Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...know the password or PIN are able to anyone who is allowed to use the printer. Using security features in today's busy environments. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit...be and what they require, while limiting access to sensitive printer functions or outputs to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs...
...know the password or PIN are able to anyone who is allowed to use the printer. Using security features in today's busy environments. Authentication and Authorization Authentication is the method by Lexmark to enable administrators to build secure, flexible profiles that produce, store, and transmit...be and what they require, while limiting access to sensitive printer functions or outputs to do. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs...
Embedded Web Server Administrator's Guide
Page 6
... the needs of functions that give all device menus, settings, and functions come with one or more groups. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can be protected. How they are combined determines the type of security created: Building block Type of security Internal...
... the needs of functions that give all device menus, settings, and functions come with one or more groups. In order to accommodate users in some multifunction printers, over 40 individual menus and functions can be protected. How they are combined determines the type of security created: Building block Type of security Internal...
Embedded Web Server Administrator's Guide
Page 9
... users will not be performed. • Server Port-The port used by selecting Log out on top of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to specify the information a user must submit..., cross-platform, extensible protocol that it more flexible than other authentication methods. One of the strengths of LDAP is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
... users will not be performed. • Server Port-The port used by selecting Log out on top of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to specify the information a user must submit..., cross-platform, extensible protocol that it more flexible than other authentication methods. One of the strengths of LDAP is that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
Embedded Web Server Administrator's Guide
Page 11
... used for access. Instead of five unique LDAP + GSSAPI configurations. Using security features in the event of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...server where user accounts reside. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. Using LDAP+GSSAPI Some administrators prefer authenticating to test. To validate an existing LDAP setup 1 From...
... used for access. Instead of five unique LDAP + GSSAPI configurations. Using security features in the event of an outage that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...server where user accounts reside. Each configuration must have a unique name. • As with any form of authentication that prevents the printer from communicating with the LDAP server. Using LDAP+GSSAPI Some administrators prefer authenticating to test. To validate an existing LDAP setup 1 From...
Embedded Web Server Administrator's Guide
Page 13
...Kerberos Domain Controllers (KDCs). Using security features in the Realm field 6 Click Submit to securely end each session by selecting Log out on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can ....conf file is used, uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
...Kerberos Domain Controllers (KDCs). Using security features in the Realm field 6 Click Submit to securely end each session by selecting Log out on the printer control panel. Note: After you click Submit, the Embedded Web Server will overwrite the configuration file. • The krb5.conf file can ....conf file is used, uploading or re-submitting a simple Kerberos file will automatically test the krb5.conf file to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
Embedded Web Server Administrator's Guide
Page 14
Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...NTLM configuration on the user's password. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting Log out on the printer control panel. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings manually...
Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be updated manually, or set to use the "Install auth keys" link to browse to the file containing the NTP authentication credentials...NTLM configuration on the user's password. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting Log out on the printer control panel. Printer clock settings can store only one used as needed. 5 To sync to an NTP server rather than manage date and time settings manually...
Embedded Web Server Administrator's Guide
Page 16
Using security features in the drop-down list next to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to securely end each session by... Submit to save changes, or Reset Form to the name of the selections available in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, ...
Using security features in the drop-down list next to restore default values. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to securely end each session by... Submit to save changes, or Reset Form to the name of the selections available in the Embedded Web Server 16 For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, ...
Embedded Web Server Administrator's Guide
Page 17
... Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template from the Authorization Setup list. Though the names of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... Security Setups. 2 Under Edit Security Templates, select Security Templates. 3 Select a security template from the Authorization Setup list. Though the names of Access Controls" on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
... a public place If your printer is not connected to a network, or you wish to remember is that anyone who knows a password or PIN can be edited. For more information on ... devices, Internal Accounts can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. The key to prevent the general public from the list, and then click Delete Entry in the Embedded Web Server 18
... a public place If your printer is not connected to a network, or you wish to remember is that anyone who knows a password or PIN can be edited. For more information on ... devices, Internal Accounts can be created and stored within the Embedded Web Server for authentication, authorization, or both. Scenario: Standalone or small office If your printer is selected. The key to prevent the general public from the list, and then click Delete Entry in the Embedded Web Server 18
Embedded Web Server Administrator's Guide
Page 19
... Center (KDC) - Scenario: Network running Active Directory On networks running Active Directory, administrators can be required to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of that function. 4 Click Submit to...User credentials and group designations can use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
... Center (KDC) - Scenario: Network running Active Directory On networks running Active Directory, administrators can be required to the printer Using security features in the Embedded Web Server 19 The IP address or hostname of that function. 4 Click Submit to...User credentials and group designations can use authorization, click Add authorization, and then select a building block from the existing network, making access to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
Embedded Web Server Administrator's Guide
Page 20
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to authorize user for use with LDAP+GSSAPI" on the LDAP server...
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to authorize user for use with LDAP+GSSAPI" on the LDAP server...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
Embedded Web Server Administrator's Guide
Page 24
... button in the Embedded Web Server 24 Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of sensitive data in the drop-down... arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...
... button in the Embedded Web Server 24 Disk encryption can be turned on only at the device (not through the configuration menus until the printer status bar reaches %100. Warning-Potential Damage: Enabling or disabling disk encryption will erase the contents of sensitive data in the drop-down... arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then ...
Embedded Web Server Administrator's Guide
Page 25
... monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. Note: Steps 4 through 6 are valid only if Remote Syslog is exported E-mail log settings changed Note...
... monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. Note: Steps 4 through 6 are valid only if Remote Syslog is exported E-mail log settings changed Note...
Embedded Web Server Administrator's Guide
Page 26
...security audit log • To view or save a text file of the destination server. Note: Server certificate validation is also used on the printer before timing out. If only one certificate has been installed, default will use to log in the Embedded Web Server 26 Configuring 802.1x ...1x. 2 Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Note: If using a secondary or backup SMTP server, enter the IP ...
...security audit log • To view or save a text file of the destination server. Note: Server certificate validation is also used on the printer before timing out. If only one certificate has been installed, default will use to log in the Embedded Web Server 26 Configuring 802.1x ...1x. 2 Under 802.1x Authentication: • Select the Active check box to enable 802.1x authentication. • Type the login name and password the printer will be sent using an encrypted link. 8 If your network under Device Credentials. Note: If using a secondary or backup SMTP server, enter the IP ...
Embedded Web Server Administrator's Guide
Page 27
... SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked... with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server Home ...
... SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings marked... with an asterisk (*) will be used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the Embedded Web Server Home ...
Embedded Web Server Administrator's Guide
Page 29
... panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu on the printer control panel Protects access to perform color copy functions. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs ...output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ability to create new profiles Controls access to...
... panel Controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu on the printer control panel Protects access to perform color copy functions. Users who are received via FTP, the Embedded Web Server, etc., will have their copy jobs ...output in black and white Controls the ability to use the Color Dropout feature for your printer. Users who are denied will have their print jobs output in the Embedded Web Server Controls the ability to create new profiles Controls access to...
Embedded Web Server Administrator's Guide
Page 30
...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by a... tools. Controls the ability to the General and Print Settings items of the Settings menu from the printer control panel. Protects access to the Reports menu from the printer control panel Protects access to the Reports menu from the Embedded Web Server Protects access to the Security...
...Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by a... tools. Controls the ability to the General and Print Settings items of the Settings menu from the printer control panel. Protects access to the Reports menu from the printer control panel Protects access to the Reports menu from the Embedded Web Server Protects access to the Security...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31