C4502 scan to email encryption

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Old Crow
    Trusted Tech

    Site Contributor
    100+ Posts
    • Aug 2011
    • 201

    #1

    C4502 scan to email encryption

    A customer who scans sensitive info to email via their MP C4502 asked if it is safe/encrypted. Not honestly knowing the correct answer to their question, I told them I would research and get back to them. After spending a fair amount of time looking for the answer, I'm not sure if it is or not.

    I read a bit about SSL and TSL but don't fully understand it or the necessary settings that need to be turned on. I have seen where to turn on SSL in user tools but not sure if other changes need to be made as well. Should I just refer them to their IT folks? Is the C4502 capable of encrypting emails or is that a function of their email server or provider.

    I don't want to open myself to liability by providing the wrong information. If someone can please point me in the right direction it would be much appreciated.
  • slimslob
    Retired

    Site Contributor
    25,000+ Posts
    • May 2013
    • 36796

    #2
    Re: C4502 scan to email encryption

    From what I understand about scan to email, SSL and TLS/StarTLS can provide encrypted transmission from the sending device to the SMTP server. That means that a hacker cannot intercept the email in transition. Quality email providers also provide encrypted tunnels between SMTP server and destination server. I don't know if the data itself is actually encrypted. Probably the best place to get an answer is from your an ISP or major internet provider like Spectrum, AOL, AT&T of GoDaddy. Office 365 in conjunction with One Drive and SharePoint I believe is capable of end to end encryption. rthonpm is a lot more knowledgeable on the subject of security, if he happens to reply.

    Comment

    • Old Crow
      Trusted Tech

      Site Contributor
      100+ Posts
      • Aug 2011
      • 201

      #3
      Re: C4502 scan to email encryption

      Thanks for the reply Slimslob. It makes sense that the integrity of the information from the smtp server and beyond depends on the what security is in place on the server, which I guess would be the responsibility of the ISP. So yeah, my concern is from the copier to their mail server, which I don't believe they have onsite. The C4502 is now ten years old so not sure if it has the capability to encrypt. I will probably start with checking and updating firmware. Will check with the internet provider also like you suggested.

      Comment

      • bsm2
        IT Manager

        25,000+ Posts
        • Feb 2008
        • 29367

        #4
        Re: C4502 scan to email encryption

        How are they sending email now?

        I would check with their IT person.

        Comment

        • rthonpm
          Field Supervisor

          2,500+ Posts
          • Aug 2007
          • 2847

          #5
          Re: C4502 scan to email encryption

          The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

          If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

          For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

          My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

          Sent from my BlackBerry using Tapatalk

          Comment

          • slimslob
            Retired

            Site Contributor
            25,000+ Posts
            • May 2013
            • 36796

            #6
            Re: C4502 scan to email encryption

            Originally posted by bsm2
            How are they sending email now?

            I would check with their IT person.
            So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.

            Comment

            • bsm2
              IT Manager

              25,000+ Posts
              • Feb 2008
              • 29367

              #7
              Re: C4502 scan to email encryption

              Originally posted by slimslob
              So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.
              You have know idea what you talking about or what that customers security requirements they have now or need.

              Best to talk with their IT and see if the current equipment is meeting their security needs or needs an upgrade.

              Best advice always ask the customer.

              Newer Ricohs support higher encryption levels
              for both tls ssl and SMB

              Ricoh also has options for sharepoint and one drive as well as google drive

              Good chance you'll be upgrading the equipment to a new model.
              Last edited by bsm2; 01-23-2022, 03:09 AM.

              Comment

              • slimslob
                Retired

                Site Contributor
                25,000+ Posts
                • May 2013
                • 36796

                #8
                Re: C4502 scan to email encryption

                Originally posted by bsm2
                Newer Ricohs support higher encryption levels
                for both tls ssl and SMB
                We're not talking about a "Newer" Ricoh. We're talking about a MP C4502. It was launched if February 2012. I would recommend that you stop trying to comment on machines that you have zero experience with. If you cannot contribute valid help to the original poster then just BTFO, Butt The Fuck Out.

                I am sorry to everyone else but this little asshole makes in a habit of snide comments about things I have posted. He is pissed today because I have caught him in multiple lies on a couple of political threads where he spends most of his time lurking.

                Comment

                • copier tech
                  Field Supervisor

                  5,000+ Posts
                  • Jan 2014
                  • 8100

                  #9
                  Re: C4502 scan to email encryption

                  Originally posted by Old Crow
                  A customer who scans sensitive info to email via their MP C4502 asked if it is safe/encrypted. Not honestly knowing the correct answer to their question, I told them I would research and get back to them. After spending a fair amount of time looking for the answer, I'm not sure if it is or not.

                  I read a bit about SSL and TSL but don't fully understand it or the necessary settings that need to be turned on. I have seen where to turn on SSL in user tools but not sure if other changes need to be made as well. Should I just refer them to their IT folks? Is the C4502 capable of encrypting emails or is that a function of their email server or provider.

                  I don't want to open myself to liability by providing the wrong information. If someone can please point me in the right direction it would be much appreciated.
                  Yes this is one to pass to their IT. However as this is an old discontinued model not as secure a the latest models. As an engineer I would make sure ALL the firmware is up to date that way you have covered yourself.

                  I would also suggest they use scan to folder rather that email, these sensitive documents sent via email are leaving the building so in theory could be intercepted.

                  Like yourself I don't know enough about email security so would rather not have that conversation hence passing it to their IT dept.
                  Let us eat, drink, and be merry, because tomorrow we may die!

                  For all your firmware & service manual needs please visit us at:

                  www.copierfirmware.co.uk - www.printerfirmware.co.uk

                  ​

                  Comment

                  • UNICORNico
                    Trusted Tech

                    250+ Posts
                    • May 2018
                    • 308

                    #10
                    Re: C4502 scan to email encryption

                    Originally posted by rthonpm
                    The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

                    If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

                    For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

                    My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

                    Sent from my BlackBerry using Tapatalk
                    If I may add a couple of points.
                    It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
                    For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
                    The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.


                    Prevention is better than cure.
                    "ALL WILL BE WELL" The battle cry that most inspires me to follow, from the DC's Comic character that I admire the most. And I feel satisfied with being better every day, and with using Gnu-Linux as my usual Operating System.Apologies for my English, it's not my mother tongue and I'm helping the translator.

                    Comment

                    • BillyCarpenter
                      Field Supervisor

                      Site Contributor
                      VIP Subscriber
                      10,000+ Posts
                      • Aug 2020
                      • 16308

                      #11
                      Re: C4502 scan to email encryption

                      Originally posted by rthonpm
                      The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

                      If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

                      For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

                      My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

                      Sent from my BlackBerry using Tapatalk

                      I want to preface what I'm about to say:

                      I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

                      With that being said, I need to study up on what rthonpm is talking about.
                      Adversity temporarily visits a strong man but stays with the weak for a lifetime.

                      Comment

                      • Old Crow
                        Trusted Tech

                        Site Contributor
                        100+ Posts
                        • Aug 2011
                        • 201

                        #12
                        Re: C4502 scan to email encryption

                        Thanks for all of the input here on encryption. Reading rthonpm's post confirmed how little I know about the subject. I agree BillyCarpenter that being able to have an informed conversation with the customer is important. After googling the terms offered in the thread such as stunnel, cipher, tsl/ssl, etc., I am starting to have a (minimal) understanding of the basics but certainly not enough to make an informed decision on how to solve their problem.

                        I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

                        I will definitely update firmware and have a conversation with the customer about upgrading the machine as it is getting to be an antique.

                        Comment

                        • rthonpm
                          Field Supervisor

                          2,500+ Posts
                          • Aug 2007
                          • 2847

                          #13
                          Re: C4502 scan to email encryption

                          Originally posted by UNICORNico
                          If I may add a couple of points.
                          It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
                          For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
                          The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.


                          Prevention is better than cure.
                          If any cloud service is to be used, it has to be used at the business tier of that service. OneDrive and Box to my knowledge are both HIPAA certified in the US, as well as other regulatory certifications and offer very robust data loss protection (DLP) tools. By using the business tier, you also get considerably more advanced tools and access provisions than the consumer tiers offer. You also have an SLA at that point since you are entering into a business agreement with the provider.

                          No system that is connected to any network can be considered completely secure. However, the monitoring and patching of cloud service infrastructure is far superior to anything that an onsite provider can maintain. Sharing a document link to a specific person with specific permissions is quite secure for anything beyond national security or privileged access documents for 99.9% of businesses.

                          I'd also be curious to hear of these breaches of cloud service infrastructure since the only real ones I'm aware of are just individual accounts being accessed due to sloppy passwords or phishing, which would also affect on-prem systems just as easily as anything hosted online.

                          Sent from my BlackBerry using Tapatalk

                          Comment

                          • rthonpm
                            Field Supervisor

                            2,500+ Posts
                            • Aug 2007
                            • 2847

                            #14
                            Re: C4502 scan to email encryption

                            Originally posted by BillyCarpenter
                            I want to preface what I'm about to say:

                            I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

                            With that being said, I need to study up on what rthonpm is talking about.
                            In many ways, it may not be the customer talking to IT, but the tech being a part of the conversation to at least 'pass the buck' to the people who would be responsible for the infrastructure. A tech can point them to the right section in the user manuals for things but the overall issue for this lies at the network level, and not the device level.

                            Sent from my BlackBerry using Tapatalk

                            Comment

                            • BillyCarpenter
                              Field Supervisor

                              Site Contributor
                              VIP Subscriber
                              10,000+ Posts
                              • Aug 2020
                              • 16308

                              #15
                              Re: C4502 scan to email encryption

                              Originally posted by Old Crow

                              I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

                              .

                              You won't go wrong taking advice from rthonpm.
                              Adversity temporarily visits a strong man but stays with the weak for a lifetime.

                              Comment

                              Working...