3
setup Custom Permissions for Device Website Permissions to
Restrict
access to Home, Address Books and all
Jobs.
iii.
If network authorization using LDAP is desired, follow the “Configuring LDAP Permission Groups” instructions
under “Configuring Authentication Settings” in Section 4 of the SAG. Make sure to only follow the instructions
pertaining to setting up an LDAP Server.
5.
Personalization
: Enable personalization by following the instructions for ““Configuring LDAP User Mappings” under
“LDAP” in Section 3 of the SAG.
6.
Immediate Image Overwrite
(Only for VersaLink Multifunction Printers that have a Hard Disk Drive): Follow the
instructions under ‘To enable Disk Overwrite’ under ‘Managing Disk Overwrite” under “Managing Disk Drives” in
Section 4 of the SAG to enable Immediate Image Overwrite from the Web UI.
7.
Security Certificates
: Install a digital certificate on the device before enabling SSL/TLS by following the appropriate
instructions under “Security Certificates” in in Section 4 of the SAG for installing any one of the three types of digital
certificates – Device Certificates, CA Certificates and Trusted Certificates - the device supports. Note that the default
certificate comes already installed on the device when it comes out of manufacturing, so the System Administrator
has the option of using the default certificate already installed on the device or create a new certificate.
Follow the instructions for “Selecting a Certificate” to select a certificate already uploaded onto the device for use.
To import a certificate follow the instructions for “Importing a Certificate”. Note that to import a certificate HTTPS
must be enabled (see I.b.8).
To create a self-signed certificate to use on the device follow the instructions for “Creating a Certificate”.
If no Device Certificate is available, the device can automatically create a self-signed certificate by following the
instructions for “Enabling Automatic Self-Signed Certificates”.
If a CA certificate is desired a Certificate Signing Request (CSR) will have to be sent to a Certificate Authority to obtain
the CA Certificate before it can be installed on the device; follow the instructions for “Creating a Certificate Signing
Request” under “Security Certificates” in Section 4 of the SAG to create the CSR.
If desired, certificate path validation can be performed by following the instructions for “Enabling Certificate Path
Validation”.
Finally, set the options for certificate revocation by following the instructions for “Configuring Settings for Certificate
Revocation”.
8.
Transport Layer Security (TLS)/Secure Sockets Layer (SSL)
:
Note that on VersaLink devices SSL has been removed so only TLS is supported.
i.
Follow the instructions under ‘Configuring DNS Settings” (under “Configuring IP Settings in the Embedded Web
Server” under “IP”) in Section 3 of the SAG for entering the host and domain names, to assign the machine a
valid, fully qualified machine name and domain from the Web UI (required for SSL to work properly).
ii.
Enable HTTPS from the Control Panel or Web UI, respectively, by following the instructions for “Enabling HTTPS
at the Control Panel” or “Enabling HTTPS in the Embedded Web Server” under “Managing Settings for SSL/TLS”
in Section 4 of the SAG.
iii.
Configure SSL/TLS by following the instructions for “Configuring Settings for SSL/TLS” under “Managing Settings
for SSL/TLS” in Section 4 of the SAG. For the most secure operation make sure that the ‘HTTP – SSL/TLS
Communication’, ‘LDAP – SSL/TLS Communication’ and ‘SMTP – SSL/TLS Communication’ options are all toggled
to be enabled and that SSLv3.0 is disabled in favor of TLS v1.x to avoid vulnerabilities associated with
downgrading from TLS to SSLv3.0. The device has the ability to only use either TLS 1.0, TLS 1.1 and TLS 1.2 or a
combination of the three. For secure operation disable TLS 1.0 by performing the following:
Access the WebUI by typing https://{IP Address of the device}.
Authenticate as a System Administrator (see I.a).
Select
System
>
Security
>
SSL/TLS Settings
.
Make sure the ‘TLS 1.0’ checkbox is not selected.
Click
OK
.
9.
FIPS 140-2 Mode
: Encryption of transmitted and stored data by the device must meet the FIPS 140-2 Standard.
Enable the use of encryption in “FIPS 140 mode” and check for compliance of certificates stored on the device to the
FIPS 140-2 Standard by following the instructions for “FIPS 140-2” under “Managing Network Security Settings” in
Section 4 of the SAG.
