• No results found

Toshiba MFP Devices: UWO Deployment Challenges

N/A
N/A
Protected

Academic year: 2021

Share "Toshiba MFP Devices: UWO Deployment Challenges"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

Toshiba MFP Devices: UWO Deployment Challenges

How to deploy “Network” functionality (scanning/faxing/printing) of the Toshiba Estudio devices in the best and most secure manner. More specifically we need to consider the following for each of these added modules before deploying them:

The security of the documents themselves – FIPPA compliance, etc. The security of the “network” at large – local and for Western in general

Any added support issues that the IS group would be responsible to deal with as a result of deploying any/all these modules

The Toshiba eStudio Fleet provides the following functionality as a base: 1. Standalone Photocopying/Scanning

Typically, support at this level is provided by OE Canada and they are contacted if an issue arises

2. Network Scanning – Includes the following 3 options: a. Scan to Email

b. Scan to Efile c. Scan to File

Scan to Email

Description – user scans at the device using a preset Dept. code (5 digit numerical). Once document(s) are scanned, the device prompts for Email address to deliver the scanned document to (client can enter any valid SMTP compliant address or select from a previously imported address book). Other notes: device can send to any internet email address, the “From” address is generic? This can be changed, do we need to? Should it be consistent?

Setup Required from local IS:

o Import Address Book if needed/required

o Enable The Scan to Email Function – apparently there are 2 options to do this, 1 as per the Network Administrator’s Guide and the other as per the Scanning Guide provided with the Estudio:

(2)

1. Enable the Toshiba unit as an “SMTP Client” and configure your email server to relay mail from the Toshiba.

2. Use the unit’s built-in Linux SMTP engine to deliver messages directly.

Implications of Using Scan to Email:

o Clients can send scanned documents to anyone within or outside the organization – convenient for users but may raise privacy implications.

o Must be aware of how the delivery of these scanned documents is affected by sending/receiving mail system’s rules with regards to attachment size, file extensions, etc.. – possible support/training issues.

o What happens to undeliverable messages? How fast the user receive feedback regarding undeliverables?

o Possibility of potentially sensitive information arriving at the “wrong” mailbox. E.g. people with similar names in the address book. The device panel for inputting email addresses makes typos easy.

o If the corporate mail server is allowed to relay mail from these devices, you are adding another layer of complexity to

management of your mail system for each of these devices configured this way. If the devices are compromised and start SPAMMING, the corporate mail server can/will be blacklisted and/or locked out by Western ITS.

o If you configure these devices to email directly, you’re

essentially adding another “mail server” to your network. This could present a resource issue in terms of having the

time/staff to manage these.

o Are the emails generated by these devices encrypted during transmission?

o Client support issues – this method makes it difficult to troubleshoot where in the chain of events something went wrong when the scanned document didn’t arrive at its

intended destination – Eg. Was the document scanned at all? was it a bad email address? is the relay working? Was the message blocked? Was it blocked on the sender’s or receiver’s end?, etc..

Scan to EFile

Description – Scanned document(s) are saved to local Hard Drive on the EStudio Devices. Users have the ability to save scanned documents to a personal or public folder on the HDD. There are 2 methods of retrieval:

(3)

o Install the EFile client software on each client’s workstation

o Use the browser-based TopAccess interface Setup Required from local IS:

o Set up individual “boxes” on the local device HDD – Apparently you cannot set size limits per box? Also, each “box” is protected by an assigned username and the departmental copy code?

o Set the “preservation period” for documents stored – ie. How long documents are to remain on the HDD before they’re automatically purged. Default period? o Installation of Efile client software if this method is

chosen.

Implications of Using Scan to EFile:

o If you choose the Efile Client software, can you point the software at multiple Toshiba devices? Might be an issue for people who need to have access to more than 1 of these devices.

o By using the client software, you can “hide” other administrative functions available through the TopAccess interface.

o If the “boxes” are protected by the departmental copy code, that implies if I know the name of another box on the device, I can access its contents since they’re all protected by the same shared

departmental code.

o Can you disable the “public” box to prevent

accidental scanning into this box which is by default open to everyone?

o Do you have the ability to encrypt the files stored on the devices? Are the file transmissions encrypted using the client? If you use TopAccess, do you have the ability to encrypt the web site using an SSL certificate?

o Adds another piece of software to standard image to have to track/maintain/support if you choose to use the client software.

(4)

o Raises potential support issues and disk space management on the local HDDs of these devices o Potentially sensitive information is now stored on a

“shared” device which has the potential to be

attacked/hacked and increases the potential of data theft.

o Even if these devices are put in private ip space, the public box is potentially available to any computer on campus through the ip number of the device –

privacy and data protection implications if

documents are erroneously scanned into the public box.

o If user’s are given access to the TopAccess interface, there’s the potential for them to change other

settings unwittingly.

Scan to File

Description – In this scan to file function, the scanned data can be sent and stored to a Share folder of the hard disk in the equipment or to a remote destination; this remote destination can be a folder on the network and must be configured by the Administrator.

Method of data retrieval:

o Once scanned, data is stored in the shared folder on the equipment, or network folder that we specify, it can be accessed using Windows Explorer.

Setup Required from IS:

o Set up a shared folder on the device; Once this feature is enabled, the user will be able to select the [MFP LOCAL] button on the console to store the data in the shared folder of the equipment.

o Set up a remote destination: Maximum of two

remote destinations can be configured to store data. This devise stores data using FTP, SMP and IPX/SPX protocols. Administrator will be able to specify and

(5)

configure a common folder on the network or can allow the user to select a network folder to be used as a destination and the protocol of their choice by using the TopAccess interface.

o Set up a FTP sever if not in place already.

o Set up a storage maintenance feature to delete documents after certain period.

Implications of Using Scan to File:

o When FTP is used to store files remotely, it allows the user to connect to any ftp server that they have access to. This may be a threat for data theft etc. o File transmission is not encrypted in FTP file transfer. o If the common network folder option is chosen then

it allows everyone to access this folder. This may lead to a privacy issue.

o If Administrator allows the user to select network folder location on the network, then the user must fill in the details (i.e. ftp server name, network path, username, password and etc.) on the console of the equipment. This is tedious and easy to make typos. This may become a time consuming support issue. o There is a potential threat for being attacked or

hacked for any sensitive information stored on the shared folder of this device.

3. “Network” Printing

The network printing functionality is not deemed controversial and is supported by multiple print service platforms. One item to consider is tracking: do separate Dept codes get set for cost/tracking. This to be discussed at local implementation site.

References

Related documents

In a sidebar, it notes that filters required by CIPA not only block access to legitimate learning content and tools, but also that CIPA requirements create a significant

For this research, fragile watermarking is projected where the method of operation is to let the embedded watermark to be destroyed easily if the watermarked image

Results of the survey are categorized into the following four areas: primary method used to conduct student evaluations, Internet collection of student evaluation data,

In addition, if I marked "Yes" to any of the above questions, I hereby authorize release of information from my Department of Transportation regulated drug and alcohol

Dietetic Internship: Oncology, Nutrition Support, Diet and Cancer Prevention, Food Allergies Instructor , School of Allied Health, University of Nebraska Medical Center, Omaha,

[r]

In this thesis we presented a method for software visual- ization that is based on hypergraph representations that are used during the whole visualization process: from soft-

For the poorest farmers in eastern India, then, the benefits of groundwater irrigation have come through three routes: in large part, through purchased pump irrigation and, in a