Ricoh Scanning.

**slimslob** · 03-18-2022, 07:35 AM

Re: Ricoh Scanning.

Are they willing to allow scan to memory devices?

**8T2** · 03-18-2022, 07:37 AM

Re: Ricoh Scanning.

Scan to mail is what I would do, especially at a bank or organisation that has strict security because scan to folder is going to keep you running around after password changes, security updates etc

Sent from my SM-A305F using Tapatalk

**luca72** · 03-18-2022, 03:10 PM

Re: Ricoh Scanning.

Originally posted by aviso66

As for an organization such as banks and government offices. They have strict IT regulations.

So deploying a copier machine setup for printing is ok, but what about scanning? What kind of scanning functions would you recommend. As far as i have experienced tat scan to ftp is very reliable. But i am having issue with scan to ftp because it uses fixed IP, as workers who are using laptop...i cant fix their IP.

Then smb is the only choice i have, but smb sometimes not so reliable, i am not sure if their IT network has passes through alot of switches or using vlan, as setup using smb are usually using \\computername\folder. sometimes the connection is unsuccessful.

Ricoh MP 5054.

ftp trasmit in clear, you can use scan to mail, or if you use smb and you have same dns problem, you can use a pc-ip address instead of //host name
I saw that there are people here who are very expert on these topics, so surely someone will give you an appropriate answer

**Samanator** · 03-18-2022, 04:52 PM

Re: Ricoh Scanning.

Although scan to email may be easier to set up, it can be very insecure.

Unless one is provided email credentials for a secure email server associated with an institution like a bank, one should be very cautious about setting that up.

When it comes to institutions like banks, hospitals, brokerages, law firms, ect., I always insist in getting their IT people involved when it comes to scanning. CYA!

But ya can't beat the security of scanning to a memory stick.

**tonerhead** · 03-18-2022, 08:56 PM

Re: Ricoh Scanning.

Most banks that I am aware of have a network share folder for each of their workers. This is where you should probably be scanning to not to dhcp laptops. Many banks shut down scan to flash drive as it is a very easy way to steal info from the bank. Again as mentioned, scanning in more secure settings, you need to get the companies IT involved. Banks can be sticklers about scanning. It is either to a company smtp server or a network file share. They want control over what is being scanned and to whom which is understandable.

**slimslob** · 03-18-2022, 09:34 PM

Re: Ricoh Scanning.

Originally posted by tonerhead

Most banks that I am aware of have a network share folder for each of their workers. This is where you should probably be scanning to not to dhcp laptops. Many banks shut down scan to flash drive as it is a very easy way to steal info from the bank. Again as mentioned, scanning in more secure settings, you need to get the companies IT involved. Banks can be sticklers about scanning. It is either to a company smtp server or a network file share. They want control over what is being scanned and to whom which is understandable.

I have had other companies where the same applies. One such was the Hyundai/Kia Proving Ground in California City. This was for protection from corporate espionage.

**KeviM** · 03-19-2022, 06:35 PM

Re: Ricoh Scanning.

Originally posted by 8T2

Scan to mail is what I would do, especially at a bank or organisation that has strict security because scan to folder is going to keep you running around after password changes, security updates etc

Sent from my SM-A305F using Tapatalk

Nicely said. It's the route I would take as well. Mails can also find a device anywhere in world as long as its has data connection

**slimslob** · 03-19-2022, 07:04 PM

Re: Ricoh Scanning.

Originally posted by KeviM

Nicely said. It's the route I would take as well. Mails can also find a device anywhere in world as long as its has data connection

And therein is the problem when the customer has high security requirements.

**rthonpm** · 03-19-2022, 08:13 PM

Re: Ricoh Scanning.

Originally posted by aviso66

As for an organization such as banks and government offices. They have strict IT regulations.

So deploying a copier machine setup for printing is ok, but what about scanning? What kind of scanning functions would you recommend. As far as i have experienced tat scan to ftp is very reliable. But i am having issue with scan to ftp because it uses fixed IP, as workers who are using laptop...i cant fix their IP.

Then smb is the only choice i have, but smb sometimes not so reliable, i am not sure if their IT network has passes through alot of switches or using vlan, as setup using smb are usually using \\computername\folder. sometimes the connection is unsuccessful.

Ricoh MP 5054.

FTP is an open protocol so you have a very weak layer of security: in other words, none. Passwords and any other information are transmitted in the clear so they are easily retrieved. Unless you're using a dedicated server with an FTP function you also lose the ability to use centralised authentication like Active Directory or LDAP. You're not going to find any organisation worth dealing with that's going to allow an FTP server in their network, especially in the areas of finance or government.

Scan to SMB offers better protections, but ideally should be done to a server, not individual computers, as this allows for better control and centralised authentication. If it is done to workstations, the setting should be to hostname, not IP. This of course means that you'll need to ensure that the MFP is using a local DNS provider, and not set to use Google or some other internet level DNS provider. In any large organisation with centralised authentication, a service account or some other method should be used to allow the MFP to authenticate to any configured share.

Scan to email can be risky if configured to send externally as the contents of the message itself are not encrypted, only the transport method is secure. If at any point the message is routed through a compromised network device, it could be easily accessed. Scan to email to only internal recipients is safer as it prevents the email from leaving the network.

For any government or financial institution, always consult their IT as they will know not only the requirements they need to meet, but also the penalties for noncompliance.

Your best path forward:

Ensure any authentication is done through some kind of centralised method (AD, LDAP, etc) instead of local accounts. This can also limit the accounts so that they can authenticate, but not directly access a computer or server via login.

For scan to SMB, always limit the account used by the MFP to authenticate to the share to at least Read/Write or at most Modify. Never, NEVER, grant it Full Control. Also ensure that IT knows how to update the passwords for the accounts being used via the op panel or web interface. Scan to a server, and only to workstations by hostname.

For scan to email, use a real email address using customer's domain name. Don't use a gmail account or some third party server to transmit their data, and don't use a free service. If possible, have scanning limited to internal users only.

Sent from my BlackBerry using Tapatalk

**tsbservice** · 03-19-2022, 08:36 PM

Re: Ricoh Scanning.

Originally posted by rthonpm

FTP is an open protocol so you have a very weak layer of security: in other words, none. Passwords and any other information are transmitted in the clear so they are easily retrieved. Unless you're using a dedicated server with an FTP function you also lose the ability to use centralised authentication like Active Directory or LDAP. You're not going to find any organisation worth dealing with that's going to allow an FTP server in their network, especially in the areas of finance or government.

Scan to SMB offers better protections, but ideally should be done to a server, not individual computers, as this allows for better control and centralised authentication. If it is done to workstations, the setting should be to hostname, not IP. This of course means that you'll need to ensure that the MFP is using a local DNS provider, and not set to use Google or some other internet level DNS provider. In any large organisation with centralised authentication, a service account or some other method should be used to allow the MFP to authenticate to any configured share.

Scan to email can be risky if configured to send externally as the contents of the message itself are not encrypted, only the transport method is secure. If at any point the message is routed through a compromised network device, it could be easily accessed. Scan to email to only internal recipients is safer as it prevents the email from leaving the network.

For any government or financial institution, always consult their IT as they will know not only the requirements they need to meet, but also the penalties for noncompliance.

Your best path forward:

Ensure any authentication is done through some kind of centralised method (AD, LDAP, etc) instead of local accounts. This can also limit the accounts so that they can authenticate, but not directly access a computer or server via login.

For scan to SMB, always limit the account used by the MFP to authenticate to the share to at least Read/Write or at most Modify. Never, NEVER, grant it Full Control. Also ensure that IT knows how to update the passwords for the accounts being used via the op panel or web interface. Scan to a server, and only to workstations by hostname.

For scan to email, use a real email address using customer's domain name. Don't use a gmail account or some third party server to transmit their data, and don't use a free service. If possible, have scanning limited to internal users only.

Sent from my BlackBerry using Tapatalk

Your explanation is by far better than any manufacturer's documentation I've ever read.
Great job!

Ricoh Scanning.

[Misc] Ricoh Scanning.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment