5
•
Deletion of a print or scan job or deletion of a scan-to-mailbox job from its scan-to-mailbox folder may not be recorded
in the Audit Log.
•
Extraneous process termination events (Event 50) may be recorded in the Audit Log when the device is rebooted or
upon a Power Down / Power Up. Extraneous security certificate completion status (Created/Uploaded/Downloaded)
events (Event 38) may also be recorded.
t).
The System Administrator should download and review the Audit Log on a daily basis. In downloading the Audit Log the
System Administrator should ensure that Audit Log records are protected after they have been exported to an external
trusted IT product and that the exported records are only accessible by authorized individuals.
u).
Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set to 80;
this will disable the Web UI. Also, the System Administrator should configure IP filtering so that traffic to open ports from
external users (specified by subnet mask) is dropped and so that following ports for web services are closed: tcp ports 53202,
53303, 53404 and tcp/udp port 3702.
IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport. Also, IP
Filtering will not work if IPv6 is used instead of IPv4.
v).
To enable disk encryption:
•
At the Web UI, select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
User Data Encryption
.
•
Select the
Enabled
checkbox in the
User Data Encryption Enablement
group box.
•
Select the [
Apply
] button. This will save the indicated setting. After saving the changes the Network Controller will
reboot; once this reboot is completed the System Administrator will have to access the Web UI again.
Before enabling disk encryption the System Administrator should make sure that the WorkCentre™
7525/7530/7535/7545/7556 is not in diagnostics mode and that there are no active or pending scan jobs.
w).
The System Administrator should ensure that the Embedded Fax Card and fax software is properly installed. The System
Administrator can then set Embedded Fax parameters and options via the Local User Interface on the machine by following
the instructions on pages 140 through 148 in the SAG.
x).
To enable and configure IPSec, follow the instructions starting on page 83 of the SAG. IPSec should be used to secure
printing jobs; HTTPS (SSL) should be used to secure scanning jobs.
Use the default values for IPSec parameters listed in the IPSec discussion starting on page 83 in the SAG
whenever possible
for secure IPSec setup.
y).
To enable the session inactivity timers (termination of an inactive session) from the Web UI follow the instructions on page
95 of the SAG.
z).
There is a software verification test feature that checks the integrity of the executable code by comparing a calculated hash
value against a pre-stored value to ensure the value has not changed. To initiate this feature perform the following from the
Web UI:
•
Select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
Software Verification Test
.
•
Select the [
Start
] button to initiate the software verification test.
aa).
To enable the Scan to Mailbox feature from the Web UI:
•
Select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Services
Scan to Mailbox
Enablement
•
Select the [
Enable Scan to Mailbox
] button and then select the [
On Scan tab, view Mailboxes by default
] button.
•
Select the [
Apply
] button. This will save the indicated settings.
For the purposes of the evaluation, the Scan to Mailbox feature was set to store scanned documents only in private folders.
To set the scan policies for the Scan to Mailbox feature, select the following entries from the
Properties
'
Content
menu’:
Services
Scan to Mailbox
Scan Policies.
Public folders are not allowed in the evaluated configuration. The scan
policies should therefore be set as follows:
•
Deselect [
Allow Scanning to Default Public Folder
].
•
Deselect [
Require per Job password to public folders
].
•
Select [
Allow additional folders to be created
]
