Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can use the printer. Understanding the basics Securing a printer through the Embedded Web Server... while limiting access to sensitive printer functions or outputs to as Building Blocks: • PIN • Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to access....
... security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can use the printer. Understanding the basics Securing a printer through the Embedded Web Server... while limiting access to sensitive printer functions or outputs to as Building Blocks: • PIN • Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to access....
Embedded Web Server Administrator's Guide
Page 6
.... How they are combined determines the type of security created: Building block Type of a complex security environment. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. For example, in Company A, employees in ways that can be controlled varies depending on the type...
.... How they are combined determines the type of security created: Building block Type of a complex security environment. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. For example, in Company A, employees in ways that can be controlled varies depending on the type...
Embedded Web Server Administrator's Guide
Page 9
...-based, cross-platform, extensible protocol that it can interact with many different kinds of LDAP is that runs directly on the printer control panel. One of the strengths of databases without special integration, making it more flexible than other authentication methods. Each configuration... must have a unique name. • Administrators can store a maximum of an outage that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of multiple attributes-such as the information a user must submit when ...
...-based, cross-platform, extensible protocol that it can interact with many different kinds of LDAP is that runs directly on the printer control panel. One of the strengths of databases without special integration, making it more flexible than other authentication methods. Each configuration... must have a unique name. • Administrators can store a maximum of an outage that prevents the printer from communicating with the LDAP server. Note: A Search Base consists of multiple attributes-such as the information a user must submit when ...
Embedded Web Server Administrator's Guide
Page 11
... unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in the Embedded... access. Instead of the LDAP server where the authentication will first authenticate with any form of authentication that relies on the printer control panel. Note: A Search Base consists of five unique LDAP + GSSAPI configurations. To validate an existing LDAP setup ...
... unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in the Embedded... access. Instead of the LDAP server where the authentication will first authenticate with any form of authentication that relies on the printer control panel. Note: A Search Base consists of five unique LDAP + GSSAPI configurations. To validate an existing LDAP setup ...
Embedded Web Server Administrator's Guide
Page 13
..., users are encouraged to verify that the Kerberos configuration file for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. While only one krb5.conf file is used as a krb5....conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
..., users are encouraged to verify that the Kerberos configuration file for user authentication, Kerberos 5 is most often used by selecting Log out on the printer control panel. Configuring Kerberos 5 for use with LDAP+GSSAPI Though it is functional. While only one krb5.conf file is used as a krb5....conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to ...
Embedded Web Server Administrator's Guide
Page 14
... of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock...servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users...
... of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock...servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users...
Embedded Web Server Administrator's Guide
Page 16
...security (in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
...security (in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
... Control. 3 For each session by the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... Control. 3 For each session by the security template. Note: Certain building blocks-such as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
Scenarios Scenario: Printer in use; Using security features in a public space such as a lobby, and you wish to protect individual ...configure as needed . To delete an individual security template, select it from using it is not in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that code. For more information on configuring a ... Select Access Control. 3 For each access control After creating one is selected. Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
Scenarios Scenario: Printer in use; Using security features in a public space such as a lobby, and you wish to protect individual ...configure as needed . To delete an individual security template, select it from using it is not in a public place If your printer is that anyone who knows a password or PIN can access any functions protected by that code. For more information on configuring a ... Select Access Control. 3 For each access control After creating one is selected. Scenario: Standalone or small office If your printer is located in the Embedded Web Server 18
Embedded Web Server Administrator's Guide
Page 19
...The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for authenticating users. ... to integrate with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server...
...The name of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for authenticating users. ... to integrate with Active Directory, you want to protect, select a security template from the drop-down the Ctrl key to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use the LDAP+GSSAPI capabilities of the Embedded Web Server...
Embedded Web Server Administrator's Guide
Page 20
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... is 389) • A list of up to three object classes stored on the LDAP server, which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... the Device Certificate Management window. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
... the Device Certificate Management window. Note: Leave this field blank to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Users will now be required to enter the appropriate credentials in order to gain access...
Embedded Web Server Administrator's Guide
Page 24
... disk encryption will erase the contents of sensitive data in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to finalize changes. Continue? • Select Yes to designate when disk ...wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to proceed with disk wiping...
... disk encryption will erase the contents of sensitive data in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to finalize changes. Continue? • Select Yes to designate when disk ...wiping should display a list of functions, instead of standard home screen icons such as Copy or Fax. 3 Verify that the printer is fully powered up a schedule for disk wiping, select Scheduled Disk Wiping. 4 Use the Time and Day(s) lists to proceed with disk wiping...
Embedded Web Server Administrator's Guide
Page 25
... code for logging messages and events. 0 is the highest severity, and 7 is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will be logged (e.g. The default value is exported E-mail log settings changed Note: In order to use for further processing or storage. 1 From the Embedded...
... code for logging messages and events. 0 is the highest severity, and 7 is entered. 4 Type the Remote Syslog Port number used on the destination server. The printer will be logged (e.g. The default value is exported E-mail log settings changed Note: In order to use for further processing or storage. 1 From the Embedded...
Embedded Web Server Administrator's Guide
Page 26
...Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to require verification of the security certificate on the authenticating server. The default is...• Select the Validate Server Certificate check box to each applicable protocol. The default value is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is port 25. ...
...Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will recognize by clicking the check box next to require verification of the security certificate on the authenticating server. The default is...• Select the Validate Server Certificate check box to each applicable protocol. The default value is also used on the printer before timing out. Configuring 802.1x authentication Though normally associated with wireless network connections, 802.1x authentication is port 25. ...
Embedded Web Server Administrator's Guide
Page 27
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. Setting SNMP Traps After configuring SNMP Version 1, ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...
... Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to reset. Setting SNMP Traps After configuring SNMP Version 1, ... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...
Embedded Web Server Administrator's Guide
Page 29
... the ability to create new bookmarks from the Bookmark Setup section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Firmware files which are denied will have their print jobs... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on device ...
... the ability to create new bookmarks from the Bookmark Setup section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to print color from the Embedded Web Server Appendix 29 Firmware files which are denied will have their print jobs... Web Server, etc., will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to the Manage Shortcuts item of the Settings menu from a flash drive. Appendix Menu of Access Controls Depending on device ...
Embedded Web Server Administrator's Guide
Page 30
... panel Protects access to the Security menu from the Embedded Web Server Protects access to the Sevice Engineer menu from the printer control panel Protects access to the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings ...sections of the Settings menu from the printer control panel Protects access to the operations available from the Embedded Web Server When disabled, all device settings changes requested by remote management tools...
... panel Protects access to the Security menu from the Embedded Web Server Protects access to the Sevice Engineer menu from the printer control panel Protects access to the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings ...sections of the Settings menu from the printer control panel Protects access to the operations available from the Embedded Web Server When disabled, all device settings changes requested by remote management tools...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
