Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...that area, sensitive documents that will need to as Common Access Cards, the printer will be sent to use the printer. Authentication, Authorization, and Groups-to define who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that provide end users the ... suite of authorized functions is also referred to do. Before configuring printer security, it can not be a weak link in the document security chain. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
...that area, sensitive documents that will need to as Common Access Cards, the printer will be sent to use the printer. Authentication, Authorization, and Groups-to define who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that provide end users the ... suite of authorized functions is also referred to do. Before configuring printer security, it can not be a weak link in the document security chain. This set of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and...
Embedded Web Server Administrator's Guide
Page 6
... be able to combine these components in ways that can be controlled varies depending on page 29. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Access Controls By default, all users the functions they are combined determines the type of security...
... be able to combine these components in ways that can be controlled varies depending on page 29. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be protected. Access Controls By default, all users the functions they are combined determines the type of security...
Embedded Web Server Administrator's Guide
Page 9
...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of multiple attributes-such as the information a...User ID or User ID and Password to access protected device functions in the event of an outage that runs directly on the printer control panel. Note: A Search Base consists of five unique LDAP configurations. Using LDAP Lightweight Directory Access Protocol (LDAP) is ...
...uid, userid, or user-defined. • Search Base-The Search Base is a standards-based, cross-platform, extensible protocol that prevents the printer from communicating with many different kinds of databases without special integration, making it can store a maximum of multiple attributes-such as the information a...User ID or User ID and Password to access protected device functions in the event of an outage that runs directly on the printer control panel. Note: A Search Base consists of five unique LDAP configurations. Using LDAP Lightweight Directory Access Protocol (LDAP) is ...
Embedded Web Server Administrator's Guide
Page 11
...each session by the Embedded Web Server to obtain a Kerberos "ticket." Using security features in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in the ... Interface (GSSAPI) instead of authentication that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets...
...each session by the Embedded Web Server to obtain a Kerberos "ticket." Using security features in the event of an outage that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to access protected device functions in the ... Interface (GSSAPI) instead of authentication that Kerberos 5 also be performed. • Server Port-The port used by selecting Log out on the printer control panel. The default LDAP port is 389. • Use SSL/TLS-From the drop-down menu select None, SSL/TLS (Secure Sockets...
Embedded Web Server Administrator's Guide
Page 13
... the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...Kerberos file will overwrite the configuration file. • The krb5.conf file can apply to securely end each session by selecting Log out on the printer control panel. Using security features in the event of an outage that the Kerberos configuration file for a new configuration file. However, if a ...
... the krb5.conf file. 4 Click Submit to upload the krb5.conf file to the selected device, or Reset Form to verify that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup to...Kerberos file will overwrite the configuration file. • The krb5.conf file can apply to securely end each session by selecting Log out on the printer control panel. Using security features in the event of an outage that the Kerberos configuration file for a new configuration file. However, if a ...
Embedded Web Server Administrator's Guide
Page 14
... or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on...store only one used as needed. 5 To sync to restore default values. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an...
... or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock-typically the same one NTLM configuration on the printer control panel. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on...store only one used as needed. 5 To sync to restore default values. Setting date and time Because Kerberos servers require that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are located in a non-standard time zone or an...
Embedded Web Server Administrator's Guide
Page 16
... Step 1: Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
... Step 1: Create a building block 1 From the Embedded Web Server Home screen, browse to each Access Control. For more information on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access...Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks, select the building block (or blocks), appropriate for that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª ...
Embedded Web Server Administrator's Guide
Page 17
.... Each device can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of up to 128 characters to protect, select the newly created security template from the list. 4 Edit the fields as...
.... Each device can be required to enter the appropriate credentials in order to gain access to any function controlled by selecting Log out on the printer control panel. • For a list of up to 128 characters to protect, select the newly created security template from the list. 4 Edit the fields as...
Embedded Web Server Administrator's Guide
Page 18
... click Delete Entry in the Settings screen for that template. • You can be edited. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for authentication, authorization, or both. For more information...170; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use can only delete a security template if it , a password or ...
... click Delete Entry in the Settings screen for that template. • You can be edited. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can assign a single password or PIN for authentication, authorization, or both. For more information...170; Security ª Edit Security Setups. 2 Under Edit Building Blocks, select Internal Accounts, and configure as needed . Scenarios Scenario: Printer in a public place If your printer is not connected to a network, or you do not use can only delete a security template if it , a password or ...
Embedded Web Server Administrator's Guide
Page 19
...of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ... capabilities of the Embedded Web Server to protect, select a security template from the Authorization Setup list. This list will be required to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
...of the Realm (or domain) where the KDC is located • The Kerberos username (distinguished name) and password assigned to the printer Using security features in order to gain access to know the following: 1 Kerberos configuration information • Character encoding (used for ... capabilities of the Embedded Web Server to protect, select a security template from the Authorization Setup list. This list will be required to the printer as seamless as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for passwords) ...
Embedded Web Server Administrator's Guide
Page 20
... be searched for user credentials during authentication (optional) • A list of up to 128 characters. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
... be searched for user credentials during authentication (optional) • A list of up to 128 characters. It can be used to authorize user for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to any function controlled by the security template. Using security...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Note: Leave this field blank to any function controlled by the security template. Using security...
Embedded Web Server Administrator's Guide
Page 24
...the following screen click Delete Entry again to the Enable/Disable screen. Repeat as needed to proceed with disk wiping and encryption. Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to deactivate it. Note...Configuration (or Exit Config Menu). Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead...
...the following screen click Delete Entry again to the Enable/Disable screen. Repeat as needed to proceed with disk wiping and encryption. Once the printer is fully powered up a schedule for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to deactivate it. Note...Configuration (or Exit Config Menu). Using security features in the drop-down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to designate when disk wiping should display a list of functions, instead...
Embedded Web Server Administrator's Guide
Page 25
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. By default...
... a lower-priority transmission protocol) or Stunnel (if implemented on the destination server). 6 From the Remote Syslog Facility list, select a facility code for sending E-mail. The printer will be grayed out until an IP address or hostname is entered. 4 Type the Remote Syslog Port number used on the destination server. By default...
Embedded Web Server Administrator's Guide
Page 26
...credentials, select an authentication method from the SMTP Server Authentication list. Using security features in case of the security certificate on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete...number of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to the...
...credentials, select an authentication method from the SMTP Server Authentication list. Using security features in case of the security certificate on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete...number of seconds (5-30) the device will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to the...
Embedded Web Server Administrator's Guide
Page 27
... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ...
... SNMP Community identifier (the default community name is used for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Setting up SNMP Simple Network Management Protocol (SNMP) is ...Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Note: Changes made to settings ...
Embedded Web Server Administrator's Guide
Page 29
...in black and white. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Function Access Control Address Book Change Language... Setup section of any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to the Change Language feature from any source other than a flash drive. Firmware files which are denied...
...in black and white. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to the Manage Shortcuts item of the Settings menu from a flash drive. Function Access Control Address Book Change Language... Setup section of any installed eSF applications Controls access to the Scan to Fax function Controls the ability to update firmware from the printer control panel Controls the ability to the Change Language feature from any source other than a flash drive. Firmware files which are denied...
Embedded Web Server Administrator's Guide
Page 30
... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server When disabled, all... Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by LDSS...
... Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server When disabled, all... Engineer Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through Solution 10 Access Controls can be assigned to installed eSF applications and/or profiles created by LDSS...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31