5-4 A-61588 July 2008
Securing your Scan
Station
Network security is an important part of every day business and it is
important that network devices do not allow intrusions from outside
sources. The Scan Station 100 is configured to prevent external attacks
from the Internet, and from direct access by users. With this in mind,
several steps were taken to block access to the Scan Station’s
operating system.
• First, the Scan Station has an internal firewall active that only allows
a response to an “echo (ping)” command. Inbound ports are blocked
and will not respond to queries from the network.
• Second, the Scan Station is protected from external intrusions via the
USB ports found on the front and back of the device. The operating
system is configured to disable any auto-run action that could occur
when presenting a new USB device to the system. The Scan Station
application recognizes the presence of a USB removable device, but
will only open and read files that have been created and encrypted
specifically for use by the Scan Station. Any file found on a
removable device that is not properly encrypted will be ignored. This
makes it almost impossible to introduce a virus from inserting a
removable device with an infected executable.
• Finally, viruses frequently find their way into a network-connected
computer via email. Most viruses are spread as email attachments
and infect a computer after the email has been opened and the
attachment executed. The Scan Station does not receive any
incoming emails, therefore, it cannot be infected in this manner.
Password protecting your
configuration file
There are several ways an administrator can secure the Scan Station
using passwords. As previously described in Chapter 3, the
administrator can add a password (32-character alphanumeric PIN) to
any administrative configuration file created (select
User>Configuration Password and enter a password). This prevents
access to the configuration file in the following ways:
• If the configuration file is saved with this password, it cannot be read
by a user running the Configuration Organizer without knowing the
password. Upon insertion of a flash drive that contains a password-
protected configuration file, the user will be prompted to enter the
password. Failure to correctly enter the password forces the
Configuration Organizer to ignore the file and proceed as if no file
exists.
• When a password configuration file is used to update a Scan Station,
the password is applied to the configuration on the Scan Station and
any attempts to modify the Scan Station’s configuration requires the
entry of the correct password before any changes can be made.
Because of this protection it is imperative that the password be kept
in a safe place and not forgotten. If the password is forgotten, it will
require you to contact Kodak Service to unlock the Scan Station.