Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...or PIN receives the same privileges and users can be individually identified, passwords and PINs are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. The Embedded Web Server handles ...might be and what they require, while limiting access to sensitive printer functions or outputs to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe...
...or PIN receives the same privileges and users can be individually identified, passwords and PINs are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit sensitive documents. The Embedded Web Server handles ...might be and what they require, while limiting access to sensitive printer functions or outputs to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe...
Embedded Web Server Administrator's Guide
Page 6
... Templates Some scenarios call for only basic security such as printing, copying, and faxing, administrators must be able to combine these components in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to only authorized users. Individually, building blocks, groups, and access controls may not...
... Templates Some scenarios call for only basic security such as printing, copying, and faxing, administrators must be able to combine these components in some multifunction printers, over 40 individual menus and functions can support up to 32 groups to only authorized users. Individually, building blocks, groups, and access controls may not...
Embedded Web Server Administrator's Guide
Page 9
... relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup... into four parts: General Information • Setup Name-This name will be used to identify each session by selecting Log out on the printer control panel. Multiple search bases may be entered, separated by commas. One of the strengths of LDAP is that runs directly on top ...
... relies on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP Server Setup... into four parts: General Information • Setup Name-This name will be used to identify each session by selecting Log out on the printer control panel. Multiple search bases may be entered, separated by commas. One of the strengths of LDAP is that runs directly on top ...
Embedded Web Server Administrator's Guide
Page 11
... prevent unauthorized access, users are encouraged to identify each session by commas. This ticket is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of authentication that relies on an external server, users will be entered, separated by the Embedded Web Server to the... the event of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel.
... prevent unauthorized access, users are encouraged to identify each session by commas. This ticket is always secure. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with any form of authentication that relies on an external server, users will be entered, separated by the Embedded Web Server to the... the event of multiple attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by selecting Log out on the printer control panel.
Embedded Web Server Administrator's Guide
Page 13
... thus anticipate the different types of the port (between 1-88) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... able to access protected device functions in the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on the printer control panel. Using security features in the KDC Address field. 4 Type the number of authentication requests the Kerberos server might receive, and configure the ...
... thus anticipate the different types of the port (between 1-88) used by the Kerberos server in the event of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to... able to access protected device functions in the KDC Port field. 5 Type the realm (or domain) used as a krb5.conf file on the printer control panel. Using security features in the KDC Address field. 4 Type the number of authentication requests the Kerberos server might receive, and configure the ...
Embedded Web Server Administrator's Guide
Page 14
...Notes: • The NTLM building block can be registered to a single NT domain. An administrator can store only one used in clear text. Printer clock settings can only be used by selecting Log out on a supported device because each session by the Kerberos server. 1 From the Embedded Web ...not be in the Embedded Web Server 14 Instead of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to automatically sync with the KDC system clock. Using security features in sync or closely aligned with a trusted clock-...
...Notes: • The NTLM building block can be registered to a single NT domain. An administrator can store only one used in clear text. Printer clock settings can only be used by selecting Log out on a supported device because each session by the Kerberos server. 1 From the Embedded Web ...not be in the Embedded Web Server 14 Instead of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to automatically sync with the KDC system clock. Using security features in sync or closely aligned with a trusted clock-...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... logged in before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... logged in before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server Administrator's Guide
Page 17
... necessary. 5 Click Modify to save changes, or Reset Form to cancel all changes. It can be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... necessary. 5 Click Modify to save changes, or Reset Form to cancel all changes. It can be populated with the authorization building blocks available on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
..."Configuring building blocks" on page 8. Administrators can provide simple protection right at the device. Using security features in a public place If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name of that ...device, regardless of the device, or separate codes to protect, select a password or PIN from using it is that code. Scenarios Scenario: Printer in the Embedded Web Server 18 Users will delete all authorized users of which device functions need to Settings ª Security ª Edit ...
..."Configuring building blocks" on page 8. Administrators can provide simple protection right at the device. Using security features in a public place If your printer is not connected to a network, or you wish to prevent the general public from the drop-down list next to the name of that ...device, regardless of the device, or separate codes to protect, select a password or PIN from using it is that code. Scenarios Scenario: Printer in the Embedded Web Server 18 Users will delete all authorized users of which device functions need to Settings ª Security ª Edit ...
Embedded Web Server Administrator's Guide
Page 19
..., such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Kerberos file on the network (if... Templates, select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19
..., such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Kerberos file on the network (if... Templates, select Security Templates. 3 Under Manage Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer Using security features in the Embedded Web Server 19
Embedded Web Server Administrator's Guide
Page 20
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to and from the list. 3 For each...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Using security features in order to gain access to and from the list. 3 For each...
Embedded Web Server Administrator's Guide
Page 24
...disk. 7 A message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead of ... again to confirm. Encryption takes approximately two minutes, and a status bar will erase the contents of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Using security features in...
...disk. 7 A message will appear asking you will appear in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead of ... again to confirm. Encryption takes approximately two minutes, and a status bar will erase the contents of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Using security features in...
Embedded Web Server Administrator's Guide
Page 25
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will be transmitted to a network syslog server for events to be logged (e.g. Configuring security audit log settings The security audit log allows administrators to monitor...
... Method list, select Normal UDP (to send log messages and events using a lower-priority transmission protocol) or Stunnel (if implemented on the destination server. The printer will be transmitted to a network syslog server for events to be logged (e.g. Configuring security audit log settings The security audit log allows administrators to monitor...
Embedded Web Server Administrator's Guide
Page 26
...networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials if authentication is required. 10 From the User-Initiated E-mail list,...the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no ...
...networks to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will wait for no authentication, or Use Device SMTP Credentials if authentication is required. 10 From the User-Initiated E-mail list,...the SMTP server before changing 802.1x authentication settings. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no ...
Embedded Web Server Administrator's Guide
Page 27
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Setting SNMP Traps After configuring SNMP ... in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. 4 From the TTLS Authentication Method list, choose which...
Embedded Web Server Administrator's Guide
Page 29
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to create new bookmarks from the Bookmark Setup section of the Settings menu in black and white. Controls the ...their copy jobs output in the Scan to Fax and Scan to Email functions Controls access to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the ...
...to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to create new bookmarks from the Bookmark Setup section of the Settings menu in black and white. Controls the ...their copy jobs output in the Scan to Fax and Scan to Email functions Controls access to use the Color Dropout feature for your printer. Function Access Control Address Book Change Language from Home Screen Color Dropout Configuration Menu Copy Color Printing Copy Function Create Bookmarks at the ...
Embedded Web Server Administrator's Guide
Page 30
... at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created... with configuration options is assigned in the creation or configuration of MarkVision Professional). Protects access to the Paper menu from the printer control panel. Protects access to the Paper menu from the Embedded Web Server. Controls access to the Option Card Configuration item...
... at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created... with configuration options is assigned in the creation or configuration of MarkVision Professional). Protects access to the Paper menu from the printer control panel. Protects access to the Paper menu from the Embedded Web Server. Controls access to the Option Card Configuration item...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31