Print Controller Design Guide for Information Security
Page 70 of 86
Protection Against URL Buffer Overflows
URL buffer overflow attacks occur when intentionally oversized URL strings are sent to a Web server
with the intent of overflowing the buffer’s storage capacity, causing the server to shut down.
WebImageMonitor prevents such trouble by limiting the length of the URL strings it will accept,
rejecting any requests that exceed this limit.
In addition, authentication is performed before any settings can be changed, ensuring that malicious
data cannot be introduced via illegal access.
Protection Against Session Hijacks
A “session hijack” refers to when the session ID stored in a cookie is obtained in order to illegally
access or otherwise use a session for malicious purposes.
WebImageMonitor employs the following countermeasures to minimize the threat of session hijacks:
The session ID is randomized, which makes it very difficult for third parties to surmise
Communication is protected by SSL, preventing theft of any data or messages exchanged
The above-mentioned countermeasures for cross-site scripting prevent cookies from being
illegally accessed
Cookies created by WebImageMonitor do not contain any personal information.
In addition, the session ID is given an expiration date, minimizing any potential threat to the MFP/LP in
the unlikely event the session ID were somehow stolen:
Protection Against the Setting of Illegal URLs
The optional URL setting in WebImageMonitor can only be changed by users authenticated as
Network Administrators.
Concealment of Personal Data
Even when User Authentication is disabled, it is possible to conceal the job history and other personal data
from the view by changing the Service mode settings in the WebImageMonitor GUI. In such cases, the data
can only be viewed by Administrators.
2-6-2 WebDocBox (MFP models only)
Overview of WebDocBox Operations
WebDocBox allows users to issue commands via a Web browser to view, capture, print, send (e-mail,
FAX, forward) and delete Document Sever image files that were saved to the MFP HDD using the
Copier, Printer, Scanner and FAX functions, as well as those that were restored to the MFP using Desk
Top Editor For Production. It is also possible to view thumbnails of these images.
To Next Page
Loading...
