manualshive.com logo in svg

Lexmark X65X series, Administrator'S Manual

The Lexmark X65X series is a versatile printer designed for high-speed, high-quality printing. For detailed information on setting up and using this device, download the Administrator's Manual for free from our website. This comprehensive manual provides step-by-step instructions to maximize the functionality of your Lexmark X65X printer.

Share
Download
background image

Securing network connections

Configuring 802.1X authentication

Note: 

This feature is available only in advanced

security devices.

Though normally associated with wireless devices and connectivity, 802.1X authentication supports both wired and
wireless environments.

The following network authentication mechanisms can be included in the 802.1X protocol negotiation:

EAP

MD5

EAP

TLS

EAP

TTLS with the following methods:

CHAP

MSCHAP

MSCHAPv2

PAP

EAP_MSCHAPV2

PEAP

LEAP

Use

To

EAP

MD5

Require a device login name and password.

EAP

TLS

Require a device login name and password, CA certificate, and signed device
certificate.

EAP

TTLS

Require a device login name and password, and CA certificate.

PEAP (PEAP

MSCHAPV2)

Require a device login name and password, and CA certificate.

PEAP (TLS)

Require a device login name and password, CA certificate, and signed device
certificate.

LEAP

Require a device login name and password.

Note: 

Make sure that all of the devices participating in the 802.1X process support the same EAP authentication

type.

1

From the Embedded Web Server, click 

Settings

 > 

Security

 > 

802.1x

.

2

Under 802.1x Authentication, do the following:

a

Select 

Active

 to enable 802.1X authentication.

b

Type the login name and password the printer uses to log in to the authentication server.

c

Select the 

Validate Server Certificate

 check box to require verification of the security certificate on the

authenticating server.

Securing network connections

38

Summary of Contents for X65X series

Page 1: ...Server Security Administrator s Guide September 2014 www lexmark com Model s C54x C73x C746 C748 C792 C925 C950 E260 E360 E46x T65x W850 X264 X36x X46x X543 X544 X546 X548 X65x X73x X74x X792 X796 X8...

Page 2: ...iguring the device for certificate information 24 Managing devices remotely 28 Using HTTPS for device management 28 Setting a backup password 28 Setting up SNMP 29 Configuring security audit log setti...

Page 3: ...Authentication 52 Smart Card authentication 52 Security scenarios 54 Scenario Printer in a public place 54 Scenario Standalone or small office 55 Scenario Network running Active Directory 56 Scenario...

Page 4: ...ication and authorization on page 5 Simple security devices C540 C543 C544 C546 C746 E260d E260dn E360d E360dn X264dn X363dn X364dn X364dw X543 X544 X546dtn Advanced security devices C73x C748 C792 C9...

Page 5: ...cation and authorization methods More advanced security permits internal and external authentication and authorization as well as additional restriction capability for management function and solution...

Page 6: ...Internal Accounts LDAP LDAP GSSAPI Kerberos 5 used only with LDAP GSSAPI and the Smart Card Authentication application Active Directory available only in some printer models To provide simple security...

Page 7: ...rotected access to common device functions while others require tighter security and role based restrictions Individually building blocks groups and access controls may not meet the needs of a complex...

Page 8: ...on your printer do either of the following Under Basic Security Setup Create User Password type a password in the appropriate field retype the password to confirm it and then click Modify Select Creat...

Page 9: ...ictions a Under Basic Security Setup Create User PIN enter a PIN in the appropriate field and then reenter the PIN to confirm it b Under Basic Security Setup Create Admin PIN enter a PIN in the approp...

Page 10: ...3 Click Apply Basic Security Setup Note Applying this setup may overwrite a previous configuration The new settings are submitted The next time you access Security Setup you will be required to enter...

Page 11: ...d by a user level password can be accessed using any administrator level password 7 Click Submit Notes To edit a password select a password from the list and then modify the settings To delete a passw...

Page 12: ...tions needed for all users and for specific users Note When a security template is assigned to a group a role is created Users can be assigned to more than one group or role Using the Embedded Web Ser...

Page 13: ...dit Building Blocks Internal Accounts General Settings 3 Set Required User Credentials to User ID and password and then touch Submit 4 Select Manage Internal Accounts Add Entry 5 Type the user account...

Page 14: ...message appears if the configuration is not successful 4 Click Manage Security Templates to use the Active Directory information to complete your security setup If you want to review or make some smal...

Page 15: ...ecially organized information directory It can interact with many different kinds of databases without special integration making it more flexible than other authentication methods Notes Supported dev...

Page 16: ...d make the Distinguished Name and MFP Password fields unavailable Distinguished Name Type the distinguished name of the print server or servers MFP s Password Type the password for the print servers S...

Page 17: ...nning Active Directory Notes LDAP GSSAPI requires Kerberos 5 to be configured Supported devices can store a maximum of five unique LDAP GSSAPI configurations Each configuration must have a unique name...

Page 18: ...ct classes Person Allow the person object class to be searched Custom Object Class Allow the custom search object class to be searched You can define up to three custom search object classes LDAP Grou...

Page 19: ...be able to access protected device functions To help prevent unauthorized access log out from the printer after each session Creating a simple Kerberos configuration file 1 From the Embedded Web Serv...

Page 20: ...If you select UTC user Custom from the Time Zone list then you need to configure more settings under Custom Time Zone Setup 3 If daylight saving time DST is observed in your area then select Automatic...

Page 21: ...ate 5 From the Authentication Setup list select a building block method for authenticating users Note The Authentication Setup list is populated with the authentication building blocks that have been...

Page 22: ...cel all changes Notes To help prevent unauthorized access log out from the printer after each session For a list of individual access controls see Appendix C Access controls on page 66 Using the contr...

Page 23: ...h a touch screen display 1 Navigate to the menu screen 2 Touch Security Edit Security Setups Edit Security Templates 3 Do one of the following To remove all security templates touch Delete List To rem...

Page 24: ...o print servers The Certificate Authority CA certificate is needed so that the printer can trust and validate the credentials of another system on the network Without a CA certificate the printer cann...

Page 25: ...ificates select New to open a Certificate Generation Parameters page For more information see Creating a new device certificate on page 26 5 Click Download Signing Request and then save and open the c...

Page 26: ...want to use the host name for the device Organization Name Type the name of the company or organization issuing the certificate 128 character maximum UnitName Typethenameoftheunitwithinthecompanyoror...

Page 27: ...Leave this field blank to use the domain name for the device Organization Name Type the name of the company or organization issuing the certificate Unit Name Type the name of the unit within the compa...

Page 28: ...icies prohibit the use of a backup password Consult your organization s policies before deploying any security method that might compromise those policies The backup password is not associated with an...

Page 29: ...allow remote installation and configuration changes and device monitoring type login information in the SNMPv3 Read Write User and SNMPv3 Read Write Password fields 4 To allow device monitoring only...

Page 30: ...same facility code to aid in sorting and filtering by network monitoring or intrusion detection software Note step 3 on page 30 through step 6 and step 8 are valid only if Remote Syslog is enabled 7...

Page 31: ...Use SSL TLS list select Disabled Negotiate or Required to specify whether e mail will be sent using an encrypted link 8 If your SMTP server requires user credentials then select an authentication met...

Page 32: ...at is known only to Lexmark However the strongest security measure comes from requiring all firmware packages to include multiple digital 2048 bit RSA signatures from Lexmark If these signatures are n...

Page 33: ...2 and 10 to specify the number of times users can enter an incorrect PIN before being locked out When the limit is reached the print jobs for that user name and PIN is deleted Confidential Job Expirat...

Page 34: ...time Specify how long the lockout lasts Panel Login Timeout Specify how long a user may be logged in before being automatically logged out Remote Login Timeout Specify how long a user may be logged in...

Page 35: ...e action b Add the entry Notes Use of USB devices is enabled by default For each Disable schedule entry create an Enable schedule entry to reactivate use of the USB devices Enabling the security reset...

Page 36: ...ntials are provided 1 From the Embedded Web Server click Settings Fax Settings Analog Fax Setup Holding Faxes 2 Select the appropriate help fax mode Always On Always holds the fax jobs Manual Lets use...

Page 37: ...ed jobs received during the locked period are printed Confidential print jobs received during the lock state are not printed but are available through the confidential print job menu on the control pa...

Page 38: ...TTLS Require a device login name and password and CA certificate PEAP PEAP MSCHAPV2 Require a device login name and password and CA certificate PEAP TLS Require a device login name and password CA ce...

Page 39: ...he printer 5 Apply the changes Note The print server resets when changes are made to settings marked with an asterisk on the Embedded Web Server Configuring IP security settings Note This setting is a...

Page 40: ...ertificate setting can be configured Address subnet You can type a maximum of 59 bytes of characters Settings DH Group DH Diffie Hellman Group Proposal modp768 1 modp1024 2 modp1536 5 modp2048 14 Encr...

Page 41: ...the Embedded Web Server click Settings Security TCP IP Port Access Note A list of TCP IP ports appears All ports except TCP 10000 Telnet are enabled by default 2 Click the check box of the TCP IP por...

Page 42: ...he critical and sensitive components of the device such as the controller board and hard disk These locks let you identify whether the physical components containing sensitive data on the devices have...

Page 43: ...ngs Security Disk Encryption Note Disk Encryption appears in the Security menu only when a formatted working hard disk is installed 2 From the Disk Encryption menu select either of the following Disab...

Page 44: ...ed solution applications various scanner settings and bookmark settings No user related print copy or scan data is stored in non volatile memory The user may erase selected groups of data or all data...

Page 45: ...the list select Restore Factory Defaults Restore Settings From the list select Factory Reset or Restore Factory Settings 4 Depending on your printer select one of the following settings Restore Printe...

Page 46: ...res or sending and receiving held fax jobs This data remains on the hard disk until you print or delete the job or until the document expires through the job expiration feature When a data file is del...

Page 47: ...he default setting In devices that support a hard disk you can access the diskwiping menu from thedeviceEmbedded WebServer In most devices themenu canalso beaccessed from the control panel If the disk...

Page 48: ...oning the device Replacing the hard disk Moving the device to a different department or location Preparing the device to be serviced by someone outside the organization Removing the device from the pr...

Page 49: ...Embedded Web Server 1 Click Settings Security Note Depending on your printer model click Restore Factory Defaults 2 Depending on your printer firmware version click Out of Service Erase or Out of Ser...

Page 50: ...ntains various types of memory that are capable of storing device and network settings information from embedded solutions and user data The types of memory along with the types of data stored by each...

Page 51: ...tings Erase individual printer settings using the control panel or the Embedded Web Server For more information see the printer User s Guide Device and network settings Erase device and network settin...

Page 52: ...r all DRAM memory used to store job data after a job is completed enable Clear Print Data under Advanced Settings For more information on how to configure and use the application see Secure Held Print...

Page 53: ...For more information on how to configure and use this application see Smart Card Authentication Administrator s Guide Security solutions 53...

Page 54: ...cess to the security settings For more information see Creating a Web page password and applying access control restrictions on page 8 Setting up advanced security devices 1 Create a building block pa...

Page 55: ...ounts 1 From the Embedded Web Server click Settings Security Security Setup 2 Under Advanced Security Setup click Internal Accounts and then configure it For more information on configuring individual...

Page 56: ...lowing Domain name User ID for the domain Password for the User ID For more information see Connecting your printer to an Active Directory domain on page 14 Create a security template 1 From the Embed...

Page 57: ...gs We recommend specifying an e mail address for the administrator and selectingn the events to be e mailed 6 Set up secure LDAP authentication and authorization For more information see Using LDAP on...

Page 58: ...ication Privacy 5 If necessary configure the audit logging For more information see Configuring security audit log settings on page 30 If necessary remote system log for events can be specified by ide...

Page 59: ...ut is not running then select the application name and then click Start If the authentication token does not appear in the list of installed solutions then contact the Solutions Help Desk for assistan...

Page 60: ...ROS FILE HAS BEEN UPLOADED 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 If you are using Simple Kerberos Setup then clear Use Device Kerb...

Page 61: ...erver click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 From the Simple Kerberos Setup add the Windows Domain in lowercase to the Domain setting For example if the Domain se...

Page 62: ...eshooting on page 62 User is logged out automatically INCREASE THE PANEL LOGIN TIMEOUT INTERVAL 1 From the Embedded Web Server click Settings Security Miscellaneous Security Settings Login Restriction...

Page 63: ...Address Book Setup 2 If necessary modify the following settings Server Port Set this port to 636 Use SSL TLS Select SSL TLS LDAP Certificate Verification Select Never 3 Apply the changes NARROW THE LD...

Page 64: ...SURE THAT PKI AUTHENTICATION IS SET TO THE CORRECT USER ID 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 From the User Session and Access...

Page 65: ...BE HELD 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Held Jobs Configure 2 From the Advanced Settings section enable Require All Jobs to be Held and Clear Print Dat...

Page 66: ...the Certificate Authority assumes usage of a Windows Certificate Authority server 1 Point the browser window to the CA Make sure to use the URL http CA s address CertSrv where CA s address is the IP...

Page 67: ...the Paper menu from the printer control panel Paper Menu Remotely This protects access to the Paper menu from the Embedded Web Server Remote Certificate Management When disabled it is no longer possib...

Page 68: ...o import and export printer settings files UCF files from the Embedded Web Server Function access control What it does Address Book Thiscontrols the ability to perform addressbook searchesin the Scan...

Page 69: ...s control for each solution is assigned in the creation or configuration of the application or profile Note Depending on the solutions you have installed additional solution specific access controls m...

Page 70: ...sponding field at the top of the screen The keyboard display may also contain other icons such as Next Submit Cancel and the home icon To type a single uppercase or shift character touch Shift and the...

Page 71: ...lly equivalent product program or service that does not infringe any existing intellectual property right may be used instead Evaluation and verification of operation in conjunction with other product...

Page 72: ...bs Java page for up to date versions of this and other fine Java utilities http www acme com java ZXing 1 7 This project consists of contributions from several people recognized here for convenience i...

Page 73: ...mmunication sent to the Licensor or its representatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed b...

Page 74: ...the NOTICE file 7 Disclaimer of Warranty Unless required by applicable law or agreed to in writing Licensor provides the Work and each Contributor provides its Contributions on an AS IS BASIS WITHOUT...

Page 75: ...a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITH...

Page 76: ...or specifying which functions are available to a user i e what the user is allowed to do Building Block Authentication and Authorization tools used in the Embedded Web Server They include password PIN...

Page 77: ...realm 61 cannot use Held Jobs 63 Card Authentication 52 card authentication 52 CA Signed Device Certificate creation Appendix B 66 certificate creating 26 deleting 26 downloading 26 viewing 26 Certif...

Page 78: ...asing 51 non volatile memory erasure 44 not authorized to use Held Jobs 63 notices 71 O Operator Panel Lock enabling 36 out of service wiping configuring 49 P Panel PIN Protect 9 password advanced sec...

Page 79: ...4 KDC and MFP clocks out of sync 60 KDC does not respond within the required time 61 Kerberos file not uploaded 60 LDAP lookup failure 62 63 LDAP lookups take too long 62 login does not respond while...

Reviews:

No comments

Related manuals for X65X series

Xerox 665 User Manual preview
665
Brand: Xerox Pages: 89
Oki C911dn Mode D'Emploi preview
C911dn
Brand: Oki Pages: 147
Oki C9600 Series Printing Manual preview
C9600 Series
Brand: Oki Pages: 12
Oki C911 DICOM Maintenance Manual preview
C911 DICOM
Brand: Oki Pages: 297
Oki C9000 Series Printing Manual preview
C9000 Series
Brand: Oki Pages: 111
Oki C9000 Series Brochure & Specs preview
C9000 Series
Brand: Oki Pages: 6
Oki C5510n MFP Specifications preview
C5510n MFP
Brand: Oki Pages: 2
Oki C6000dn Handy Reference preview
C6000dn
Brand: Oki Pages: 108
Oki C5800Ldn Series Guía Del Usuario preview
C5800Ldn Series
Brand: Oki Pages: 266
Oki C5800Ldn Series Manual Do Utilizador preview
C5800Ldn Series
Brand: Oki Pages: 276
Oki C9300 Series Setup Manual preview
C9300 Series
Brand: Oki Pages: 12
Oki C5400 Series Manuel preview
C5400 Series
Brand: Oki Pages: 354
Oki C5400 Series Reference preview
C5400 Series
Brand: Oki Pages: 78
Oki C5400 Series User Manual preview
C5400 Series
Brand: Oki Pages: 328
Oki C5300n Install Manual preview
C5300n
Brand: Oki Pages: 24
Oki C7350hdn User Manual preview
C7350hdn
Brand: Oki Pages: 719
Oki C7350hdn Software Installation Manual preview
C7350hdn
Brand: Oki Pages: 20
Oki C530dn Security Manual preview
C530dn
Brand: Oki Pages: 23

Brands by name

Popular brands

Load more brands