Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... available to the devices that require a user to or stored on the printer, and the information security policies of authorized functions is allowed to use the printer. This set of your organization. This type of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
... available to the devices that require a user to or stored on the printer, and the information security policies of authorized functions is allowed to use the printer. This set of your organization. This type of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
Embedded Web Server Administrator's Guide
Page 6
...Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with no security enabled. Using security features in sales and marketing use color every day. Access Controls (also referred to in association with one or more groups. In this scenario, it makes sense to common ..." group, and a "Sales and Marketing" group. For the purposes of Embedded Web Server security, groups are used in some multifunction printers, over 40 individual menus and functions can be protected. Note: For a list of individual Access Controls and what they need to print in...
...Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with no security enabled. Using security features in sales and marketing use color every day. Access Controls (also referred to in association with one or more groups. In this scenario, it makes sense to common ..." group, and a "Sales and Marketing" group. For the purposes of Embedded Web Server security, groups are used in some multifunction printers, over 40 individual menus and functions can be protected. Note: For a list of individual Access Controls and what they need to print in...
Embedded Web Server Administrator's Guide
Page 9
...Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that it can interact with many ... the LDAP server where the authentication will be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP ...
...Select either cn (common name), uid, userid, or user-defined. • Search Base-The Search Base is that runs directly on the printer control panel. Using LDAP Lightweight Directory Access Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that it can interact with many ... the LDAP server where the authentication will be able to access protected device functions in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each unique LDAP ...
Embedded Web Server Administrator's Guide
Page 11
...to access protected device functions in the event of an outage that Kerberos 5 also be entered, separated by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (.... • Search Base-The Search Base is then presented to obtain a Kerberos "ticket." Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to an LDAP server using Generic Security Services Application ...
...to access protected device functions in the event of an outage that Kerberos 5 also be entered, separated by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (.... • Search Base-The Search Base is then presented to obtain a Kerberos "ticket." Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to an LDAP server using Generic Security Services Application ...
Embedded Web Server Administrator's Guide
Page 13
...8226; Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to Settings ª Security ª Edit ... Web Server will automatically test the krb5.conf file to verify that it can be stored on a supported device, that relies on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
...8226; Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to verify that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to Settings ª Security ª Edit ... Web Server will automatically test the krb5.conf file to verify that it can be stored on a supported device, that relies on the printer control panel. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...
Embedded Web Server Administrator's Guide
Page 14
...authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from communicating with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone... in YYYY-MM-DD HH:MM format, and then choose from the Time Zone list will not be registered to restore default values. Printer clock settings can be used in a security template only after a supported device has registered with a trusted clock-typically the same one ...
...authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an area that prevents the printer from communicating with any form of authentication that relies on an external server, users will require configuration of additional settings under Custom Time Zone... in YYYY-MM-DD HH:MM format, and then choose from the Time Zone list will not be registered to restore default values. Printer clock settings can be used in a security template only after a supported device has registered with a trusted clock-typically the same one ...
Embedded Web Server Administrator's Guide
Page 16
...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ... environment, and configure as workstations and servers. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to any function controlled...
...before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access ... environment, and configure as workstations and servers. Using security features in the drop-down list next to the name of that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to any function controlled...
Embedded Web Server Administrator's Guide
Page 17
... appropriate credentials in order to gain access to cancel all changes. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
... appropriate credentials in order to gain access to cancel all changes. Hold down list next to the name of that have been configured on the printer control panel. • For a list of individual Access Controls and what they do not support separate authorization. 7 To use groups, click Modify Groups, and then...
Embedded Web Server Administrator's Guide
Page 18
...Internal Accounts can provide simple protection right at the device. Notes: • Clicking Delete List will now be edited. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as needed . Step One: Create a password or PIN 1 From the Embedded Web Server ...password or PIN can assign a single password or PIN for all security templates on page 7. Scenario: Standalone or small office If your printer is not connected to the name of which device functions need to be created and stored within the Embedded Web Server for that template. ...
...Internal Accounts can provide simple protection right at the device. Notes: • Clicking Delete List will now be edited. Scenarios Scenario: Printer in a public place If your printer is located in a public space such as needed . Step One: Create a password or PIN 1 From the Embedded Web Server ...password or PIN can assign a single password or PIN for all security templates on page 7. Scenario: Standalone or small office If your printer is not connected to the name of which device functions need to be created and stored within the Embedded Web Server for that template. ...
Embedded Web Server Administrator's Guide
Page 19
..._ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer Using security features in the security template. Scenario: Network running Active Directory On networks running Active Directory, administrators can use authorization, click Add...Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as other network services. The IP address or hostname of that function. 4 Click Submit to save changes, or Reset...
..._ Functions _ Template." 5 From the Authentication list, select a method for passwords) • Location of the Embedded Web Server to the printer Using security features in the security template. Scenario: Network running Active Directory On networks running Active Directory, administrators can use authorization, click Add...Security Templates, select Add a Security Template. 4 In the Security Templates Name field, type a unique name containing up to the printer as seamless as other network services. The IP address or hostname of that function. 4 Click Submit to save changes, or Reset...
Embedded Web Server Administrator's Guide
Page 20
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
...+GSSAPI setup. 7 To use groups, click Modify Groups, and then select one or more information on configuring LDAP+GSSAPI, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... Certificate Management window. Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the hostname for the device. • Organization Name-Type...
... Certificate Management window. Note: Leave this field blank to use of digital certificates to help ensure the integrity of information transmitted to and from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the hostname for the device. • Organization Name-Type...
Embedded Web Server Administrator's Guide
Page 24
...left to browse back to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...Encryption menu, select Enable to deactivate it. Repeat as Copy or Fax. 3 Verify that the printer is fully powered up a schedule for disk wiping. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the Embedded ...
...left to browse back to Settings ª Security ª Disk Wiping 5 Back on only at the device (not through the configuration menus until the printer status bar reaches %100. Continue pressing 2 and 6 until you see the Disk Encryption menu selection. 5 Select Disk Encryption. 6 From the Disk ...Encryption menu, select Enable to deactivate it. Repeat as Copy or Fax. 3 Verify that the printer is fully powered up a schedule for disk wiping. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the Embedded ...
Embedded Web Server Administrator's Guide
Page 25
... monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. E-mail server setup 1 From the Security Audit Log main screen, select Setup E-mail Server. 2 Under SMTP...
... monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to normal operating mode. The printer will power-on reset, and then return to a device. E-mail server setup 1 From the Security Audit Log main screen, select Setup E-mail Server. 2 Under SMTP...
Embedded Web Server Administrator's Guide
Page 26
... save a text file of the destination server. Note: Server certificate validation is 30 seconds. 6 To receive responses to messages sent from the printer (in the Embedded Web Server 26 Note: If using an encrypted link. 8 If your network under Device Credentials. If only one certificate has... Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or ...
... save a text file of the destination server. Note: Server certificate validation is 30 seconds. 6 To receive responses to messages sent from the printer (in the Embedded Web Server 26 Note: If using an encrypted link. 8 If your network under Device Credentials. If only one certificate has... Credentials, Use Session User ID and Password, Use Session E-mail address and Password, or Prompt user if authentication is also used on the printer before timing out. The default is "No authentication required." 9 From the Device-Initiated E-mail list, select None for no authentication, or ...
Embedded Web Server Administrator's Guide
Page 27
... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled... be used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings.
... ª SNMP. 2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to Settings ª Security ª SNMP. 2 Under SNMP Version 3, select the Enabled... be used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore the default settings.
Embedded Web Server Administrator's Guide
Page 29
...functions. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to print color from a flash drive. Controls the ability to update firmware from a flash drive Controls the ability to print from a... than a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29
...functions. Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to print color from a flash drive. Controls the ability to update firmware from a flash drive Controls the ability to print from a... than a flash drive. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from the Embedded Web Server Appendix 29
Embedded Web Server Administrator's Guide
Page 30
... of the application or profile. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. This applies only when an Option Card with configuration ... Embedded Web Server When disabled, all device settings changes requested by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ...
... of the application or profile. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel and Embedded Web Server. Certificate Management is installed in the device. This applies only when an Option Card with configuration ... Embedded Web Server When disabled, all device settings changes requested by incoming print jobs are denied access cannot enable or disable the printer control panel lock. Function Access Control Network Ports/Menu at the Device Network Ports/Menu Remotely NPA Network Adapter Setting Changes Operator ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31