128:
Enable,
AES-CBC-192:
Enable,
AES-CBC-256:
Enable,
AES-GCM-128:
Enable,
AES-GCM-192:
Enable,
AES-GCM-256:
Enable, AES-CTR:
Disable
PFS| Off
Lifetime
Measurement
| Time & Data
Size
Lifetime
(Time)
| 3600 seconds
Lifetime
(Data Size)
| 100000KB
Extended
Sequence Number
| Off
Item| Value
---|---
Network
Settings
| Protocol| Protocol Settings| Print
Protocols
| NetBEUI| On
LPD| On
FTP Server
(Reception)
| On
IPP| Off
IPP over TLS| On
IPP
Authentication
| Off
Raw| On
WSD Print| On
POP3
(E-mail RX)
| Off
Send
Protocols
| SMTP
(E-mail TX)
| Off
SMTP (E-
mail TX) – Certificate Auto Verification
| Validity Period:
Enable
Other
Protocols
| SNMPv1/v2c| On
SNMPv3| Off
HTTP| On
HTTPS| On
HTTP(Client
side) – Certificate Auto Verification
| Validity Period:
Enable
Enhanced
WSD
| On
Enhanced
WSD(TLS)
| On
LDAP| Off
IEEE802.1X| Off
LLTD| On
REST| On
REST over
TLS
| On
VNC(RFB)| Off
VNC(RFB)
over TLS
| Off
Enhanced
VNC(RFB)
over TLS
| On
OCSP/CRL
Settings
| On
Syslog| Off
Item| Value
---|---
Security
Settings
| Device
Security
| Device
Security Settings
| Job Status/Job Log Settings| Display Jobs
Detail Status
| Show All
Display Jobs
Log
| Show All
Authentication
n Security Settings
| Password
Policy Settings
| Password
Policy
| Off
Maximum
password age
| Off
Minimum
password length
| Off
Password
complexity
| No more than
two consecutive identical char
User Account
Lockout Settings
| Lockout
Policy
| Off
Number of
Retries until Locked
| 3 times
Lockout
Duration
| 1 minute
Lockout
Target
| Remote Login
Only
Network
Security
| Network
Security Settings
| Secure
Protocol Settings
| TLS| On
Serverside
Settings
| TLS Version| TLS1.0: Disable
TLS1.1: Disable TLS1.2: Enable TLS1.3: Enable
Effective
Encryption
| ARCFOUR:
Disable,
DES: Disable, 3DES: Enable, AES: Enable, AES-GCM:
Disable, CHACHA20/ POLY1305:
Enable
Hash| SHA1: Enable, SHA2(256/384):
Enable
HTTP
Security
| Secure Only
(HTTPS)
IPP Security| Secure Only
(IPPS)
Enhanced
WSD
Security
| Secure Only
(Enhanced WSD over TLS)
REST
Security
| Secure Only
(REST over TLS)
| Item | Value |
|---|
Security
Settings
| Network
Security
| Network
Security Settings
| Secure
Protocol Settings
| Clientside
Settings
| TLS Version| TLS1.0: Disable
TLS1.1: Enable TLS1.2: Enable TLS1.3: Enable
Effective Encryption| ARCFOUR:
Disable,
DES: Disable, 3DES: Enable, AES: Enable, AES-GCM:
Enable, CHACHA20/ POLY1305:
Enable
Hash| SHA1 : Enable, SHA2(256/384):
Enable
Management Settings| Authentication| Settings| Authentication Settings|
General| Authentication| Off
Network
Authentication Server
| Default Host
Name
| No setting
Port
Number
| 9093
Server Type| Kerberous
Default
Domain
| None
Network
User Settings
| Obtain
Network User Property
| Off
Give Local
User Authority
| Off
Server
Settings
| LDAP| Off
LDAP Server
Name
| No setting
LDAP Port
Number
| 389
Search
Timeout
| 60 seconds
LDAP
Security
| Off
Authentication
Type
| Simple
Group
Authorization Settings
| Group
Authorization
| Off
Group List| Group
Authorization List
| Other
Guest
Authorization Settings
| Guest
Authorization
| Off
Item| Value
---|---
Management
Settings
| Authentication| Settings| Authentication
Settings
| Unknown
User Settings
| Unknown ID
Job
| Reject
My Print
Settings
| Print all at
Login
| Off
History
Settings
| History Settings| Job Log
History
| Recipient
E-mail Address
| No setting
Auto
Sending
| Off
Items changed on the machine
| Item | Value |
|---|---|
| System Menu | System/Network |
The initial value of the custom box
| Item | Value |
|---|---|
| Owner | Local User |
| Permission | Private |
Log information
The following settings and status regarding security are shown in the machine
log.
- Event date and time
- Type of event
- Information of the login user or the user who attempted to log in
- Event result (Success or fail)
Event to be displayed in the log
| Log | Event |
|---|---|
| Job Logs | End job/Check job status/Change job/Cancel job |
© 2023 KYOCERA Document Solutions Inc.