C4502 scan to email encryption

**slimslob** · 01-22-2022, 10:29 PM

Re: C4502 scan to email encryption

From what I understand about scan to email, SSL and TLS/StarTLS can provide encrypted transmission from the sending device to the SMTP server. That means that a hacker cannot intercept the email in transition. Quality email providers also provide encrypted tunnels between SMTP server and destination server. I don't know if the data itself is actually encrypted. Probably the best place to get an answer is from your an ISP or major internet provider like Spectrum, AOL, AT&T of GoDaddy. Office 365 in conjunction with One Drive and SharePoint I believe is capable of end to end encryption. rthonpm is a lot more knowledgeable on the subject of security, if he happens to reply.

**Old Crow** · 01-22-2022, 11:48 PM

Re: C4502 scan to email encryption

Thanks for the reply Slimslob. It makes sense that the integrity of the information from the smtp server and beyond depends on the what security is in place on the server, which I guess would be the responsibility of the ISP. So yeah, my concern is from the copier to their mail server, which I don't believe they have onsite. The C4502 is now ten years old so not sure if it has the capability to encrypt. I will probably start with checking and updating firmware. Will check with the internet provider also like you suggested.

**bsm2** · 01-23-2022, 01:17 AM

Re: C4502 scan to email encryption

How are they sending email now?

I would check with their IT person.

**rthonpm** · 01-23-2022, 01:39 AM

Re: C4502 scan to email encryption

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

**slimslob** · 01-23-2022, 02:28 AM

Re: C4502 scan to email encryption

Originally posted by bsm2

How are they sending email now?

I would check with their IT person.

So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.

**bsm2** · 01-23-2022, 02:42 AM

Re: C4502 scan to email encryption

Originally posted by slimslob

So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.

You have know idea what you talking about or what that customers security requirements they have now or need.

Best to talk with their IT and see if the current equipment is meeting their security needs or needs an upgrade.

Best advice always ask the customer.

Newer Ricohs support higher encryption levels
for both tls ssl and SMB

Ricoh also has options for sharepoint and one drive as well as google drive

Good chance you'll be upgrading the equipment to a new model.

**slimslob** · 01-23-2022, 03:49 AM

Re: C4502 scan to email encryption

Originally posted by bsm2

Newer Ricohs support higher encryption levels
for both tls ssl and SMB

We're not talking about a "Newer" Ricoh. We're talking about a MP C4502. It was launched if February 2012. I would recommend that you stop trying to comment on machines that you have zero experience with. If you cannot contribute valid help to the original poster then just BTFO, Butt The Fuck Out.

I am sorry to everyone else but this little asshole makes in a habit of snide comments about things I have posted. He is pissed today because I have caught him in multiple lies on a couple of political threads where he spends most of his time lurking.

**copier tech** · 01-23-2022, 01:05 PM

Re: C4502 scan to email encryption

Originally posted by Old Crow

A customer who scans sensitive info to email via their MP C4502 asked if it is safe/encrypted. Not honestly knowing the correct answer to their question, I told them I would research and get back to them. After spending a fair amount of time looking for the answer, I'm not sure if it is or not.

I read a bit about SSL and TSL but don't fully understand it or the necessary settings that need to be turned on. I have seen where to turn on SSL in user tools but not sure if other changes need to be made as well. Should I just refer them to their IT folks? Is the C4502 capable of encrypting emails or is that a function of their email server or provider.

I don't want to open myself to liability by providing the wrong information. If someone can please point me in the right direction it would be much appreciated.

Yes this is one to pass to their IT. However as this is an old discontinued model not as secure a the latest models. As an engineer I would make sure ALL the firmware is up to date that way you have covered yourself.

I would also suggest they use scan to folder rather that email, these sensitive documents sent via email are leaving the building so in theory could be intercepted.

Like yourself I don't know enough about email security so would rather not have that conversation hence passing it to their IT dept.

**UNICORNico** · 01-23-2022, 01:35 PM

Re: C4502 scan to email encryption

Originally posted by rthonpm

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

If I may add a couple of points.
It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.

Prevention is better than cure.

**BillyCarpenter** · 01-23-2022, 02:02 PM

Re: C4502 scan to email encryption

Originally posted by rthonpm

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

I want to preface what I'm about to say:

I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

With that being said, I need to study up on what rthonpm is talking about.

**Old Crow** · 01-23-2022, 04:29 PM

Re: C4502 scan to email encryption

Thanks for all of the input here on encryption. Reading rthonpm's post confirmed how little I know about the subject. I agree BillyCarpenter that being able to have an informed conversation with the customer is important. After googling the terms offered in the thread such as stunnel, cipher, tsl/ssl, etc., I am starting to have a (minimal) understanding of the basics but certainly not enough to make an informed decision on how to solve their problem.

I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

I will definitely update firmware and have a conversation with the customer about upgrading the machine as it is getting to be an antique.

**rthonpm** · 01-23-2022, 04:36 PM

Re: C4502 scan to email encryption

Originally posted by UNICORNico

If I may add a couple of points.
It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.

Prevention is better than cure.

If any cloud service is to be used, it has to be used at the business tier of that service. OneDrive and Box to my knowledge are both HIPAA certified in the US, as well as other regulatory certifications and offer very robust data loss protection (DLP) tools. By using the business tier, you also get considerably more advanced tools and access provisions than the consumer tiers offer. You also have an SLA at that point since you are entering into a business agreement with the provider.

No system that is connected to any network can be considered completely secure. However, the monitoring and patching of cloud service infrastructure is far superior to anything that an onsite provider can maintain. Sharing a document link to a specific person with specific permissions is quite secure for anything beyond national security or privileged access documents for 99.9% of businesses.

I'd also be curious to hear of these breaches of cloud service infrastructure since the only real ones I'm aware of are just individual accounts being accessed due to sloppy passwords or phishing, which would also affect on-prem systems just as easily as anything hosted online.

Sent from my BlackBerry using Tapatalk

**rthonpm** · 01-23-2022, 04:38 PM

Re: C4502 scan to email encryption

Originally posted by BillyCarpenter

I want to preface what I'm about to say:

I read a few comments that the copier tech should pass the buck to the customer's IT department. However, that is no excuse for not knowing the answer, in my humble opinion. It's our job to at least have a basic understanding of how it works. We need to be able to have an informed conversation with the customer before telling them to talk to their IT department.

With that being said, I need to study up on what rthonpm is talking about.

In many ways, it may not be the customer talking to IT, but the tech being a part of the conversation to at least 'pass the buck' to the people who would be responsible for the infrastructure. A tech can point them to the right section in the user manuals for things but the overall issue for this lies at the network level, and not the device level.

Sent from my BlackBerry using Tapatalk

**BillyCarpenter** · 01-23-2022, 05:42 PM

Re: C4502 scan to email encryption

Originally posted by Old Crow

I believe this to be an IT issue so will definitely be passing the ball to their IT folks. That said, I will pass along rthonpm's advice for sharing sensitive documents.

.

You won't go wrong taking advice from rthonpm.

C4502 scan to email encryption

C4502 scan to email encryption

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment