Security Function Supplementary Guide

Similar documents
Xerox VersaLink B7025/B7030/B7035 Multifunction Printer Security Function Supplementary Guide

Easy UI Solution 2.1 Installation Guide

Working Folder Linkage Setup Guide

Preface. Fuji Xerox Co., Ltd. Preface. Note

Using This Guide. Organization of This Guide

Easy UI Solution 2.0 User Guide

Fuji Xerox is not responsible for any breakdown of machines due to infection of computer virus or computer hacking.

Easy UI Solution 2.1 User Guide

Introduction. Introduction

Fuji Xerox ApeosPort-V C7780/C6680/C5580 T2 DocuCentre-V C7780/C6680/C5580 T2 Series Controller Software. Security Target. Version 1.0.

MULTIFUNCTIONAL DIGITAL COLOR SYSTEMS / MULTIFUNCTIONAL DIGITAL SYSTEMS. High Security Mode Management Guide

Security Guide: For the safety use of Digital Multifunction Printer (Digital MFP) Version 1.1

Certification Report

Fuji Xerox DocuCentre-IV 3065/3060/2060 Series Controller Software for Asia Pacific. Security Target

Version 1.1 March 22, Secure Installation and Operation of Your WorkCentre 4250/4260

User's Guide Applied Functions

Quick Start Guide. WorkCentre 7655 WorkCentre 7665

Common Access Card for Xerox VersaLink Printers

Fuji Xerox is not responsible for any breakdown of machines due to infection of computer virus or computer hacking.

Quick Use Guide. WorkCentre 7132

User s Guide [Security Operations]

Dell C5765dn Color Laser Multifunction Printer Security Target

Version 1.0 February P Xerox Color J75 Press System Administration Guide

User s Guide [Security Operations]

Fuji Xerox ApeosPort-III C7600/C6500/C5500 DocuCentre-III C7600/C6500/C5500 Series Controller Software for Asia Pacific.

Secure Installation and Operation of Your WorkCentre TM 232/238/245/255/265/275 or WorkCentre TM Pro 232/238/245/255/265/275

User s Guide [Network Administrator]

User s Guide: Applied Functions

User s Guide: Applied Functions

DocuColor 240 / 250. Quick Start Guide

Server-less On-Demand Print V6 Installation Manual

KYOCERA Device Manager User Guide

Book Version 1.0 April P Xerox Versant 3100 Press System Administration Guide

Xerox Color C60/C70 Printer System Administrator Guide

Version 1.3 Nov 09, Supplemental Guide -- Secure Installation and Operation of Your WorkCentre 7535/7556

Equitrac Integrated for Konica Minolta. Setup Guide Equitrac Corporation

Secure Installation and Operation of Your

Administrator's Guide

Printer Driver User Guide

Customer Release Notes

MULTIFUNCTIONAL DIGITAL COLOR SYSTEMS / MULTIFUNCTIONAL DIGITAL SYSTEMS. High Security Mode Management Guide

User Guide. Connect to: Installer for DocuShare version 1.1. March 2014 Issue 1.2

Scan to Quick Setup Guide

Certification Report

Printer Driver User Guide


Equitrac Integrated for Konica Minolta

Embedded Web Server RX User Guide

Administrator's Guide

User s Guide [Security Operations]

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA Document Solutions Inc.

Printer Driver User Guide

Administrator's Guide

Administrator's Guide

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA MITA Corporation

Administrator's Guide

Equitrac Integrated for Océ

Version 1.1 May 10, Secure Installation and Operation of Your WorkCentre 4265

User s Guide [Security Operations]

Sending Scan Files by . Sending Scan Files to Folders. Sending Scan Files Using WSD. Storing Files Using the Scanner Function

Network Camera Security Guide

imagerunner 2545i/ i/ / Remote UI Guide

Introduction. Introduction

Xerox AltaLink Product Enhancement Read Me

Certification Report

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA MITA Corporation

Certification Report

Embedded for Xerox EPA-EIP Setup Guide

Security White Paper. for TA Triumph-Adler MFPs & Printers. Version 1.06

KYOCERA Net Device Manager User Guide

Embedded Web Server Security. Administrator's Guide

KYOCERA Net Admin User Guide

Xerox Color C60/C70 Security Target

Available services can vary on your printer setup. For details about services and settings, see the User Guide. Menus

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA Document Solutions Inc.

Embedded Web Server. Administrator's Guide

Océ VarioLink 2222c VarioLink 2822c VarioLink 3622c. Explore your options. User manual Network Administration

Command Center RX. User Guide

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA MITA Corporation

Version 2.0 October P Xerox VersaLink Series Multifunction and Single Function Printers System Administrator Guide

DocuCentre S2110 User Guide

Administrator's Guide

Printer Driver User Guide

Using this Machine in a Network Environment Compliant with IEEE Std TM -2009

DocuPrint CM315 z User Guide

Legal Notes. Regarding Trademarks. Models supported by the KX printer driver KYOCERA Document Solutions Inc.

Command Center RX User Guide

Secure Installation and Operation of your

Security Guide. security

ApeosPort-II 5010/4000/3000 DocuCentre-II 5010/4000. Network Administrator Guide

printeract, Xerox Remote Services Overview

HP XP P9000 Remote Web Console Messages

Version 5.0 September P Xerox App Gallery. App Gallery User Guide

Fuji Xerox is not responsible for any breakdown of machines due to infection by computer virus or computer hacking.

Available services can vary on your printer setup. For details about services and settings, see the User Guide. Menus

Xerox VersaLink B7025/30/35 Multifunction Color Printer

Security for Streamline NX Secure Print Manager White Paper

Printer Driver User Guide

KYOCERA Net Viewer User Guide

Xerox WorkCentre 6655 Software Installation Instructions

Transcription:

ApeosPort-V 070 DocuCentre-V 070 ApeosPort-V 4070 DocuCentre-V 4070 Security Function Supplementary Guide Before Using the Security Function... 2 Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel)... 8 Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services)...12 Settings for the Secure Operation 3 (Regular Review by Audit Log)...20 User Authentication...22 Self Testing...23 Appendix...24 Microsoft, Windows, and Internet Explorer are trademarks or registered trademarks of Microsoft Corporation in the U.S. and other countries. All product/brand names are trademarks or registered trademarks of the respective holders. Important 1. This manual is copyrighted with all rights reserved. Under the copyright laws, this manual may not be copied or modified in whole or part, without the written consent of the publisher. 2. Parts of this manual are subject to change without prior notice. 3. We welcome any comments on ambiguities, errors, omissions, or missing pages. 4. Never attempt any procedure on the machine that is not specifically described in this manual. Unauthorized operation can cause faults or accidents. Fuji Xerox is not liable for any problems resulting from unauthorized operation of the equipment. An export of this product is strictly controlled in accordance with Laws concerning Foreign Exchange and Foreign Trade of Japan and/or the export control regulations of the United States. XEROX, the sphere of connectivity design, CentreWare, ApeosWare, and EasyAdmin are trademarks or registered trademarks of Xerox Corporation in the U.S. or Fuji Xerox Co., Ltd.

Before Using the Security Function Before Using the Security Function This section describes the security functions and confirmation matters. Preface This guide is intended for the manager and system administrator of the organization where the machine is installed, and describes the setup procedures related to security. For general users, this guide describes the operations related to security features. For information on the other features available for the machine, refer to the following guidance. Model Guide Manual No. ApeosPort-V 070/4070 DocuCentre-V 070/4070 User Guide Administrator Guide ME7148E2-1 ME7149E2-1 Security Features ApeosPort-V 070/4070, DocuCentre-V 070/4070 have the following security features: Hard Disk Data Overwrite Hard Disk Data Encryption User Authentication System Administrator's Security Management Customer Engineer Operation Restriction Security Audit Log Internal Network Data Protection Information Flow Security Self Test 2

Before Using the Security Function Settings for the Secure Operation For the effective use of the security features, the System Administrator (Machine Administrator) must follow the instructions below: For details on the setting procedures, refer to the following sections. "Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel)" (P.8) "Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services)" (P.12) "Settings for the Secure Operation 3 (Regular Review by Audit Log)" (P.20) Passcode Entry for Control Panel Login Set to [On]. Overwrite Hard Disk Set to [1 Overwrite] or [3 Overwrites]. Data Encryption Set to [On], and then enter an encryption key of 12 characters. Authentication Set to [Login to Local Accounts] or [Login to Remote Accounts]. Private Print Set to [According to Print Auditron] or [Save as Private Charge Print Job]. Store & Send Link Set to disabled. Self Test Set to [On]. Software Download Set to [Disabled]. Set Auto Clear Set to [On]. Set Report Print Set to [Disabled]. System Administrator Passcode Change the default passcode to another passcode of 9 or more characters. Maximum Login Attempts Set to [] times. Access Control Set to [Locked] for [Device Access], and [Lock All] for [Service Access]. User Passcode Minimum Length Set to [9] characters. SSL/TLS Set to enabled. WebDAV Set to Disabled. Send E-mail Set to disabled: DocuCentre-V only. Set Receive E-mail Set to Disabled. IPP Set to enabled. 3

Before Using the Security Function IPSec Set to enabled. SNMP v1/v2c Set to disabled. SNMP v3 Set to enabled. S/MIME Set to enabled. WSD(Scan) Set to disabled. SOAP Set to disabled. USB Set to disabled. CSRF Set to enabled. LDAP Server Set the LDAP Server information. Kerberos Server Set the Kerberos Server information. Service Representative Restricted Operation Set to [Enabled], and enter a passcode of 9 or more characters. Audit Log Set to enabled. Browser Refresh Set to [Disabled]. Job Deletion Set to [Administrator Only]. Important The security will not be warranted if you do not correctly follow the above setting instructions. The Information Flow Security feature requires no special setting by the System Administrator. When you set Data Encryption [On] again, enter an encryption key of 12 characters. For Optimal Performance of the Security Features The manager (of the organization that the machine is used for) needs to follow the instructions below: The manager needs to assign appropriate people as system and machine administrators, and manage and train them properly. The system administrator need to train users about the machine operation and precautions according to the policies of their organization and the product guidance. The machine needs to be placed in a secure or monitored area where the machine is protected from unmanaged physical access. If the network where the machine is installed is to be connected to external networks, configure the network properly to block any unauthorized external access. Users need to set a user ID and a passcode on [Accounting Configuration] of printer driver. 4

Before Using the Security Function Users and administrators need to set passcode and an encryption key according to the following rules for the client PC login and the machine s setup. - Do not use an easily guessed character strings passcode. - A passcode needs to contain both numeric and alphabetic characters. Administrators need to set the account policy in the remote authentication server as follows. - Set password policy to 9 or more characters. - Set account lockout policy to times. Users and administrators need to manage and operate the machine so that their user IDs and passcodes may not be disclosed to another person. The users need to set a user ID and a passcode certainly on [Accounting Configuration] of printer driver. For secure operation, all of the remote trusted IT products that communicate with the machine shall implement the communication protocol in accordance with industry standard practice with respect to RFC/other standard compliance (SSL/TLS, IPSec, SNMP v3, S/MIME) and shall work as advertised. SSL/TLS For the SSL client (Web browser) and the SSL server that communicate with the machine, select a data encryption suite from the following. SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_26_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA26 TLS_RSA_WITH_AES_26_CBC_SHA26 (The recommended browser is Microsoft Internet Explorer 7/8/9/10) S/MIME For the machine and E-mail clients, select an Encryption Method/Message Digest Algorithm from the following. 3Key Triple-DES/168bit, AES/128bit, AES/192bit, AES/26bit SHA1, SHA26 IPSec For the IPSec host that communicates with the machine, select an Encryption Method/ Message Digest Algorithm from the following. AES(128bit)/SHA1 3Key Triple-DES(168bit)/SHA1

Before Using the Security Function SNMP v3 The encryption method of SNMPv3 is DES/6bit or AES 128bit. Set [Message Digest Algorithm] to [SHA1]. Important For secure operation, while you are using CentreWare Internet Services, please do not access other web site, and do not use other applications. For secure operation, when you change [Authentication Type], or prior to disposing of the machine, please initialize the hard disk by resetting [Data Encryption] and changing [encryption key]. For preventing SSL vulnerability, you should set the machine address in the proxy exclusion list of browser. By this setting, secure communication will be ensured because the machine and the remote browser communicate directly without proxy server, and thus you can prevent man-in-themiddle attack. Because DocuCentre-V does not have S/MIME function, please do not use the E-mail and Internet Fax. Confirm the Machine ROM version and the System Clock Before making initial settings, the System Administrator (Machine Administrator) needs to check the ROM version of the machine and the system clock of the machine. How to check by Control Panel 1 Press the <Machine Status> button on the control panel. 2 Select [Software Version] on the [Machine Information] screen. You can identify the software versions of the components of the machine on the screen. How to check by Print Report 1 Press the <Machine Status> button on the control panel. 2 Select [Print Reports] on the [Machine Information] screen. 3 Select [Printer Reports]. 4 Select [Configuration Report]. Press the <Start> button on the control panel. You can identify the software versions of the components of the machine by Print Report. How to check the System Clock 1 Press the <Log In/Out> button on the control panel. 2 Enter the system administrator s ID with the numeric keypad or the keyboard displayed. 3 Select [Enter]. 4 Select [Tools]. Select [System Settings]. 6 Select [Common Service Settings]. 6

Before Using the Security Function 7 Select [Machine Clock/Timers]. You can check the time and the date of the system clock. If you need to change the time and the date, refer to the following procedures. 8 Select the required option. 9 Select [Change Settings]. 10 Change the required setting. 11 Select [Save]. 12 To exit the [Tools] screen, select [Close] twice. 7

Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) This section describes the initial settings related to security features, and how to set them on the machine's control panel. Authentication for entering the System Administration mode 1 Press the <Log In/Out> button on the control panel. 2 Enter the system administrator s ID with the numeric keypad or the keyboard displayed. 3 Select [Next]. 4 Enter the system administrator s passcode from keyboard when passcode is required. Select [Enter]. 6 Select [Tools]. Set Passcode Entry for Control Panel Login 1 Select [Authentication/Security Settings] on the [Tools] screen. 2 Select [Authentication]. 3 Select [Passcode Policy]. 4 Select [Passcode Entry for Control Panel Login]. Select [Change Settings]. 6 Select [On]. 7 Select [Save]. Set Overwrite Hard Disk 1 Select [Authentication/Security Settings] on the [Tools] screen. 2 Select [Overwrite Hard Disk]. 3 Select [Number of Overwrites]. 4 Select [1 Overwrite] or [3 Overwrites]. Select [Save]. Set Data Encryption 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 8

Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) 3 Select [Other Settings]. 4 On the [Other Settings] screen, select [Data Encryption]. Select [Change Settings]. 6 Select [On]. 7 Select [New Encryption Key]. 8 Enter a new encryption key of 12 characters using the keyboard displayed, and then select [Save]. 9 Select [Re-enter the Encryption Key]. 10 Enter the same passcode using the keyboard displayed, and then select [Save]. 11 Select [Save]. 12 Select [Yes] to make the change. 13 Select [Yes] to reboot. Set Authentication 1 Select [Authentication/Security Settings] on the [Tools] screen. 2 Select [Authentication]. 3 Select [Login Type]. 4 Select [Login to Local Accounts] or [Login to Remote Accounts]. Select [Save]. When [Login to Remote Accounts] is selected in step 4, proceed to steps 6 to 13. 6 Select [System Settings] on the [Tools] screen. 7 Select [Connectivity & Network Setup]. 8 Select [Remote Authentication/Directory Service]. 9 Select [Authentication System Setup]. 10 Select [Authentication System]. 11 Select [Change Settings]. 12 Select [LDAP], [Kerberos(Windows 2000)], or [Kerberos(Solaris)]. 13 Select [Save]. Set Private Print 1 Select [Authentication/Security Settings] on the [Tools] screen. 2 Select [Authentication]. 3 Select [Charge/Private Print Settings]. 4 Select [Receive Control]. Select [Change Settings]. 9

Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) 6 Select [According to Print Auditron]. 7 Select [Save as Private Charge Print Job] for [Job Login Success]. 8 Select [Delete Job] for [Job Login Failure]. 9 Select [Delete Job] for [Job without User ID]. 10 Select [Save]. 11 To exit the [Charge/Private Print Settings] screen, select [Close]. Set Store & Send Link 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 3 Select [Screen/Button Settings]. 4 Select [Services Home]. Select [Change Settings]. 6 Select [Store & Send Link]. 7 Select [(Not Assigned)]. 8 Select [Save] twice. 9 To exit the [Screen/Button Settings] screen, select [Close]. Set Software Download 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 3 Select [Other Settings]. 4 Select [Software Download]. Select [Change Settings]. 6 Select [Disabled]. 7 Select [Save]. 8 To exit the [Other Settings] screen, select [Close]. Set Auto Clear 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 3 Select [Machine Clock/Timers]. 4 Select [Auto Clear]. 10

Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) Select [Change Settings]. 6 Select [On]. 7 Select [Save]. 8 To exit the [Machine Clock/Timers] screen, select [Close]. Set Report Print 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 3 Select [Reports]. 4 Select [Print Reports Button]. Select [Disabled]. 6 Select [Save]. 7 To exit the [Reports] screen, select [Close]. Set Self Test 1 Select [System Settings] on the [Tools] screen. 2 Select [Common Service Settings]. 3 Select [Maintenance]. 4 Select [Power on Self Test]. Select [On]. 6 Select [Save]. 7 To exit the [Tools] screen, select [Close] twice. 8 Select [Reboot Now] on the confirmation screen. 11

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) This section describes the initial settings related to security features, and how to set them on CentreWare Internet Services. Preparations for settings on the CentreWare Internet Services Prepare a computer supporting the TCP/IP protocol to use CentreWare Internet Services. CentreWare Internet Services supports the browsers that satisfy "SSL/TLS" (P.) conditions. 1 Open your Web browser, enter the TCP/IP address of the machine in the Address or Location field, and press the <Enter> key. 2 Enter the System Administrator's ID and the passcode if prompted. 3 Display the [Properties] screen by clicking the [Properties] tab. Change the System Administrator s Passcode 1 Click [Security] on the [Properties] screen. 2 Click [System Administrator Settings]. 3 Enter the System Administrator's ID in the [Administrator's Login ID] box. 4 Enter a new System Administrator's passcode of 9 or more characters in the [Administrator's Passcode] box. Enter the same System Administrator's passcode in the [Retype Administrator's Passcode] box. 6 Click [Apply]. Set Maximum Login Attempts 1 Click [Security] on the [Properties] screen. 2 Click [System Administrator Settings]. 3 Enter the System Administrator's ID in the [Administrator's Login ID] box. 4 Enter [] in the [Maximum Login Attempts] box. Click [Apply]. Set Access Control 1 Click [Security] on the [Properties] screen. 2 Click [Authentication Configuration]. 12

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) 3 Click [Next]. 4 Click [Configure] for [Device Access]. Select [Locked] for [Device Access]. 6 Click [Apply]. 7 Click [Authentication Configuration]. 8 Click [Next]. 9 Click [Configure] for [Service Access]. 10 Click [Lock All]. 11 Click [Apply]. 12 Click [Reboot Machine]. Set User Passcode Minimum Length This feature is only applicable to Local Authentication mode. 1 Click [Security] on the [Properties] screen. 2 Click [User Details Setup]. 3 Set [9] for [Minimum Passcode Length]. 4 Click [Apply]. Click [Reboot Machine]. Set SSL/TLS 1 Click [Security] on the [Properties] screen. 2 Click [Machine Digital Certificate Management]. 3 Click [Create New Self Signed Certificate]. 4 Set the [Public Key Size] as necessary. Set [Issuer] as necessary. 6 Click [Apply]. 7 Click [SSL/TLS Settings]. 8 Select the [Enabled] check box for [HTTP - SSL / TLS Communication] and [LDAP- SSL / TLS Communication]. 9 Click [Apply]. 10 Click [Reboot Machine]. Note For secure operation, you should select [Enabled] check box for [Verify Remote Server Certificate], and import the CA certificate according to same procedure as "Configuring Machine Certificates" (P.14). If SMTP server has SSL/TLS function and if you want to use secure e-mail, configure [SMTP-SSL/TLS Communication]. 13

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) Set WebDAV 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Setting]. 3 Uncheck the [Enabled] box for [WebDAV]. 4 Click [Apply]. Set Send E-mail In the case of DocuCentre-V, use the following procedure to set [Send Email] to disabled. 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Settings]. 3 Uncheck the [Enabled] box for [Send E-mail]. 4 Click [Apply]. Set Receive E-mail 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Setting]. 3 Uncheck the [Receive E-mail] box. 4 Click [Apply]. Set IPP 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Settings]. 3 Check the [Enabled] box for [IPP]. 4 Click [Apply]. Configuring Machine Certificates 1 Click [Security] on the [Properties] screen. 2 Click [Machine Digital Certificate Management]. 3 Click [Upload Signed Certificate]. 4 Enter a file name for the file you want to import, or select the file to be imported by clicking [Browse]. Enter [Password], and enter the [Retype Password]. 6 Click [Import]. 14

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) Set IPSec Before setting [Digital Signature] for [IKE Authentication Method], you need to import an IPSec certificate according to the same procedure as "Configuring Machine Certificates" (P.14). 1 Click [Security] on the [Properties] screen. 2 Configure the [Preshared Key] settings or [Digital Signature] settings in the following procedures. To use Preshared Key 1) Click [IPSec]. 2) Check the [Enabled] box for [Protocol]. 3) Select [Preshared Key] for [IKE Authentication Method]. 4) Enter a Pre-Shared Key in the [Shared Key] and [Verify Shared Key] boxes. Please set the IPSec address successively. To use Digital Signature 1) Click [Certificate Management]. 2) Select [IPSec] for [Certificate Purpose]. 3) Click [Display the list], and check a desirable Certificate. 4) Click [Certificate Details]. ) Click [Use this certificate]. 6) Click [IPSec] under [Security]. 7) Check the [Enabled] box for [Protocol]. 8) Select [Digital Signature] for [IKE Authentication Method]. Please set the IPSec address successively. Set IPSec Address 1 Enter the IP Address in the [Specify Destination IPv4 Address] box on the [IPSec] screen. 2 Enter the IP Address in the [Specify Destination Ipv6 Address] box. 3 Select [Enabled] or [Disabled] from the [Communicate with Non-IPSec Device] drop-down list. 4 Click [Apply]. Click [Reboot Machine]. Set SNMPv3 1 Click [Connectivity] on the [Properties] screen. 2 Click [Protocols]. 3 Click [SNMP Configuration]. 4 Check the [Enable SNMP v3 Protocol] box. Uncheck the [Enable SNMP v1/v2c Protocols] box. 1

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) 6 Click [Apply]. 7 Click [SNMP Configuration]. 8 Click [Edit SNMP v3 Properties] and check [Account Enabled] for [Administrator Account]. 9 Enter a new Authentication Password (minimum 8 characters). 10 Enter the Confirm Authentication Password. 11 Enter a new Privacy Password (minimum 8 characters). 12 Enter the Confirm Privacy Password. 13 Check [Account Enabled] for [Print Drivers/Remote Clients Account]. 14 Click [Apply]. Note Be sure to change Authentication Password and Privacy Password from the default Password. In using SNMP v3, use the IPSec protocol simultaneously. You need to set the IP address of the clients for SNMP v3 according to the procedures in "Set IPSec Address" (P.1), and enter the IP Address in the [Specify Destination IPv4 Address] or [Specify Destination IPv6 Address] box. Since the machine cannot communicate by SNMP v1/v2c, you need to uncheck [SNMP status Enabled] for the port setting on the client's printer driver. Set S/MIME To use E-mail with this machine, the E-mail function needs to be enabled and configured as described in the Administrator Guide's "8 E-mail Environment Settings". Before making the S/MIME setting, you need to import an S/MIME certificate according to the same procedure as "Configuring Machine Certificates" (P.14). 1 Click [Configuration Overview] on the [Properties] screen. 2 Click [Settings] for [E-mail]. 3 Click [Configure] for [E-mail Settings], and enter the machine's E-mail address in the [From Address] box. 4 Click [Apply]. Click [Security] on the [Properties] screen. 6 Click [Certificate Management]. 7 Select [S/MIME] for [Certificate Purpose]. 8 Click [Display the list], and check a desirable certificate. 9 Click [Certificate Details]. 10 Click [Use this certificate]. 11 Click [SSL/TLS Settings]. 12 Check the [Enabled] box for [S/MIME Communication]. 13 Click [Apply]. 14 Click [Reboot Machine]. 1 After the machine is restarted, refresh the browser and click the [Properties] tab. 16 Click [Security]. 16

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) 17 Click [S/MIME Settings]. 18 Select [Always add signature] for [Digital Signature - Outgoing E-mail]. 19 Select [Always add signature] for [Digital Signature - Outgoing Internet Fax]. 20 Click [Apply]. Set WSD (Scan) 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Settings]. 3 Uncheck the [Enabled] box for [WSD (Scan)]. 4 Click [Apply]. Set SOAP 1 Click [Connectivity] on the [Properties] screen. 2 Click [Port Settings]. 3 Uncheck the [Enabled] box for [SOAP]. 4 Click [Apply]. Set USB 1 Click [Service] on the [Properties] screen. 2 Click [USB]. 3 Click [General]. 4 Uncheck the [Enabled] box for [Store to USB:] and [Media Print:]. Click [Apply]. Set CSRF 1 Click [Connectivity] on the [Properties] screen. 2 Click [Protocol]. 3 Click [HTTP]. 4 Check the [Enabled] box for [CSRF Protection:]. Click [Apply]. 17

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) Set LDAP Server 1 Click [Connectivity] on the [Properties] screen. 2 Click [Protocols]. 3 Click [LDAP]. 4 Select [LDAP Server]. On each menu, set the LDAP Server information. 6 Click [Apply]. Set Kerberos Server 1 Click [Security] on the [Properties] screen. 2 Click [Remote Authentication Servers]. 3 Select [Kerberos Server]. 4 On each menu, set the Kerberos Server information. Click [Apply]. Note When a Kerberos server is used as a remote authentication server, you can register users who are given the privileges of System Administrator (SA) by setting the [System Administrator Access Group] on the LDAP server. Set Service Representative Restricted Operation 1 Click [Security] on the [Properties] screen. 2 Click [Service Representative Restricted Operation]. 3 Check the [Enabled] box for [Restricted Operation]. 4 Enter a passcode in the [Maintenance Passcode] box. Enter the same passcode in the [Retype Maintenance Passcode] box. 6 Click [Apply]. Set Audit Log 1 Click [Security] on the [Properties] screen. 2 Click [Audit Log]. 3 Check the [Enabled] box for [Audit Log]. 4 Click [Apply]. 18

Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services) Set Browser Refresh 1 Click [General Setup] on the [Properties] screen. 2 Click [Internet Services Settings]. 3 Enter the 0 in the [Auto Refresh Interval] box. 4 Click [Apply]. Set Job Deletion 1 Click [General Setup] on the [Properties] screen. 2 Click [Job Management]. 3 Select [Administrators Only] for [Job Deletion]. 4 Click [Apply]. Click the [Reboot Machine] button. Important This feature allows the user to pause an active copy, print, scan job while it is being processed by the machine. But only system administrators can cancel the paused job. For secure operation, please delete the job completely. 19

Settings for the Secure Operation 3 (Regular Review by Audit Log) Settings for the Secure Operation 3 (Regular Review by Audit Log) This section describes the importing method of the Audit Log feature using the System Administrator client via CentreWare Internet Services. The Audit Log is regularly reviewed by the Security Administrator, often with the aid of third party analyzing tools. The audit log helps to assess attempted security breaches, identify actual breaches, and prevent future breaches. The important events of the machine such as device failure, configuration change, and user operation are traced and recorded based on when and who operated what function. Auditable events are stored with time stamps into NVRAM. When the number of stored events reaches 0, the 0 logs on NVRAM are stored into one file ("audit log file") within the internal HDD. Up to 1,000 events can be stored. When the number of recorded events exceeds 1,000, the oldest audit log file is overwritten and a new audit event is stored. There is no deletion function. Import the Audit Log File The following describes methods for importing the Audit Log. The audit logs are only available to system administrators and can be downloaded via CentreWare Internet Services for viewing and analyzing them. The logged data cannot be viewed from the local UI. In addition, SSL/TLS communication must be enabled in order to access the logged data. 1 Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field, press the <Enter> key. 2 Enter the system administrator's ID and Password if prompted. 3 Click the [Properties] tab. 4 Click [Security]. Click [Audit Log]. 6 Click [Export as text file] for [Export Audit Log]. The following information is recorded in imported audit log data, check regularly whether there are not breaches by accessing or attempt. Log ID: Consecutive numbers as an audit log identifier Date/Time: The date and time when an event was recorded Logged Events: Various acts and processing object storing audit log User Name: The user name that generated an auditable event Description: Description on events Status: Status or result of event processing Optionally Logged Items: Additional information recorded to audit log (except common record items) 20

Settings for the Secure Operation 3 (Regular Review by Audit Log) e.g.: The following audit log is recorded, when someone tried to login by ID(User1), and the login failed due to an invalid password. Item Description Log ID 1 Date 01/01/2014 Time 10:00:00 Logged Events Login/Logout User Name User1 Description Login Status Failed (Invalid Password) Optionally Logged Items - 21

User Authentication User Authentication This section describes the operation of user authentication. Before using, all services and configuring settings, a user must be authenticated with an ID and a passcode. 1 Press the <Log In/Out> button on the control panel. 2 Enter the "User ID" from keypad. 3 Select [Next] on the touch screen. 4 Enter the "Passcode" from keyboard. Select [Enter] on the touch screen. All features on the control panel become available. Important When another user interrupts and uses the machine by using the interrupt mode, the user needs to logout before canceling the interrupt mode. Example: User A is authenticated > interrupt mode > User B login > job complete > User B logout > cancel the interrupt mode Note Before entering the User ID and the password, select [Registered User] or [System Administrator] when remote authentication is used When using [Login to Local Accounts], only the system administrator's ID is pre-registered on the machine. Other user IDs are not registered. For details on how to register User ID, refer to " Tools" > "Authentication / Security Settings" > "Authentication" > "Create / View User Accounts" in the Administrator Guide. When using [Login to Remote Accounts], the user information registered on a remote authentication server is used. The system administrator's ID on the machine is not registered on a remote authentication server. 22

Self Testing Self Testing This section describes the Power on Self Test function. The machine can execute a Self Test function to verify the integrity of executable code and setting data. The machine verifies the area of NVRAM and SEEPROM including setting data at initiation, and displays an error on the control panel at error occurrence. However, an error is not detected for the data on audit logs and time and date as these are not included in the target. Also, when Self Test function is set at initiation, the machine calculates the checksum of Controller ROM to confirm if it matches the specified value, and displays an error on the control panel at error occurrence. 23

Appendix List of Operation Procedures Item Using Control Panel Using CentreWare Internet Services Default How to check the Clock Set Passcode Entry for Control Panel Login [System Settings] > [Common Service Settings] > [Machine Clock/Timers]. [Authentication/Security Settings] > [Authentication] > [Passcode Policy] > [Passcode Entry for Control Panel Login] Set Overwrite Hard Disk [Authentication/Security Settings] > [Overwrite Hard Disk] Set Data Encryption [System Settings] > [Common Service Settings] > [Other Settings] > [Data Encryption]. Set Authentication [Authentication/Security Settings] > [Authentication] > [Login Type]. Set Private Print [Authentication/Security Settings] > [Authentication] > [Charge/Private Print Settings] Set Store & Send Link Set Software Download Set Auto Clear Set Repot Print Set Self Test Change the System Administrator Passcode Set Maximum Login Attempts [System Settings] > [Common Service Settings] > [Screen/Button Settings] > [Services Home] [System Settings] > [Common Service Settings] > [Other Settings] > [Software Download] [System Settings]>[Common Service Settings] > [Machine Clock/Timers] > [Auto Clear] [System Settings] > [Common Service Settings] > [Reports] > [Print Reports Button] [System Settings] > [Common Service Settings] > [Maintenance] > [Power on Self Test] [Authentication/Security Settings] > [System Administrator Settings] > [System Administrator's Passcode] [Authentication/Security Settings] > [Authentication] > [Maximum Login Attempts By System Administrator] Set Access Control [Authentication/Security Settings] > [Authentication] > [Access Control] Set User Passcode Minimum Length [Authentication/Security Settings] > [Authentication] > [Passcode Policy] > [Minimum Passcode Length] - - - Off [Security] > [On Demand Overwrite] - Off [Security] > [Authentication Configuration] 3 Off - Off - On - On - On - On - Off [Security] > [System Administrator Settings] [Security] > [System Administrator Settings] [Security] > [Authentication Configuration] [Security] > [User Details Setup] > [Minimum Passcode Length] - Off 0

Appendix Item Using Control Panel Using CentreWare Internet Services Default Set SSL/TLS Set WebDAV Set Send/Receive E-mail Set IPP Configuring Machine Certificates Set IPSec [System Settings] >[Connectivity & Network Setup] > [Security Settings] > [SSL/TLS Settings] [System Settings] >[Connectivity & Network Setup] > [Port Setting] [System Settings] >[Connectivity & Network Setup] > [Port Setting] [System Settings] >[Connectivity & Network Setup] > [Port Setting] [Security] > [Machine Digital Certificate Management] > [Create New SelfSigned Certificate] > [SSL/TLS Settings] [Connectivity] > [Port Setting] [Connectivity] > [Port Setting] [Connectivity] > [Port Setting] - [Security] > [Machine Digital Certificate Management] > [Upload Signed Certificate] [System Settings] >[Connectivity & Network Setup] > [Security Settings] > [IPSec Settings] [Security] > [IPSec] Set SNMPv3 - [Connectivity] > [Protocols] > [SNMP Configuration] Set S/MIME [System Settings] >[Connectivity & Network Setup] > [Security Settings] > [S/MIME Settings] [Security] > [SSL/TLS Settings] > [S/MIME Communication] Set WSD(Scan) - [Connectivity] > [Port Settings] On Set SOAP [System Settings] >[Connectivity & Network Setup] > [Port Setting] [Connectivity] > [Port Settings] Set USB - [Service] >[USB]>[General] On Off On Off Off - Off Off Off On Set CSRF - [System Settings] >[Connectivity & Network Setup] > [Protocol] > [HTTP] Set LDAP Server Set Kerberos Server Set Service Representative Restricted Operation [System Settings] >[Connectivity & Network Setup] > [Remote Authentication/Directory Service] > [LDAP Server/Directory Service Settings] [System Settings] >[Connectivity & Network Setup] > [Remote Authentication/Directory Service] > [Kerberos Server Settings] [System Settings] > [Common Service Settings] > [Other Settings] > Service Rep.Restricted Operation] [Connectivity] > [Protocols] > [LDAP] > [LDAP Server] [Security] > [Remote Authentication Servers] > [Kerberos Server] [Security] > [Service Representative Restricted Operation] Off - - Off Set Audit Log, Import the Audit LogFile - [Security] > [AuditLog] Off Set Browser Refresh - [General Setup] > [Internet Services Settings] > [Auto Refresh Interval] Set Job Deletion - [General Setup] > [Job Management] > [Job Deletion] On All User 2

ApeosPort-V 070/4070 DocuCentre-V 070/4070 Security Function Supplementary Guide Fuji Xerox Co., Ltd. ME710E2-1(Edition 1) September 2014 Copyright 2014 by Fuji Xerox Co., Ltd.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback