5
q).
To enable disk encryption:
•
At the Web UI, select the
Properties
tab.
•
Select the following entries from the
Properties
'
Content
menu’:
Security
Æ
User Data Encryption
.
•
Select the
Enabled
checkbox in the
User Data Encryption Enablement
group box.
•
Select the [
Apply
] button. This will save the indicated setting. After saving the changes the Network Controller will
reboot; once this reboot is completed the System Administrator will have to access the Web UI again.
Xerox recommends that before enabling disk encryption the System Administrator should make sure that the WorkCentre
7755/7765/7775 is not in diagnostics mode and that there are no active or pending scan jobs.
r).
The System Administrator should ensure that the Embedded Fax Card and fax software is installed in accordance with the
“Fax Install Wizard” instructions starting on page 120 in the SAG. The System Administrator can then set Embedded Fax
parameters and options via the Local User Interface on the machine by following the instructions on pages 121 through
124 in the SAG.
s).
To enable and configure IPSec, follow the instructions starting on page 66 in the SAG.. Xerox strongly recommends that
IPSec should be used to secure printing jobs; HTTPS (SSL) should be used to secure scanning jobs. Note: IPSec is not
available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport.
Xerox also recommends that the default values for IPSec parameters listed in the IPSec section in the SAG
be used
whenever possible for secure IPSec setup. The following default values not listed in the SAG
should also be used for secure
IPSec setup:
•
For defining policies the options listed for ‘Hosts’, ‘Protocols’ and ‘Action’ are all defaults; the System Administrator
should choose the particular option that pertains to whether the hosts and protocols in each case are to be allowed or
discarded and the corresponding desired action.
•
The Host Group address type defaults to ‘Specific’.
•
Protocol Group Custom Protocol defaults to being disabled. If Custom Protocol is enabled then the protocol defaults to
‘TCP’ and the Device Is type defaults to ‘Server’.
•
The IPSec New Actions keying method defaults to ‘Internet Key Exchange (IKE)’.
•
If ‘Manual Keying’ is selected the IPSec security option defaults to ‘ESP’, the Security Parameter Index: IN defaults
to ‘256’, the Security Parameter Index: OUT defaults to ‘257’, the hash method defaults to ‘SHA-1’, the encryption
method defaults to ‘3DES’ and the keys option defaults to ‘
ASCII format (System will automatically convert to
hex value for you)
’. Also, “AH” alone should not be selected as the IPSec Security option.
•
If ‘Internet Key Exchange (IKE)’ is selected the IKE Phase 1 key lifetime defaults to ’86,400 seconds’, the DH Group
defaults to ‘
DH Group 2 (1024-bit MODP)’, the Encrypt/Hash pair defaults to ‘SHA-1 and AES’, the IPSec mode
defaults to ‘Transport Mode’, the
IPSec security option defaults to ‘ESP’, the IKE Phase 2 key lifetime defaults to
’28,800 seconds’, the IKE Phase 2 hash method defaults to ‘SHA1’ and the IKE Phase 2encryption method defaults
to ‘3DES’.
t).
Xerox recommends that if SNMP is enabled SNMPv3 should be used. SNMPv3 can be set up by following these instructions:
SNMPv3 cannot be enabled until SSL (Secure Sockets Layer) and HTTPS (SSL) are enabled on the machine.
•
At the Web UI, select the
Properties
tab.
•
Select the following entries from the
Properties
'Content
menu’:
Connectivity
Æ
Protocols
Æ
SNMP
. This will display
the SNMP Configuration page.
•
Select the “Enable SNMP v3 Protocol”
checkbox inside the
SNMP Properties
group box.
•
Select the [
Edit SNMP v3 Properties
] button inside the SNMP Properties group box. This will cause the Edit SNMP v3
Properties page to be displayed.
•
On the
Edit SNMP v3 Properties
page:
•
Select the
Account Enabled
button inside the
Administrator Account
5
group box to create an administrator account.
•
Enter the desired
Username
and
Authentication Password
. The
Authentication Password
must be at least 8
alphanumeric characters (the default value is ‘3tamAvUMEfeR84erar6z’).
•
Enter the desired
Privacy Password
of at least 8 alphanumeric characters (the default value is
‘TRUDU27qumAspuswe4he’).
5
The SNMP administrator account is strictly for the purposes of accessing and modifying the MIB objects via SNMP; it is separate from the System
Administrator “admin” user account or user accounts given SA privileges by the System Administrator “admin” user. The administrator account can
not perform any System Administrator functions.
