13
Once Embedded Device Security is enabled on the device, any attempts to read from read-protected files and
directories or to change write-protected files and directories will result in a Security Alert being recorded in the
Audit Log. If configured, an email alert will also be sent.
h. Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set
to 80; this will disable the Web UI. Also, configure IP filtering so that traffic to open ports from external users
(specified by subnet mask) is dropped and so that following ports for web services are closed: tcp ports 53202,
53303, 53404 and tcp/udp port 3702. Also, ensure that entire access to the device is not blocked by defining, for
example, a rule for IP Address 0.0.0.0 with a reject/drop action kept in Position 1 in the list of IP Filters.
i.
E
nsure the user permission roles names do not contain single quotes (‘) or double quotes (“).
j.
Ensure there are no jobs being held by the device when data encryption is enabled/disabled.
k. If the hash algorithm is selected to be SHA-256 (for those cases (e.g., IPsec) where a hash algorithm can be
selected) the Administrator may not be able to change the hash selection to be SHA-1.
l.
Users should be aware that correct remote repository document pathnames for the receipt of workflow scanning
jobs should start wit
h one ‘\’ as opposed to the two ‘\’s shown in the SAG (e.g., page 140).
m. Users should be provided with appropriate training on how to use the device in a secure manner before being
assigned user accounts to access the device.
n. Before upgrading software on the device via the Manual/Automatic Customer Software Upgrade, please check for
the latest certified software versions. Otherwise, the machine may not remain in its evaluated configuration.
o. Users experiencing problems logging in to the device using the Web UI only on a particular web browser are advised
to switch to a different web browser.
p. The device should be installed in a standard office environment. Office personnel should be made aware of
authorized service calls (for example through appropriate signage) in order to discourage unauthorized physical
attacks such as attempts to remove the internal hard disk drive(s). Ensure that office personnel are made aware to
pick up the outputs of print and copy jobs in a timely manner.
q. Caution: The device allows an authenticated System Administrator to disable functions like Image Overwrite
Security that are necessary for secure operation. Periodically review the configuration of all installed machines in
your environment to verify that the proper evaluated configuration is maintained.
r. System Administrators should avoid opening emails and attachments from unknown sources unless the emails and
attachments have been properly scanned for viruses, malware, etc.
s. System Administrators and users should:
Whenever possible use a browser to access the WebUI whose only purpose is to access the WebUI.
Always logoff the browser immediately after completing any tasks associated with accessing the WebUI.
Not allow the browser to either save their username/password or “remember” their login.
Follow secure measures, only use browsers with TLS 1.0 and above and not open any malicious links or
documents with their browser.
IV.
Secure Operation
of Device Services/Functions Not Part of the Evaluated Configuration
a. Change the SNMPv1/v2c public/private community strings from their default string names to random un-
guessable string names of at least 8 characters in length.
b. SNMPv3 cannot be enabled until SSL and HTTPS (SSL) are enabled on the machine. To enable SNMPv3
follow the instructions f
or “Configuring SNMPv3” under “SNMP” in Section 3 of the SAG.
Be aware that in configuring SNMPv3 there is the option of resetting both the Privacy and Authentication
passwords back to their default values. This option should only be used if necessary since if the default
passwords are not known no one will be able to access the SNMP administrator account
8
.
8
The SNMP administrator account is strictly for the purposes of accessing and modifying the MIB objects via SNMP; it is separate from the
System Administrator “admin” user account or user accounts given SA privileges by the System Administrator “admin” user. The administrator
account cannot perform any System Administrator functions.