Lexmark X65X series Скачать руководство пользователя страница 57 | Manualshive

Страница: 57 / 79

background image

Scenario: More security

‑

aware environment (802.1X) and

SNMPv3

In this scenario, the network uses 802.1X communication to restrict network access, and secure LDAP to enforce
authentication and authorization for access of device functions. Also, device access is logged and the device is remotely
managed using SNMPv3.

1

Load a CA certificate for the authority you want into the device. For more information, see

“Installing a Certificate

Authority certificate on the device” on page 24

.

2

Create the CA

‑

signed device certificate and load it into the device. For more information, see

“Configuring the device

for certificate information” on page 24

.

3

Set up a secure a connection using the 802.1X authentication. Make sure that the usage of 802.1X is specified in
the CA

‑

signed certificate. For more information, see

“Configuring 802.1X authentication” on page 38

.

4

To allow remote management of SNMPv3, enable SNMPv3, and then disable SNMPv1,2. For more information, see

“Setting up SNMP” on page 29

.

Note:

Specify the user credentials for Read/Write and optionally Read/Only users. We recommend setting the

authentication level to

Authentication, Privacy

.

5

Configure audit logging. For more information, see

“Configuring security audit log settings” on page 30

. Remote

system log for events can be specified by identifying the syslog server and selecting the appropriate settings. We
recommend specifying an e

‑

mail address for the administrator and selectingn the events to be e

‑

mailed.

6

Set up secure LDAP authentication and authorization. For more information, see

“Using LDAP” on page 15

.

Note:

Specify the LDAP setup name, server address, port, and other appropriate settings. To enhance security,

use a TLS or SSL/TLS connection.

7

Create one or more security templates using the LDAP building block, and then assign them to the appropriate
access controls. For more information, see

“Using a security template to control function access” on page 20

.

Scenario: Network

‑

based usage restrictions using access card

Note:

Before your begin, make sure that Smart Card Authentication bundle is installed.

In this scenario, the network uses an Active Directory environment. A SIPR access card and a password is used for device
authentication and authorization. Device access is audited and the device is remotely managed using SNMPv3. All ports
except the HTTPS (443) port and the SNMPv3 port are blocked.

1

Configure the Active Directory domain. For more information, see “Connecting your printer to an Active Directory
domain” on page 20.

Make sure to specify the following:

•

Domain name

•

User ID

•

Password

2

Configure the Smart Card Authentication bundle. For more information, see

Smart Card Authentication

Administrator’s Guide

.

Note:

To secure access to all applications and printer functions on the home screen, configure Background and

Idle Screen. For more information, see

Background and Idle Screen Administrator’s Guide

.

Security scenarios

57

«
...
55
56
57
58
59
...
»

Содержание X65X series

Страница 1: ...Server Security Administrator s Guide September 2014 www lexmark com Model s C54x C73x C746 C748 C792 C925 C950 E260 E360 E46x T65x W850 X264 X36x X46x X543 X544 X546 X548 X65x X73x X74x X792 X796 X8...

Страница 2: ...iguring the device for certificate information 24 Managing devices remotely 28 Using HTTPS for device management 28 Setting a backup password 28 Setting up SNMP 29 Configuring security audit log setti...

Страница 3: ...Authentication 52 Smart Card authentication 52 Security scenarios 54 Scenario Printer in a public place 54 Scenario Standalone or small office 55 Scenario Network running Active Directory 56 Scenario...

Страница 4: ...ication and authorization on page 5 Simple security devices C540 C543 C544 C546 C746 E260d E260dn E360d E360dn X264dn X363dn X364dn X364dw X543 X544 X546dtn Advanced security devices C73x C748 C792 C9...

Страница 5: ...cation and authorization methods More advanced security permits internal and external authentication and authorization as well as additional restriction capability for management function and solution...

Страница 6: ...Internal Accounts LDAP LDAP GSSAPI Kerberos 5 used only with LDAP GSSAPI and the Smart Card Authentication application Active Directory available only in some printer models To provide simple security...

Страница 7: ...rotected access to common device functions while others require tighter security and role based restrictions Individually building blocks groups and access controls may not meet the needs of a complex...

Страница 8: ...on your printer do either of the following Under Basic Security Setup Create User Password type a password in the appropriate field retype the password to confirm it and then click Modify Select Creat...

Страница 9: ...ictions a Under Basic Security Setup Create User PIN enter a PIN in the appropriate field and then reenter the PIN to confirm it b Under Basic Security Setup Create Admin PIN enter a PIN in the approp...

Страница 10: ...3 Click Apply Basic Security Setup Note Applying this setup may overwrite a previous configuration The new settings are submitted The next time you access Security Setup you will be required to enter...

Страница 11: ...d by a user level password can be accessed using any administrator level password 7 Click Submit Notes To edit a password select a password from the list and then modify the settings To delete a passw...

Страница 12: ...tions needed for all users and for specific users Note When a security template is assigned to a group a role is created Users can be assigned to more than one group or role Using the Embedded Web Ser...

Страница 13: ...dit Building Blocks Internal Accounts General Settings 3 Set Required User Credentials to User ID and password and then touch Submit 4 Select Manage Internal Accounts Add Entry 5 Type the user account...

Страница 14: ...message appears if the configuration is not successful 4 Click Manage Security Templates to use the Active Directory information to complete your security setup If you want to review or make some smal...

Страница 15: ...ecially organized information directory It can interact with many different kinds of databases without special integration making it more flexible than other authentication methods Notes Supported dev...

Страница 16: ...d make the Distinguished Name and MFP Password fields unavailable Distinguished Name Type the distinguished name of the print server or servers MFP s Password Type the password for the print servers S...

Страница 17: ...nning Active Directory Notes LDAP GSSAPI requires Kerberos 5 to be configured Supported devices can store a maximum of five unique LDAP GSSAPI configurations Each configuration must have a unique name...

Страница 18: ...ct classes Person Allow the person object class to be searched Custom Object Class Allow the custom search object class to be searched You can define up to three custom search object classes LDAP Grou...

Страница 19: ...be able to access protected device functions To help prevent unauthorized access log out from the printer after each session Creating a simple Kerberos configuration file 1 From the Embedded Web Serv...

Страница 20: ...If you select UTC user Custom from the Time Zone list then you need to configure more settings under Custom Time Zone Setup 3 If daylight saving time DST is observed in your area then select Automatic...

Страница 21: ...ate 5 From the Authentication Setup list select a building block method for authenticating users Note The Authentication Setup list is populated with the authentication building blocks that have been...

Страница 22: ...cel all changes Notes To help prevent unauthorized access log out from the printer after each session For a list of individual access controls see Appendix C Access controls on page 66 Using the contr...

Страница 23: ...h a touch screen display 1 Navigate to the menu screen 2 Touch Security Edit Security Setups Edit Security Templates 3 Do one of the following To remove all security templates touch Delete List To rem...

Страница 24: ...o print servers The Certificate Authority CA certificate is needed so that the printer can trust and validate the credentials of another system on the network Without a CA certificate the printer cann...

Страница 25: ...ificates select New to open a Certificate Generation Parameters page For more information see Creating a new device certificate on page 26 5 Click Download Signing Request and then save and open the c...

Страница 26: ...want to use the host name for the device Organization Name Type the name of the company or organization issuing the certificate 128 character maximum UnitName Typethenameoftheunitwithinthecompanyoror...

Страница 27: ...Leave this field blank to use the domain name for the device Organization Name Type the name of the company or organization issuing the certificate Unit Name Type the name of the unit within the compa...

Страница 28: ...icies prohibit the use of a backup password Consult your organization s policies before deploying any security method that might compromise those policies The backup password is not associated with an...

Страница 29: ...allow remote installation and configuration changes and device monitoring type login information in the SNMPv3 Read Write User and SNMPv3 Read Write Password fields 4 To allow device monitoring only...

Страница 30: ...same facility code to aid in sorting and filtering by network monitoring or intrusion detection software Note step 3 on page 30 through step 6 and step 8 are valid only if Remote Syslog is enabled 7...

Страница 31: ...Use SSL TLS list select Disabled Negotiate or Required to specify whether e mail will be sent using an encrypted link 8 If your SMTP server requires user credentials then select an authentication met...

Страница 32: ...at is known only to Lexmark However the strongest security measure comes from requiring all firmware packages to include multiple digital 2048 bit RSA signatures from Lexmark If these signatures are n...

Страница 33: ...2 and 10 to specify the number of times users can enter an incorrect PIN before being locked out When the limit is reached the print jobs for that user name and PIN is deleted Confidential Job Expirat...

Страница 34: ...time Specify how long the lockout lasts Panel Login Timeout Specify how long a user may be logged in before being automatically logged out Remote Login Timeout Specify how long a user may be logged in...

Страница 35: ...e action b Add the entry Notes Use of USB devices is enabled by default For each Disable schedule entry create an Enable schedule entry to reactivate use of the USB devices Enabling the security reset...

Страница 36: ...ntials are provided 1 From the Embedded Web Server click Settings Fax Settings Analog Fax Setup Holding Faxes 2 Select the appropriate help fax mode Always On Always holds the fax jobs Manual Lets use...

Страница 37: ...ed jobs received during the locked period are printed Confidential print jobs received during the lock state are not printed but are available through the confidential print job menu on the control pa...

Страница 38: ...TTLS Require a device login name and password and CA certificate PEAP PEAP MSCHAPV2 Require a device login name and password and CA certificate PEAP TLS Require a device login name and password CA ce...

Страница 39: ...he printer 5 Apply the changes Note The print server resets when changes are made to settings marked with an asterisk on the Embedded Web Server Configuring IP security settings Note This setting is a...

Страница 40: ...ertificate setting can be configured Address subnet You can type a maximum of 59 bytes of characters Settings DH Group DH Diffie Hellman Group Proposal modp768 1 modp1024 2 modp1536 5 modp2048 14 Encr...

Страница 41: ...the Embedded Web Server click Settings Security TCP IP Port Access Note A list of TCP IP ports appears All ports except TCP 10000 Telnet are enabled by default 2 Click the check box of the TCP IP por...

Страница 42: ...he critical and sensitive components of the device such as the controller board and hard disk These locks let you identify whether the physical components containing sensitive data on the devices have...

Страница 43: ...ngs Security Disk Encryption Note Disk Encryption appears in the Security menu only when a formatted working hard disk is installed 2 From the Disk Encryption menu select either of the following Disab...

Страница 44: ...ed solution applications various scanner settings and bookmark settings No user related print copy or scan data is stored in non volatile memory The user may erase selected groups of data or all data...

Страница 45: ...the list select Restore Factory Defaults Restore Settings From the list select Factory Reset or Restore Factory Settings 4 Depending on your printer select one of the following settings Restore Printe...

Страница 46: ...res or sending and receiving held fax jobs This data remains on the hard disk until you print or delete the job or until the document expires through the job expiration feature When a data file is del...

Страница 47: ...he default setting In devices that support a hard disk you can access the diskwiping menu from thedeviceEmbedded WebServer In most devices themenu canalso beaccessed from the control panel If the disk...

Страница 48: ...oning the device Replacing the hard disk Moving the device to a different department or location Preparing the device to be serviced by someone outside the organization Removing the device from the pr...

Страница 49: ...Embedded Web Server 1 Click Settings Security Note Depending on your printer model click Restore Factory Defaults 2 Depending on your printer firmware version click Out of Service Erase or Out of Ser...

Страница 50: ...ntains various types of memory that are capable of storing device and network settings information from embedded solutions and user data The types of memory along with the types of data stored by each...

Страница 51: ...tings Erase individual printer settings using the control panel or the Embedded Web Server For more information see the printer User s Guide Device and network settings Erase device and network settin...

Страница 52: ...r all DRAM memory used to store job data after a job is completed enable Clear Print Data under Advanced Settings For more information on how to configure and use the application see Secure Held Print...

Страница 53: ...For more information on how to configure and use this application see Smart Card Authentication Administrator s Guide Security solutions 53...

Страница 54: ...cess to the security settings For more information see Creating a Web page password and applying access control restrictions on page 8 Setting up advanced security devices 1 Create a building block pa...

Страница 55: ...ounts 1 From the Embedded Web Server click Settings Security Security Setup 2 Under Advanced Security Setup click Internal Accounts and then configure it For more information on configuring individual...

Страница 56: ...lowing Domain name User ID for the domain Password for the User ID For more information see Connecting your printer to an Active Directory domain on page 14 Create a security template 1 From the Embed...

Страница 57: ...gs We recommend specifying an e mail address for the administrator and selectingn the events to be e mailed 6 Set up secure LDAP authentication and authorization For more information see Using LDAP on...

Страница 58: ...ication Privacy 5 If necessary configure the audit logging For more information see Configuring security audit log settings on page 30 If necessary remote system log for events can be specified by ide...

Страница 59: ...ut is not running then select the application name and then click Start If the authentication token does not appear in the list of installed solutions then contact the Solutions Help Desk for assistan...

Страница 60: ...ROS FILE HAS BEEN UPLOADED 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 If you are using Simple Kerberos Setup then clear Use Device Kerb...

Страница 61: ...erver click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 From the Simple Kerberos Setup add the Windows Domain in lowercase to the Domain setting For example if the Domain se...

Страница 62: ...eshooting on page 62 User is logged out automatically INCREASE THE PANEL LOGIN TIMEOUT INTERVAL 1 From the Embedded Web Server click Settings Security Miscellaneous Security Settings Login Restriction...

Страница 63: ...Address Book Setup 2 If necessary modify the following settings Server Port Set this port to 636 Use SSL TLS Select SSL TLS LDAP Certificate Verification Select Never 3 Apply the changes NARROW THE LD...

Страница 64: ...SURE THAT PKI AUTHENTICATION IS SET TO THE CORRECT USER ID 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Authentication Configure 2 From the User Session and Access...

Страница 65: ...BE HELD 1 From the Embedded Web Server click Settings Device Solutions Solutions eSF PKI Held Jobs Configure 2 From the Advanced Settings section enable Require All Jobs to be Held and Clear Print Dat...

Страница 66: ...the Certificate Authority assumes usage of a Windows Certificate Authority server 1 Point the browser window to the CA Make sure to use the URL http CA s address CertSrv where CA s address is the IP...

Страница 67: ...the Paper menu from the printer control panel Paper Menu Remotely This protects access to the Paper menu from the Embedded Web Server Remote Certificate Management When disabled it is no longer possib...

Страница 68: ...o import and export printer settings files UCF files from the Embedded Web Server Function access control What it does Address Book Thiscontrols the ability to perform addressbook searchesin the Scan...

Страница 69: ...s control for each solution is assigned in the creation or configuration of the application or profile Note Depending on the solutions you have installed additional solution specific access controls m...

Страница 70: ...sponding field at the top of the screen The keyboard display may also contain other icons such as Next Submit Cancel and the home icon To type a single uppercase or shift character touch Shift and the...

Страница 71: ...lly equivalent product program or service that does not infringe any existing intellectual property right may be used instead Evaluation and verification of operation in conjunction with other product...

Страница 72: ...bs Java page for up to date versions of this and other fine Java utilities http www acme com java ZXing 1 7 This project consists of contributions from several people recognized here for convenience i...

Страница 73: ...mmunication sent to the Licensor or its representatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed b...

Страница 74: ...the NOTICE file 7 Disclaimer of Warranty Unless required by applicable law or agreed to in writing Licensor provides the Work and each Contributor provides its Contributions on an AS IS BASIS WITHOUT...

Страница 75: ...a copy of the License at http www apache org licenses LICENSE 2 0 Unless required by applicable law or agreed to in writing software distributed under the License is distributed on an AS IS BASIS WITH...

Страница 76: ...or specifying which functions are available to a user i e what the user is allowed to do Building Block Authentication and Authorization tools used in the Embedded Web Server They include password PIN...

Страница 77: ...realm 61 cannot use Held Jobs 63 Card Authentication 52 card authentication 52 CA Signed Device Certificate creation Appendix B 66 certificate creating 26 deleting 26 downloading 26 viewing 26 Certif...

Страница 78: ...asing 51 non volatile memory erasure 44 not authorized to use Held Jobs 63 notices 71 O Operator Panel Lock enabling 36 out of service wiping configuring 49 P Panel PIN Protect 9 password advanced sec...

Страница 79: ...4 KDC and MFP clocks out of sync 60 KDC does not respond within the required time 61 Kerberos file not uploaded 60 LDAP lookup failure 62 63 LDAP lookups take too long 62 login does not respond while...

Отзывы:

Нет отзывов

Похожие инструкции для X65X series

Бренд: Canon Страницы: 300

Бренд: Canon Страницы: 288

Бренд: Canon Страницы: 58

Бренд: Canon Страницы: 30

Бренд: Canon Страницы: 30

Бренд: Oki Страницы: 126

WorkCentre Pro 90

Бренд: Xerox Страницы: 36

Бренд: Oki Страницы: 189

Бренд: Zebra Страницы: 29

Бренд: Citizen Страницы: 3

Бренд: Tandy Страницы: 83

Blaster ADVANTAGE

Бренд: CognitiveTPG Страницы: 20

Бренд: Skip-Line Страницы: 11

Aficio SG 7100DN

Бренд: Ricoh Страницы: 359

Бренд: Konica Minolta Страницы: 165

Бренд: Ricoh Страницы: 4

Бренд: Lexmark Страницы: 2

Бренд: AccuBANKER Страницы: 5

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды