C4502 scan to email encryption

[Old Crow]

A customer who scans sensitive info to email via their MP C4502 asked if it is safe/encrypted. Not honestly knowing the correct answer to their question, I told them I would research and get back to them. After spending a fair amount of time looking for the answer, I'm not sure if it is or not.

I read a bit about SSL and TSL but don't fully understand it or the necessary settings that need to be turned on. I have seen where to turn on SSL in user tools but not sure if other changes need to be made as well. Should I just refer them to their IT folks? Is the C4502 capable of encrypting emails or is that a function of their email server or provider.

I don't want to open myself to liability by providing the wrong information. If someone can please point me in the right direction it would be much appreciated.

[slimslob]

From what I understand about scan to email, SSL and TLS/StarTLS can provide encrypted transmission from the sending device to the SMTP server. That means that a hacker cannot intercept the email in transition. Quality email providers also provide encrypted tunnels between SMTP server and destination server. I don't know if the data itself is actually encrypted. Probably the best place to get an answer is from your an ISP or major internet provider like Spectrum, AOL, AT&T of GoDaddy. Office 365 in conjunction with One Drive and SharePoint I believe is capable of end to end encryption. rthonpm is a lot more knowledgeable on the subject of security, if he happens to reply.

[Old Crow]

Thanks for the reply Slimslob. It makes sense that the integrity of the information from the smtp server and beyond depends on the what security is in place on the server, which I guess would be the responsibility of the ISP. So yeah, my concern is from the copier to their mail server, which I don't believe they have onsite. The C4502 is now ten years old so not sure if it has the capability to encrypt. I will probably start with checking and updating firmware. Will check with the internet provider also like you suggested.

[bsm2]

How are they sending email now?

I would check with their IT person.

[rthonpm]

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

[slimslob]

How are they sending email now?

I would check with their IT person.

So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.

[bsm2]

So you don't have the foggiest idea on how to help Old Crow's question. Quit trolling me and go hide in you basement.

You have know idea what you talking about or what that customers security requirements they have now or need.

Best to talk with their IT and see if the current equipment is meeting their security needs or needs an upgrade.

Best advice always ask the customer.

Newer Ricohs support higher encryption levels
for both tls ssl and SMB

Ricoh also has options for sharepoint and one drive as well as google drive

Good chance you'll be upgrading the equipment to a new model.

[slimslob]

Newer Ricohs support higher encryption levels
for both tls ssl and SMB

We're not talking about a "Newer" Ricoh. We're talking about a MP C4502. It was launched if February 2012. I would recommend that you stop trying to comment on machines that you have zero experience with. If you cannot contribute valid help to the original poster then just BTFO, Butt The Fuck Out.

I am sorry to everyone else but this little asshole makes in a habit of snide comments about things I have posted. He is pissed today because I have caught him in multiple lies on a couple of political threads where he spends most of his time lurking.

[copier tech]

A customer who scans sensitive info to email via their MP C4502 asked if it is safe/encrypted. Not honestly knowing the correct answer to their question, I told them I would research and get back to them. After spending a fair amount of time looking for the answer, I'm not sure if it is or not.

I read a bit about SSL and TSL but don't fully understand it or the necessary settings that need to be turned on. I have seen where to turn on SSL in user tools but not sure if other changes need to be made as well. Should I just refer them to their IT folks? Is the C4502 capable of encrypting emails or is that a function of their email server or provider.

I don't want to open myself to liability by providing the wrong information. If someone can please point me in the right direction it would be much appreciated.

Yes this is one to pass to their IT. However as this is an old discontinued model not as secure a the latest models. As an engineer I would make sure ALL the firmware is up to date that way you have covered yourself.

I would also suggest they use scan to folder rather that email, these sensitive documents sent via email are leaving the building so in theory could be intercepted.

Like yourself I don't know enough about email security so would rather not have that conversation hence passing it to their IT dept.

[UNICORNico]

The customer's question isn't exactly clear. Are they looking for email to be encrypted in transit, or are they looking for actual email encryption like S/MIME or PGP where the contents of the message are encrypted and can only be decrypted by the recipient?

If the former, almost every email provider uses TLS to encrypt in transit. If the machine can't support the ciphers used by the provider then you can use something like STunnel to create an SMTP relay that can add the necessary encryption. The email provider will have instructions for the appropriate ports to use.

For actual message encryption, things get much more difficult and usually involve importing a device certificate to sign the messages, but the recipient also needs to trust the certificate so it's not an effective method for most external emails.

My main advice to customers is not to use email for sensitive information such as financial data and to instead use a service like OneDrive or Box to share the file. Email just isn't a secure means of transmitting information as it needs to pass through multiple endpoints to be delivered, and is only as secure as any of the multiple servers and routers it traverses.

Sent from my BlackBerry using Tapatalk

If I may add a couple of points.
It has everything exposed by the colleague Rthonpm, and being in this case a sensitive issue such as the treatment of documentation of the company.
For the use of Google Drive, Dropbox, OneDrive or any similar service, I always recommend that such files be saved in advance with compaction programs such as WinZip, WinRar, 7-Zip, and the use of a key / password so that they are protected.
The reason for this recommendation comes from security flaws in the aforementioned platforms (cloud storage), in which confidential files have been leaked.


Prevention is better than cure.