4
Since Kerberos and SNMPv3 are not FIPS compliant secure protocols, make sure when enabling FIPS mode that you
set up the proper exceptions for both Kerberos and SNMPv3.
10.
Data Encryption
: Disk encryption is automatically enabled on a VersaLink device and cannot be disabled.
11.
IP Filtering
: Enable and configure filtering of IP addresses by following the instructions under “Configuring Filters for
IP Addresses” in Section 4 of the SAG.
Note also that a zero (‘0’) should be used and not an asterisk (‘*’) if a wildcard is needed for an IP address to be filtered.
12.
Audit Log
:
Enable the audit log, download the audit log .csv file and then store it in a compressed file on an external IT product
using the Web UI by following the instructions for then audit log in “Downloading a Log File” under “Network Logs”
in Section 4 of the SAG.
The System Administrator should download and review the main Audit Log and protocol log files on a daily basis.
The main Audit Log can contain up to 15,000 entries. Once the Audit Log is full it will overwrite the oldest event with
the new event information, and it will keep logging events this way until the main Audit Log is cleared.
The System Administrator should be aware that there is the possibility that on an intermittent basis multiple entries
may be included in the audit log for the same event.
13.
IPSec
: Enable and configure IPSec by following the instructions under “IPsec” in Section 4 of the SAG. Note that IPSec
should be used to secure printing jobs; HTTPS should be used to secure scanning jobs. Use the default values for IPSec
parameters whenever possible for secure IPSec setup.
14.
Session Inactivity Timeout
: Enable the session inactivity timers (termination of an inactive session) from the Web
UI by following the instructions for “Setting System Timeouts” in Section 4 of the SAG.
The default session timeout limits are 90 seconds for the Control Panel and 20 minutes for the Web UI.
15.
Secure Print
: For best security print jobs (other than LANFax jobs) submitted to the device from a client or from the
Web UI should be submitted as a secure print job. To ensure that print jobs can only be submitted as secure print jobs,
set up the Printing User Roles (see I.b.4) as follows:
Under Basic Printing User select
Edit
.
Select
Custom Permissions
and then touch
OK
Under ‘Allowed Print Types’ toggle
Secure
to enabled and toggle the other print types to disabled.
Touch
OK
16.
802.1x Device Authentication
: Enable and configure 802.1x device authentication from the Control Panel by
following the instructions for “802.1x” under ”Managing Network Security Settings” in Section 4 of the SAG.
17.
USB Port Security
:
Enable or disable the USB Ports using the Web UI by following the instructions for “Enabling and
Disabling USB Ports” under “USB Port Security” in Section 4 of the SAG.
18.
S/MIME
: S/MIME should be enabled and configured for supporting MIME data for scan to email by following the
instructions for “S/MIME” In Section 3 of the SAG.
c.
The following protocols, services and functions should be enabled when needed:
TCP/IP
Date and Time
Copy
Embedded Fax
Fax Forwarding on Receive (for received Embedded Faxes)
Scan to E-mail
Scanning
Scan to USB
Print from USB
SNTP
SNMPv3
Wireless
When setting up the device to be secure, perform the following special setup for the above services (otherwise follow the
appropriate instructions in the appropriate section of the SAG to set up and/or configure the protocol/service/function):
