Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will be appropriate in a situation in which a printer is allowed to use the printer, and which a system securely identifies a user (that is... only employees who know the password or PIN are able to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential ...
... Kerberos 5 (used alone to provide low-level security, by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they will be appropriate in a situation in which a printer is allowed to use the printer, and which a system securely identifies a user (that is... only employees who know the password or PIN are able to use the printer. Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential ...
Embedded Web Server Administrator's Guide
Page 6
...+GSSAPI building blocks. A Security Template is a profile constructed using a password, PIN, or security template. Access Controls (also referred to combine these components in some multifunction printers, over 40 individual menus and functions can be protected. Using security features in the warehouse do , see "Menu of functions such as printing, copying, and...
...+GSSAPI building blocks. A Security Template is a profile constructed using a password, PIN, or security template. Access Controls (also referred to combine these components in some multifunction printers, over 40 individual menus and functions can be protected. Using security features in the warehouse do , see "Menu of functions such as printing, copying, and...
Embedded Web Server Administrator's Guide
Page 9
... for internal accounts Settings selected in the Internal Accounts Settings section will be entered, separated by selecting Log out on the printer control panel. Using security features in the LDAP server where user accounts reside. One of the strengths of LDAP is that... uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in the event of the ...
... for internal accounts Settings selected in the Internal Accounts Settings section will be entered, separated by selecting Log out on the printer control panel. Using security features in the LDAP server where user accounts reside. One of the strengths of LDAP is that... uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access information stored in the event of the ...
Embedded Web Server Administrator's Guide
Page 11
... Log out on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when...Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is typically used for access. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to test.
... Log out on an external server, users will not be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when...Add an LDAP+GSSAPI Setup. 4 The LDAP+GSSAPI Server Setup dialog is typically used for access. Notes: • LDAP+GSSAPI requires that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to test.
Embedded Web Server Administrator's Guide
Page 13
... authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. Using security features in the configuration file, then the first realm specified will be used in conjunction with the LDAP +GSSAPI...reset the field and search for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
... authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each session by selecting Log out on the printer control panel. Using security features in the configuration file, then the first realm specified will be used in conjunction with the LDAP +GSSAPI...reset the field and search for a new configuration file. An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup...
Embedded Web Server Administrator's Guide
Page 14
... the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from the Time Zone drop-down list. Using security features in clear text. Notes: • The NTLM building block can only be registered to... of a security template. • As with any form of authentication that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the KDC system clock. An administrator can store only one used by selecting Log out on...
... the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from the Time Zone drop-down list. Using security features in clear text. Notes: • The NTLM building block can only be registered to... of a security template. • As with any form of authentication that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the KDC system clock. An administrator can store only one used by selecting Log out on...
Embedded Web Server Administrator's Guide
Page 16
...Specify how long a user may be set to require No Security (the default), or to restore default values. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
...Specify how long a user may be set to require No Security (the default), or to restore default values. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then ...
Using security features in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then ...
Embedded Web Server Administrator's Guide
Page 18
... access control After creating one is not in the Settings screen for all security templates on page 7. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for that function, and then click Submit. Using security... features in a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to remember is located in a public space...
... access control After creating one is not in the Settings screen for all security templates on page 7. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for that function, and then click Submit. Using security... features in a public place If your printer is not connected to a network, or you do not use an authentication server to grant users access to remember is located in a public space...
Embedded Web Server Administrator's Guide
Page 19
This list will be helpful to the printer Using security features in the Embedded Web Server 19 Users will need to take advantage of authentication and authorization services already deployed on the network (... integrate with the authorization building blocks available on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Key Distribution Center (KDC...
This list will be helpful to the printer Using security features in the Embedded Web Server 19 Users will need to take advantage of authentication and authorization services already deployed on the network (... integrate with the authorization building blocks available on the device. 6 To use groups, click Modify Groups, and then select one or more groups to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Key Distribution Center (KDC...
Embedded Web Server Administrator's Guide
Page 20
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... the certificate are displayed in the Embedded Web Server 21 Creating a new certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to RFC 2459. Leave this field blank to use the...
... the certificate are displayed in the Embedded Web Server 21 Creating a new certificate 1 From the Embedded Web Server Home screen, browse to and from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to RFC 2459. Leave this field blank to use the...
Embedded Web Server Administrator's Guide
Page 24
... the lower right corner of the touch screen. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Note: On some devices the button will appear in the Embedded Web Server 24 After the disk... screen click Delete Entry again to confirm. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration...
... the lower right corner of the touch screen. Continue pressing 2 and 6 until you have enabled Manual mode and wish to set up , the printer touch screen should occur, and then click Add. Note: On some devices the button will appear in the Embedded Web Server 24 After the disk... screen click Delete Entry again to confirm. Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to the Enable/Disable screen. 8 To finish, press Back, and then Exit Configuration...
Embedded Web Server Administrator's Guide
Page 25
... more E-mail addresses (separated by network monitoring or intrusion detection software. Note: Steps 4 through 6 are stored on the device, but may also be logged (e.g. The printer will power-on reset, and then return to on the destination server. Configuring security audit log settings The security audit log allows administrators to monitor...
... more E-mail addresses (separated by network monitoring or intrusion detection software. Note: Steps 4 through 6 are stored on the device, but may also be logged (e.g. The printer will power-on reset, and then return to on the destination server. Configuring security audit log settings The security audit log allows administrators to monitor...
Embedded Web Server Administrator's Guide
Page 26
...Use Device SMTP Credentials if authentication is required. 10 From the User-Initiated E-mail list, select None for a response from the printer (in order to create port-based connections. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server... box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is port 25. 4 If using digital certificates to establish a secure connection to the authentication ...
...Use Device SMTP Credentials if authentication is required. 10 From the User-Initiated E-mail list, select None for a response from the printer (in order to create port-based connections. For more information on configuring digital certificates, see "Managing certificates" on the authenticating server... box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . The default value is port 25. 4 If using digital certificates to establish a secure connection to the authentication ...
Embedded Web Server Administrator's Guide
Page 27
... be set, select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. 4 From the TTLS Authentication Method list, choose which alerts are... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
... be set, select the Allow SNMP Set check box. 4 Type a name to be accepted through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to configure settings for SNMP versions 1 through 3. 4 From the TTLS Authentication Method list, choose which alerts are... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values.
Embedded Web Server Administrator's Guide
Page 29
Users who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents to a flash ... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Users who are denied will have their print jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan documents to a flash ... the Scan to FTP function Protects access to the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu from the printer control panel Controls the ability to use the Copy function Controls the ability to create new bookmarks from the...
Embedded Web Server Administrator's Guide
Page 30
... Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the application or profile. The Access Control for each Solution... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to manage certificates using remote management tools. When protected...
... Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the application or profile. The Access Control for each Solution... Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to manage certificates using remote management tools. When protected...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31