Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Canon
SecurityWhitePaper2014R3Edition
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
1
TableofContents1. IntroductiontotheMDSCloudService.....................................................................................................................2
2. AboutCanonBusinessImagingOnline.....................................................................................................................2
3. MDSCloudServiceOverview..........................................................................................................................................3
4. InformationHandlingandNetworkCommunications....................................................................................5
DataContents..........................................................................................................................................................................5
DatafromtheMDSCCAgenttotheMDSCloud........................................................................................................6
DatafromtheMDSCloudtotheMDSCCAgent........................................................................................................7
DataimportedtoMDSCloudbyaWebbrowser......................................................................................................7
DatawhichcanbeexportedfromMDSCloudfromawebbrowser.................................................................8
DatastoredbytheMDSCCAgent...................................................................................................................................8
DataimportedfromtheUGWtoMDSCloud..............................................................................................................9
DataimportfromBackendSystemstoMDSCloud..................................................................................................9
DataretrievedbyaServiceProvidersBackendSystemsfromMDSCloud...................................................9
DataRetentionPeriod........................................................................................................................................................10
DataretentiononMDSCloud..........................................................................................................................................10
DataretentionfortheMDSCCAgent..........................................................................................................................10
NetworkProtocols...............................................................................................................................................................11
CommunicationbetweentheMDSCCAgentandmanageddevices...............................................................11
CommunicationbetweentheMDSCCAgentandMDScloud............................................................................12
CommunicationbetweentheWebbrowserandtheWebUIoftheMDSCCAgent:................................13
CommunicationbetweentheMDSCCAgentandtheNetaphorlicenseserver:........................................13
NetworkTraffic.....................................................................................................................................................................13
DataCapturedfromdevicesbytheMDSCCAgent................................................................................................13
DatasentfromtheMDSCCAgenttoMDSCloud....................................................................................................14
DatafromMDSCloudtoMDSCCAgent......................................................................................................................15
DatabetweentheMDSCCAgentandtheNetaphorLicensingServer...........................................................15
5. MDSCloudServiceSecurityElements.....................................................................................................................16
6. CBIOInfrastructureArchitecture..............................................................................................................................19
7. CBIOCoreServicesOverview.......................................................................................................................................22
8. CBIOSecurityOverview...................................................................................................................................................23
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
2
1. IntroductiontotheMDSCloudServiceMDSCloudServiceisacloudbaseddevicemanagementofferinghostedat“CanonBusinessImagingOnline”(CBIO).
TheMDSCloudServicecollectsandstoresinformationfromEnd‐userdevicessuchasmultifunctionalcopiersand/orprintersviatheInternet.ServiceProviders(i.e.,CanonU.S.A.,Inc.[CanonUSA]andCanonAuthorizedRetailDealers)usetheMDSCloudServicetoofferdevicemanagementservicestotheirEnd‐users.
TheMDSCloudServiceallowstheServiceProviderandEnd‐Usersto:
Displaydevicestatus
Managedeviceconfiguration
Gatherdeviceusagestatistics(printvolume,copyvolume)inordertoproposeimprovementstotheEnd‐userenvironment
2. AboutCanonBusinessImagingOnlineCanonBusinessImagingOnline(“CBIO”)isaPAAScloudplatformforCanon’sbusinessapplications.CBIOprovidesEnd‐userswithaccesstoCanon’slatesttechnologyonthecloud,includingservicesthatareintegratedwithMFD(multi‐functiondevices),suchasCanonimageRUNNERAdvancedevices,andprinters.
CBIOprovidesmanybenefitstoEnd‐users:
Affordable:Withouthavinglargeup‐frontcosts,End‐userscanusecloudbasedserviceswithasubscriptionmodel.
Stable:Applicationsareinstalledonapowerful,secure,redundanthardwareinfrastructure.
QuickDeployment:Sincetheapplicationsarecloudbased,End‐userscanstartusingtheservicesrightaway.
Compatible:SincetheapplicationsareWeb‐based,servicescanbeaccessedfromanywhere.Inaddition,upgradesarehandledinthecloud,soEnd‐usersdon’thavetoworryaboutversioncontrol.
SeeSection6,“CBIOInfrastructureArchitecture,”towardstheendofthispaperforadditionaldetailsonCanonBusinessImagingOnline.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
3
3. MDSCloudServiceOverviewTheMDSCloudServicecollectsandstoresinformationfromEnd‐userdevicessuchasmultifunctionalcopiersand/orprintersviatheInternet.
MDSCloudServiceDiagram
TheMDSCloudServiceiscomprisedofthefollowingsystemelements:
3.1. MDSCollection&ConfigurationAgent(MDSCCAgent)–TheMDSCCAgentisaPCapplicationthatisinstalledlocallyattheEnd‐usersite.ItisresponsibleforcollectingandaggregatingdeviceinformationattheEnd‐usersitebeforesendingittotheMDSCloud.TheCCAgentwillaccessMDSCloudonceadaytocheckforupdatestoitselfandautomaticallyupdatewhenavailable1.Whennon‐Canondevicesareinvolved,theMDSCCAgentwillautomaticallydownloadandinstallanadditionalsoftwaremodulewhichCanonlicensesfromNetaphorSoftware,Inc.ThisNetaphormodulewillperiodicallyaccessaNetaphorLicenseServerinordertoverifyitslicensestatus.TheNetaphormodulewillonlyprovidetheNetaphorserverwiththetotalquantityofdevicesmanaged;nootherinformationissenttotheNetaphorserver.SOAP/HTTPSareusedasthecommunication
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
4
protocols,andthedataamountisapproximately4‐6kbytespertransmission.1. Automaticupdatesareoptional.Seesection4.4.3“DatafromMDSCloudtoMDSCC
Agent.”
TheMDSCCAgentcommunicateswithNetaphor’sLicenseServerusingHTTPS
3.2. MDSCloud–TheMDSCloudstoresandmanagesEnd‐userdeviceinformationthatiscapturedviatheMDSCCAgent.
3.3. UniversalGateway(UGW)‐UniversalGateway(UGW)isaserverthatstoresinformationcollectedbyCanon’simageWARERemotesystem.TherearetwointegrationsbetweenMDSCloudandtheUGW.Bothareoptional.TheseintegrationsareforServiceProviderswhoalreadyuseimageWARERemoteandwouldliketokeepcollectingdata(onCanonDevicesonly)throughthatsystemforservice.
OneintegrationisbetweenMDSCloudandtheUGW.MDSCloudcanreceiveinformation(onCanonDevicesonly),suchascounterdatafromtheUGWandmanageitforreporting.Theinformationtransferredisbillingandpapersizecounters(seesec.4.1.7DataimportedfromtheUGWtoMDSCloud)andtheyaretransferredonceaday.
TheotherintegrationisbetweenTheMDSCCAgentandtheUGW.TheCCAgentcanpulldiagnosticserviceinformationfromCanondevicesandtransmitittotheUGWdirectlytobemanagedbythatsystem.Thepollingintervalis10minutesanddataisonlysentwhenanerror,jamoralarmoccursonthedevice.
ForadditionalinformationonimageWARERemoteandUGW,pleaserefertotheimageWARERemotesecuritywhitepaper.
3.4. ServiceProvider’sBackendSystem–TheServiceProvider(CanonSalesCompanyorAuthorizedCanonDealer)canlinktheirbackendbusinesssystemtotheMDSCloudinordertoretrieveorupdateEnd‐userinformation.
3.5. Othersystems–MDSCloudiscapableofintegrationwithcertainotherfleetmanagementdatacollectionagentsavailabletoServiceProviders.InthecasethattheServiceProviderselectsanapproved
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
5
non‐Canondatacollectionagent,datafromthatagentcanbestoredonMDSCloudforthepurposeofreporting.
TheMDSCloudgeneratesauniquedatabaseschema(tablediagram)foreachEnd‐userandServiceProvider.
Thetablediagramgroupstheboxesandsectorsthatdividesthetables.EachuniquetablediagramstoresdataforeachEnd‐user.Asaresult,thedataisisolatedfromothertablediagrams,andcanneverbecommingled.
Accesstodataoneachtablediagramisrestricted.AccesstoatablediagramisallowedonlyifboththerelationshipbetweenEnd‐userandServiceProviderisverified,andtheEnd‐user’stenants/rolesareverifiedbyCanonBusinessImagingOnline.Ifanyoftheseareunverified,accesstothetablediagramisprohibited.
MDSCloudDatabase
4. InformationHandlingandNetworkCommunicationsIntheMDSCloudService,theMDSCCAgentisthemainconduitforcapturingdeviceinformationattheEnd‐usersiteandsendingittoMDSCloud.MDSCloudcanalsoreceivedatafromsystemintegrationwiththeimageWARERemoteUGWserver,ServiceProvider’sback‐endsystemsandothernon‐Canonfleetmanagementsystems.ThissectiondescribesthedatahandledbytheMDSCCAgent,aswellasthenetworkprotocolsusedforcommunicationsandinformationonthenetworktrafficgeneratedbytheMDSCCAgent.
4.1. DataContents
MDSCloudServicehandles(sends,receives,stores)thefollowingdata:SetupInformationItincludeslogininformationtologintotheMDSCCagent,andalsoMDSCCagent’ssetupinformationtoconnectwithMDScloud.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
6
ManagementInformationItincludesidentificationinformation,controlinformation,andthedebuglogsfortheMDSCCAgent.
DeviceconfigurationItincludesconfigurationandidentificationinformationforeachofthedevices.
DevicemanagementinformationItincludesdataabouttheoperationalstatusofdevices.Thisinformationiscollecteddirectlyfromthedevices,oritisenteredbytheserviceprovider.
JobInformationJobLoginformationmayincludethepropertiesoftheprintjobs,suchaswhichapplicationwasused,whetherthejobwasduplexed,pagelayout(2‐up/4‐up),andwhethertheprintjobwascolororblackandwhite.
End‐usermanagementinformationInformationforidentifyingEnd‐usertenantIDs.
PCconfigurationinformationIncludesinformationabouttheconfigurationofthePCwheretheMDSCCAgentisinstalled.
4.1.1. DatafromtheMDSCCAgenttotheMDSCloudDatacategory Datacontents
MDSCCAgentSetupandManagingInformation
MDSCCAgentID(ClientID)DebugLogID
End‐usermanagementInformation
End‐user tenantID
DeviceConfiguration IPaddress/MACaddressDeviceID(SerialNo.)ProductNameDeviceNameLocationSiteOption(s)Color/MonoFirmwareversion
DevicemanagementInformation
Jobhistory(Joblogs;PrintVolume,CopyVolume)- PrintJob- ScanJob- FaxJob- Sent/ReceivedJob
Counterinformation- BillingCounters
Devicestatusmonitoringinformation- Statusofdevice- Tonerlevel- Paperlevel
PCconfigurationinformation - HDDwhereCCAgentisinstalledFreeSpace- SystemHDDFreeSpace- InstalledMemory- Processor- ThelatestdateofWindowsUpdateinstallation- OSinformation(Thenameandversionnumber)
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
7
4.1.2. DatafromtheMDSCloudtotheMDSCCAgentDatacategories Datacontents
MDSCCAgentSetupandManagingInformation
MDSCCAgent controlinformation- ThetimewhentheMDSCCAgentaccessedMDSCloud- ClientID(TenantID)- Listofmanageddevices- Setupinformationforsendingjobhistory
(Identifieswhichportionsofthejoblogwillbesentandwhichwillnot)
- SNMPconnectionsettingDevicesettingsinformation DepartmentalIDsettings
WebbrowsersettingAddressbookUser‐modesettings
4.1.3. DatafromMDSCCAgenttotheNetaphorLicenseserverTheMDSCCAgentonlyprovidesinformationtotheNetaphorlicenseserver1thatcanbeusedtoprovidethecorrectnumberofmanagedthirdpartydevices.Nootherinformationaboutthedevicesorusers,ortheirrespectiveusages,areprovidedtotheserver.Theinformationisprovidedonceaday.1.ThelicensedsoftwareserversarelocatedonpremisesofNetaphor.
4.1.4. DataimportedtoMDSCloudthroughaWebbrowser
ThefollowingDatacanbeimportedintoMDSCloudusingaCSVfile(ororiginalfile,asapplicable)viaawebbrowser.
Datacategory Datacontents
DeviceconfigurationInformation
DeviceIPaddress/MACaddressDeviceID(=serialNo.)ProductnameDevicenameLocationSiteOption(s)Color/MonoFirmwareversion
DevicemanagementInformation
Jobhistory(Joblogs;PrintVolume,CopyVolume)- PrintJob- ScanJob- FaxJob- Sent/ReceivedJob
CounterInformation- Billingcounter- Papersizecounter
Devicesettings
Information
Basicregisteredsetting(Aboutnetworkconnection,security)PapertypesSending
BothDeviceConfigurationandDeviceManagementinformationareimportedasCSV.DeviceSettingsinformationisimportedinCanon’soriginalformat.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
8
4.1.5. DataexportedfromMDSCloudfromawebbrowserThefollowingDatacanbeexportedfromMDSCloudaviawebbrowser.
Datacategory Data contents
DeviceconfigurationInformation
DeviceIPaddress/MACaddressDeviceID(=serialNo.)ProductnameDevicenameLocationSiteOption(s)Color/MonoFirmwareversion
DevicemanagementInformation
Jobhistory(Joblogs;PrintVolume,CopyVolume)- PrintJob- ScanJob- FaxJob- Sent/ReceivedJob
Devicesettings
Information
Basicregisteredsetting(Aboutnetworkconnection,security)PapertypesSendingBoxsettingDepartmentalIDmanagementMainmenuWebbrowserCommonly‐usedsettingAddressbookAdvancedboxCustommenuMEAPapplicationsettingUsersettingWorkflowComposersetting
4.1.6. DatastoredbytheMDSCCAgentThefollowingDataisstoredintheMDSCloudCCAgentformanagementpurposes.
Datacategories Datacontents
MDSCCAgentSetupandManagementInformation
DebuglogIDofMDSCCAgentProxysetupInformationMDSCCAgentAdministratorInformation
End‐usermanagementInformation
End‐user tenantID(IDforaccessingEnd‐userdatainMDSCloud)
DevicemanagementInformation
Jobhistory(Joblogs;PrintVolume,CopyVolume)- PrintJob- ScanJob- FaxJob- Sent/ReceivedJob
Devicestatusmonitoringinformation- Statusofdevice- Tonerlevel- Paperlevel
UGWConnectionInformation ConnectedURL
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
9
4.1.7. DataimportedfromtheUGWtoMDSCloudTheMDSCloudmaybeconfiguredtoimportthefollowingdatafromtheUGW:
Datacategories Datacontents
Devicemanagementinformation
Counterinformation- Billingcounter- Papersizecounter
4.1.8. DataimportfromBackendSystemstoMDSCloudTheMDSCloudcanreceivethefollowinginformationfromtheServiceProvider’sbackendsystem.
Datacategories Datacontents
Customerinformation Includesdataenteredforeachcustomerinthe“CustomerInformation”tab
Deviceconfigurationinformation
IPaddressMACaddressSerialnumberProductnameDevicenameLocationOptionalinformationColor/Mono
DeviceManagementInformation
Jobhistory(joblog,printvolume,copyvolume)- Printjob- Copyjob- Scanjob- Faxjob- Sent/ReceivedJob
Counterinformation- Billingcounter
Incidentinformation(inquiries,claims/callsfromcustomers,maintenancerecords)Devicestatusmonitoringinformation
- Statusofdevice- Tonerlevel
MDSCCAgentSetupandManagingInformation
MDSCCAgentsetup informationDevicediscoverysetupinformation
MDSCloudsettinginformation IncludesMDS Cloud settings data available in the “Settings” tab foreachcustomer
4.1.9. DataretrievedbyaServiceProvider’sBackendSystemsfromMDSCloudThefollowingDataisavailabletoServiceProviderbackendsystemsbyusingawebserviceinterfacefromMDSCloud.
Datacategories Datacontents
Deviceconfigurationinformation
DeviceIPaddress/MACaddressDeviceID(=serialNo.)ProductnameDevicenameLocationSiteOption(s)
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
10
Color/MonoDevicemanagementInformation
Jobhistory(Joblogs;PrintVolume,CopyVolume)- PrintJob- ScanJob- FaxJob- Sent/ReceivedJob
CounterInformation- Billingcounter
CustomerInformation Includesdataenteredforeachcustomerinthe“CustomerInformation”tab
DeviceManagementInformation
Pastsummarizedandaggregateddata- Joblogs
Devicestatusmonitoringinformation- Statusofdevice- Tonerlevel
4.2. DataRetentionPeriod
4.2.1. DataRetentiononMDSCloud
End‐userdataisstoredonMDSCloudinordertoprovideservicessuchasreporting,automatedbilling,etc.WhenanEnd‐userstopsusingtheMDSservice(contractualtermination),theServiceProvidermaydeletetheregisteredEnd‐userinformation.Then,whendeleted,thedatawillbeerasedfromthedatabasewithin24hoursusingabatchprocess.Asaresult,allofthetenantinformationrelatingtotheEnd‐userisdeleted,andtheEnd‐user’sscheme(table)willbewipedoutfromtheMDSClouddatabase.
Whilethecontractisactive,thedataiskeptforthespecifiedretentionperiodforcontractedEnd‐users.Theretentionperiodforcontractedcustomersislistedinthefollowingtable.
DataCategory DataContent TimingofdeletionDeviceManagementInformation1
CollectedbyMDSCloudCCAgent:JobhistoryCounterinformation
- Billing counter(Service mode counter,Allassetcounter,Summarycounter)
- PapersizecounterDevicestatusmonitoringinformation
- Statushistories
After100days thedataisdeleted.
ImportedthroughtheWebPortal:IncidentinformationCounterinformation
- Billingcounter- Papersizecounter
After3monthsthedataisdeleted.
SummarizedData2
Dataforreportingbasedonrawdata After3yearsthedataisdeleted.
Devicesettingsinformation
DeviceSettingsInformation MDSCloudstoresamaximumof4setsofconfigurationsettings.
1. DatathatiscollectedfromtheMDSCloudCCAgentorimportedthroughtheWebPortalandSystemIntegrationisconsidered“RawData.”
2. "SummarizedData"meanscalculateddatafrom"RawData"forreportinganddisplayontheDashboard,e.g.monthlyusageperdevice/user,monthlyuptimeperdevice,etc.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
11
4.2.2. DataRetentionfortheMDSCCAgentDataistemporarilystoredbytheMDSCCAgentonthelocalPCitrunsonuntilitforwardsittoMDSCloud.DatahandledbytheMDSCCAgentisdeletedateachintervalbelow:
Datacategories Datacontents
MDSCCAgentmanagementinformation
ItisautomaticallydeletedwhentheMDSCCAgentisuninstalled.
DeviceConfiguration Itisautomaticallydeletedwhenmanagementofthedeviceisstopped.
Jobhistory ItisautomaticallydeletedwhenitisforwardedtoMDSCloud.
Counterinformation Itisautomatically deletedwhenitisforwardedtoMDSCloud.
Devicestatusmonitoringinformation
AutomaticallydeletedwhenitisforwardedtoMDSCloud.It isalsoautomaticallydeletedwhenmanagementof thedevice isstopped.
4.2.3. DataRetentionforbackendsystem/externalsystemdataDatacanbeimportedintoMDSCloudfromDealer’sbackendsystemoranotherexternalsystemtheymayusetohandlecustomerdata.
DataCategory
DataContent Timingofdeletion
DeviceManagementInformation
JobhistoriesCounterinformation
- Servicemodecounter- Summarycounter
Devicestatusmonitoringinformation
- StatushistoriesIncidentinformation
This dataisstoredinMDSCloudfor36months(UTC basis). After 36 months, the data isdeletedbyadailybatchprocess.
4.3. NetworkProtocolsSeveralportsandprotocolsareusedintheoperationofservicesthataresupportedbyMDSCloud.ThefollowingprotocolsandportsareusedforcommunicationbetweentheMDSCCAgentandmanageddevicesandbetweentheMDSCCAgentandMDSCloud:
4.3.1. CommunicationbetweentheMDSCCAgentandmanageddevicesProtocol PortNo. Source Purpose
SNMP UDP/161 Device AcquisitionofMIB(devicemonitoringanddeviceconfigurationinformation)
SLP UDP/427 Device Acquisitionofdeviceconfiguration
CanonProprietary(1) UDP/47545 Device Acquisitionofjoblogs/counterinformation
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
12
CanonProprietary(1) TCP/47546 Device Acquisitionofjoblogs/counterinformation
CanonProprietary(1) TCP/9007 Device Acquisitionofjoblogs/counterinformation
CanonProprietary(1) UDP/50700(IPv4)2
UDP/50701(IPv6)2
MDSCCAgent Receivingeventinformationfromdevices
SLP UDP/11427 MDSCCAgent Receivingdevicestatus
HTTP TCP/80(*5) Device
/MDSCCAgent
Receivingandforwardingdeviceinformation
HTTP TCP/8000 MDSCCAgent Receivingandforwardingdevicesettings
HTTP TCP/18080 MDSCCAgent Receivingandforwardingdevicesettings
HTTPS TCP/443 MDSCCAgent Forwardingdeviceconfigurations
HTTPS TCP/8443 MDSCCAgent Receivingandforwardingdevicesettings
HTTPS TCP/18443 MDSCCAgent Receivingandforwardingdevice(EFIDevice)settings
HTTPS TCP/Vacantportbetween44301‐44399
Device Acquisitionofdeviceconfiguration
1Canonproprietaryprotocolsareusedforacquiringjoblogsandeventinformationdata.TheyareusedforCanondevicesonly.2Iftheportisoccupied,itisautomaticallyallocatedtoanotherunusedport
4.3.2. CommunicationbetweentheMDSCCAgentandMDScloudProtocols Port No. Server
HTTPS TCP/4431 MDSCloud
1 Theportisspecifiedbyproxy.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
13
4.3.3. CommunicationbetweenaWebbrowserandWebUIoftheMDSCCAgentProtocols PortNo. Server
HTTP VacantTCPportbetween44300and44399
MDSCCAgent
HTTPS Vacant TCPportbetween44300and44399
MDSCCAgent
4.3.4. CommunicationbetweentheMDSCCAgentandthelicenseserver:Protocol PortNo. Server
HTTPS TCP/443 NetaphorLicenseserver
4.4. NetworkTrafficTheMDSCloudServicegeneratesthreetypesofdatatrafficwithinanEnd‐user’snetwork.
DatacapturedfromdevicesbytheMDSCCAgent. DatatransferredfromtheMDSCCAgenttoMDSCloud. InformationreceivedbyMDSCCAgentfromMDSCloud.
*Inadditiontothethreetypesofdatatrafficlistedabove,trafficbetweentheMDSCloudServiceandtheServiceProvider’sbackendsystemisalsopossibleifthatintegrationisconfigured.Eachtypeofdatatrafficisdescribedindetailbelow.
4.4.1. DataCapturedfromdevicesbytheMDSCCAgentIf100jobs(74printjobs,6scanjobs,10faxjobs,10sendjobs)occurinaday,thetotalamountofdatatransferredfromaCanondevicetoMDSCCAgentisestimatedtobe1.9MB.Fromanon‐Canondevice,theestimatedamountis1.6MB.(Theamountofdatadependsondevicetype,configurationandjobcontent.)
Theamountandfrequencyofeachtypeofdataisshowninthefollowingtable.Contents Dataamounts CapturingfrequencyJobHistory
Canondevice
Dependenton thenumberofjobsPrintjob:Approx.4KBScanjob:Approx.3KBFaxjob:Approx.2KBSendjob:Approx.2KB
MDSCCAgentperiodicallypollsdevicesandpullsdataatthefollowingintervals:‐Every10min.(Fordevicesthatcannotstoremorethan1,000jobs)‐Every60min.(Fordevicesthatcanstoremorethan1,000jobs)
‐Onceaday1
(Evendevicesinsleepmodearewokenandhavedatacapturedonceaday)
Non‐Canondevice
Notcaptured Notcaptured
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
14
CounterInformation
Canondevice
Approx.19.1KB
Every12hours(polling).(Ifadevicehasbeenasleepfor24hourssinceitscounterdatawaslastcaptured,thedeviceiswokenandthecounterdataiscaptured.)
Non‐Canondevice
Approx.1.7KB Every12hours(Polling).
Statusofdevice
Canondevice Approx.0.8KB Every5minNon‐Canondevice
Approx.0.6KB Every5min
Tonerlevel Canondevice Approx.2.4KB Every5minNon‐Canondevice
Paperlevel Canondevice Approx.2.7KB Every5minNon‐Canondevice
Configuration
Canondevice Approx.10KB Onceaday2(Whenpowerison3)Non‐Canon
deviceDevicesettings
Information
Canondevice Approx.1MB Specifiedbyserviceprovider
Non‐Canondevice
Noncaptured
1.Foralldevices.2.Fordevicesundersleepmodeorotherthanpower‐off.3.Fordevicescapableofsendingthe“power‐on”event.
4.4.2. DatasentfromtheMDSCCAgenttoMDSCloudTheamountofdatasentfromtheMDSCCAgenttoMDSCloudperdayisestimatedtobeapproximately170.9Kbytes(perCanondevice)/approx.25.5Kbytes(pernon‐Canondevice).Thisestimationisbasedontheassumptionthateachdevicegenerates100jobsaday,thestatusofeachdevicechangestwiceaday,thetonerlevelchangesonceaday,anddataisforwardedfromtheCCAgenttoMDSCloudwith35%compression.Thedataamounts1andforwardingfrequenciesfromtheMDSCCAgentareshowninthetablebelow.Contents Dataamounts Forwardingfrequency2
(Timing)Jobhistory3
Canondevice Approx.70KB Every8hours
Non‐Canondevice Notcaptured Notcaptured
Counterinformation Canondevice Approx.3.KB Every12hoursNon‐Canondevice Approx.1.KB
Statusofdevice
Canondevice Approx. 1.KB Whenachangeisdetectedinthedevicestatus.Non‐Canondevice Approx. 1.KB
Tonerlevel Canon Approx. 2.KB Whenachangeisdetectedinthetonerlevel.
Non‐Canondevice
Paperlevel Canondevice Approx. 2.KB Whenachangeisdetectedinthepaperlevel.Non‐Canondevice
Configuration Canon Approx.5KB Onceaday
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
15
Non‐Canondevice
Devicesettings
Information3
Canon Approx.1MB Specifiedbyserviceprovider
Non‐Canondevice ‐ ‐
EventdetectionCanon Approx0.1KB 480timesinaday
Non‐Canondevice ‐ ‐
DebuglogID3Canon Approx.230KB Onceaday
Non‐Canondevice ‐ ‐1.Dataamountsareforindividualdevices.2.Sendingisattemptedeveryfiveminutes.3.Jobhistory,DevicesettingandDebuglogIDarenotcapturedfromnon‐Canondevices.
4.4.3. DatafromMDSCloudtoMDSCCAgentTheMDSCCagentreceivesapproximately2.5kBofdataperdevice/perdayfromMDSCloud.Thecontent,amountandthereceivingfrequenciesareshowninthetablebelow.Contents Data
amounts(*1)Receivingfrequency
Listofmanageddevices
Approx.0.40kB1 Onceaday
Devicediscoverysettings Approx.0.63kB Every8hoursMDSCCAgentManagementInformation.
Approx.0.25kB Onceaday
Devicesetting Approx.1MB SpecifiedbyeachofServiceProviders
Eventoccurrenceinformation Approx.1kB Incaseaneventoccurs suchas:
- Deviceaddition,deletionanddata‐update(SerialNo.,IPaddress,hostname,MACaddress)
- Updateonclientinformation- Updateondevicesearchsetting- Settingsaboutdelivery/capturing
scheduleofdevicesettinginformation- Delivery/CapturingDevicesetting
information
ThemostrecentversionnumberoftheMDSCCAgent
A fewkB Onceaday
1.Thedataamountsonthetableareperdevice.Thetotaldataamountwillvarydependingonthenumberofdeviceslisted.
4.4.4. DatabetweentheMDSCCAgentandtheNetaphorLicensingServerTheMDSCCAgentonlyprovidesthetotaldevicecounttotheNetaphorlicensingServertoensurethecorrectnumberofmanageddevices.Nootherinformationaboutthedevicesorusersortheirrespectiveusagesareprovidedtotheserver.Content Data amount Frequency
Numbersofmanageddevicesandinformationabout Approx.4‐6kB Onceaday
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
16
licensevalidation
5. MDSCloudServiceSecurityElements
5.1. MDSCloudServicePortalAuthentication
TogainaccesstotheMDSCloudPortal,ausermustbeproperlyauthenticated.Additionally,usersareassignedrolesspecifiedbyEnd‐Useradministratorsthatcontrolthefeaturesthatcanbeaccessed.Thisensuresthatuserscanonlyaccessdataandfeaturesthatareappropriateforthespecificrolesthattheyhavebeenassigned.UsersarealsopreventedfromaccessingdatafromothertenantsorEnd‐usersonMDSCloud.
5.2. MDSCCAgentAuthentication
MutualauthenticationisusedforcommunicationbetweentheMDSCCAgentandtheMDSCloud.Duringtheinstallationprocess,auniquekeyisprovidedtotheagent.Subsequentconnectionsmustbeauthenticatedusingtheuniqueagentkey.
TheMDSCCAgentcanbemanagedfromauserinterfaceviaaWebbrowser.TheconnectionrequiresauthenticationandisprotectedusingSSL/TLS.
5.3. UniversalGateway(UGW)Authentication
IntegrationwiththeUniversalGateway(UGW)requiresauthenticationwiththeUGWservice.ToenablethesecureestablishmentofcommunicationwiththeUGWService,theappropriateUGWcredentialsareconfiguredontheMDSCloudsystem,viaasecureWebbrowserinterface.
5.4. DataTransmissionSecurity
ThecommunicationprotocolbetweenaWebbrowserandCanonBusinessImagingOnlineserverisviaHTTPS(HTTPoverSSL/TLS)protocol.Additionally,communicationbetweentheWebbrowserandtheprintdevicethatisdoneaspartoftheDirectPrintcaseandcanalsobesecuredviaSSL/TLS(optional).TheCBIOServerCertificateissignedbyVeriSignandinstalledinCanonBusinessImagingOnlineserverenablingdataencryptionthroughSSLconnection.TheCanondeviceshavetherootVeriSigncertificatepre‐installedandanymodernWebbrowserusedbytheclientPCshouldaswell–thusnoadditionalconfigurationisneededforSSLcommunicationstoCBIO.
5.5. Validationofreceiveddata
MDSCloudServiceperformsthefollowingvalidationproceduresforthereceiveddata:SourceconfirmationIfthedatadidnotoriginatefromaregistereddevice,thedataisnotcaptured.
ConfirmationforreceiveddatacontentsThereceiveddataisalsocheckedforadequacyoftheformat.Inaddition,thecontentsarealsocheckedastowhethersufficientinformationisincludedornot.Thisincludesdatafrombackendorexternalsystems.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
17
5.6. End‐userDataSecurity
SecurityisprovidedfordatathatisstoredonCBIO.FortheMDSCloudService,onlyinformationrelatedtotheoperationandmanagementofdevicesisstoredonCBIO.Nevertheless,thesecurityofthedataisimportant,soitisencryptedbothintransitandinstorage.AllcommunicationswithCBIOareprotectedusingtheSSL/TLSprotocol.ThisprotectionisprovidedbothforcommunicationfromtheclientPCbrowserandthecommunicationwithCBIO‐enabledprintingdevices.Strongencryptionisprovidedfordatainstorage,viatheAES256algorithm.
SegmentationisprovidedbetweenEnd‐usersintheMDSCloudsystem.ACBIOEnd‐userortenantisacorporationorgroupwithincorporationsthatuseCanonBusinessImagingOnline.OnlyusersthatbelongtoacontractedgroupandhavecreatedaCanonBusinessImagingOnlineaccountinthatgroupcanuseCanonBusinessImagingOnline.
CanonBusinessImagingOnlineimplementsanintermediaryvirtualpartitionlayerbetweenatenantanduserdatathatmakesitappeartothetenantasthoughitsdataistheonlydataintheuserdatastorage.Tenantsettingsuseaccesscontrolliststodeterminewhocanaccessdataandwhattheycandowithit.Userprintdataisencryptedwithauniqueencryptionkeyforeachtenant/End‐userusingtheAES256encryptionalgorithm.
5.7. Accesscontrolforhierarchicalschemes(End‐usertenants)data
TheMDSCloudServicesupportshierarchicalschemes(End‐usertenants)andsupportsfeaturessuchas“ServiceDelegation”and“ServiceforGlobal/Regionalaccounts.”Forexample,ABCCompanyisregisteredasanupperlevel,whileeachofthebranchessuchasA‐Disregisteredasalowerlevel(Seediagrambelow).
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
18
WhenaconfirmationcodeissetupbytheServiceProviderthatisinitiallylinkedwiththeupperlevel,thespecificlowerlevelEnd‐usertenantcanbelinkedwithanotherServiceProvider.Then,thelowerleveltenant’sdatacanbesharedbetweentwoServiceProviders.1Thismeansthatallofinformation,excludingreportsthataremadebytheoriginalServiceProvideraboutthetenant,canbesharedwithanotherServiceProvider.1. Allinformationthatislistedin“DatafromtheMDSCCAgenttotheMDSCloud”(Sec.4.1.1)isshared.
TheotherServiceProvidercannotstartthedata‐sharingwithouttheEnd‐user’sacceptancewithaclickfromitsownEnd‐userportal.ServiceProviderswhodonothavetheconfirmationcodecannotaccessanyoftheEnd‐user’sdata.(Seediagrambelow)
(InformationsharingbetweendifferentServiceProviders)
ABC branchA ABC branchB ABC branchC
Service provider a. Service provider z.
ABC Co.
ABC branchC’sTenantID.
Confirm.code
ABC is initially linked with service provider a.
ABCbranch.C is linked(shared) withservice provider z.
Information about ABC branchC can be shared only between service provider a. and z.
Table Table Table
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
19
5.8. AvailabilityTheCanonMDSCloudisdesignedtoprovide99%annualuptime,providing24hours/day,7days/week.Thesystemisdesignedwithfail‐overcapability,sothatintheeventthataWebserver,applicationserver,ordatabaseserverisdown,thesystemwillcontinuetooperatenormallyandwillbeavailablewhenneeded.
6. CBIOInfrastructureArchitectureCBIOoffersenterprise‐classsecurityandreliabilitybyleveragingservicesfromarecognizedthird‐partycloudinfrastructureprovider.ThedatacentersthathostCBIOareTierIIIcertified,andofferhighlevelsofdataprotection,reliabilityofservice,andsecurity.AuthorizeduseraccesstotheMDSCloudbyEnd‐users(designatedcontact)orServiceProvidersisperformedviaasecureMDSwebportal.
OurdatacenterimplementsthefollowingmeasurestoprovideredundancyofEnd‐user'sdata.
Server Description
(Configuration) (System Disk) (Additional Disks) (NIC) WebServer ‐ Loadbalanced
‐VMfailoveronpartialhardwarefailure
Quadruplebackuponseparatedisks
Quadruplebackuponseparatedisks
Duplex
APServer - Loadbalanced‐VMfailoveronpartialhardwarefailure
Quadruplebackuponseparatedisks
Quadruplebackuponseparatedisks
Duplex
DatabaseServer
Mirroredbackedup Quadruplebackuponseparatedisks
Quadruplebackuponseparatedisks
Duplex
DNSServer
Duplex(primary/secondary)
RAIDoflocaldisksintheserver.
‐ Duplex
MonitoringServer
Coldstandby Quadruplebackuponseparatedisks
‐ Duplex
BackupServer
Single Quadruplebackuponseparatedisks
RAIDdisks Duplex
Disasterrecovery(Recoveryfromnaturaldisasters)Thisservicekeepsdailybacked‐updatainanotherremotelocation.Incasethedataisdamagedfromanaturaldisaster,itcouldberestoredfromtheremotebackup.BelowaresomeofthekeyarchitecturaldesignpointsfortheCBIOInfrastructure.
6.1. SharedInfrastructureResponsibilityModel
InfrastructureresponsibilitiesaresharedbetweenCanonandthecloudinfrastructureprovider.
ThecloudinfrastructureproviderisresponsibleforallaspectsofthephysicalsecurityofthedatacentersthathostCBIO,aswellasthevirtualizationlayersrelatedtosharedinfrastructurecomponents,suchasphysicalstoragefordata.Encryption(AES128)isusedbythecloudinfrastructureprovidertoprotectdatapartitionswithinphysicalstorageareas.
CanonUSAisresponsibleforthevirtualservers,operatingsystems(includingsecurityupdates)andapplicationsthatprovideCBIOservices.CBIOapplications,suchastheAuthenticationServicesandPrintServices,furtherenhancedatasecuritybyencryptingEnd‐userdatautilizingAES256usinguniquekeysforeachEnd‐user.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
20
6.2. PhysicalandEnvironmentalSecurity
ThefacilitiesusedtodeliverCBIOservicesarelocatedinJapan,incutting‐edgeearthquakeresistantdatacenters.Inthefuture,datacenterswillalsobelocatedintheU.S.
Thesefacilitiesareprotectedbythefollowingrangeoftechnologies:
Strictrestrictionsimposedonsections,serverrooms,andotherlocations.
CentralizedIDmanagementforemployeesandvisitors,includingwhereaboutstrackingviaRFID.
PalmandVeinAuthenticationisassociatedwithemployeeandvisitorIDsandisusedforaccesscontrol.
Tailgatedetectiontoensurethataccesstoasecuredareaisgrantedtoasinglepersonforeachvalidsecuritycardpresented.
Associationofsurveillancevideowitheventlogs,andlongtermstorageofsecurityvideoandeventlogs.
6.3. SystemsSecurity
ThefollowingpracticesandtechnologiesareutilizedonCBIOrelatedhostsystems:
Patchmanagementforsecurityupdates
Useofantivirussoftwareformalwaredetection
Useofhost‐basedfirewalls
Logmanagement
Independentsecurityassessments
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
21
6.4. BusinessContinuityandDataManagement
CBIOemploysnumerouslevelsofredundancyformajorcomponentssuchasservers,storage,networkdevicesandpowersupplyequipmentinordertoeliminatesinglepointsoffailure.
Backupsofinfrastructurecomponentsarehandledbytheserviceprovider.Further,CanonUSAperformsbackupsofCBIOsystems,applicationsandEnd‐userdatainordertoachievebusinesscontinuitymanagement.
6.5. MonitoringandLogManagement
CBIOsystemsareconfiguredtostoreeventlogslocally,aswellasforwardeventstocentralizedlogmanagementservers.AllsystemssynchronizetimeviaNTPtoensureaccuratetimestampsofevents,andenableeventcorrelationbetweenvarioussecuritysystems.Forexample,videosurveillancelogscanbematchedwithsystemaccessentries.Logsaresavedforaperiodof5years.
6.6. IncidentManagement
Policies,processesandproceduresareestablishedtorapidlyandaccuratelymanageinformationsecurityincidents.Further,CanonUSAoritsaffiliateconstantlymonitorssecurityrelatedinformationfornewdevelopmentsandpotentialissuesinordertomaintainthehighestlevelsofsecurity.
6.7. RelatedCertifications
ThefollowingcertificationshavebeenattainedbyCanonUSAoritsaffiliateand/orit’sServiceProviderforCBIOrelatedinfrastructure:ISO9001/ISO14001//ISO20000/ISO27001/Privacymark(JISQ15001).
6.8. IndependentSecurityAssessments
Priortolaunch,theCBIOInfrastructureandsystemsunderwentextensiveinternalandexternalpenetrationtestingbyanindependentsecuritycompany.Independentsecurityassessmentsarealsoperformedonperiodicbasistoensurethehighestsecuritystandardsaremaintained.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
22
7. CBIOCoreServicesOverviewCanonBusinessImagingOnline(CBIO)providesasetofcoreserviceswhichMDSCloudisbuiltupon.ThissetofservicesincludesManagementServices(suchasUserandTenant),anAuthenticationServiceandaLogService.UserscanlogintoCBIOviaaWebbrowserandCanonmulti‐functiondevices.
7.1. AuthenticationandAuthorizationServices
AuthenticationandAuthorizationServicesareusedtoenableaccesstoCBIObasedonaUserIDandpasswordandmanageduserroles.TheunifiedauthenticationprocessdetersmalicioususersfromaccessingCBIOservices.
AuthenticationandAuthorizationServicesareusedbyallCBIOservices.
AuthenticationServicesupportstheSAML2.0protocolandcanprovideSingleSignOn(SSO)withotherprovider’scloudservicestoprovideseamlessconnections.
7.2ManagementandLogServices
ManagementandLogServicesareusedtomanageCBIOIDinformation(subscriptions)aswellasoperationinformation.CBIOmanagesthefollowingusersandusageactivities: Tenantinformation UserID/passwordinformation Userroles Alluseractivities(useroperations)aretrackedandmanagedbyLogServices.
MDS Cloud – Security White Paper (c) 2014 Canon U.S.A. Inc., All rights reserved.
23
8. CBIOSecurityOverviewAhigh‐levelsummaryofsecurityfeaturesforCanonBusinessImagingOnlineisdescribedinthechartbelow.
Item HowSecured
DatacenterCertification ISO9001/ISO14001/ISO20000/ISO27001
Networkprotocol https(SSL3.0)
Authentication ID,passwordrequiredtologin
Singlesignonprotocol SAML2.0
Datacentersecurity DataSeparation,AccessControl,Encryptionofprintdata(AES256)
DataCenterfacilitysecurity Palmandveinauthenticationforentrance 24hourmonitoring WhereaboutstrackingusingRFIDtagsmonitorsallemployeesandvisitors
Lockedracks
8.1SingleSignOn
InordertousetheservicesofCanonBusinessImagingOnline(CBIO),usersmustbeauthenticated.CanonBusinessImagingOnlinesupportsSAML2.0(SecurityAssertionMarkupLanguage)andprovidesSingleSign‐OnfunctionalityviatheWebbrowser.
8.1.1SAML
SAMLisanXMLstandardestablishedbytheinformationstandardsassociationOASIS,andisusedforexchangingauthenticationinformationbetweendifferentsitessafelyandinsuchawaythatitenablessinglesign‐on.