Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
...are able to only those users holding appropriate credentials. Using security features in today's busy environments. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- This set of authorized functions is located in the document ...Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can not be sent to the devices that require...
...are able to only those users holding appropriate credentials. Using security features in today's busy environments. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- This set of authorized functions is located in the document ...Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in the Embedded Web Server 5 Before configuring printer security, it can not be sent to the devices that require...
Embedded Web Server Administrator's Guide
Page 6
... LDAP + GSSAPI Authentication only LDAP + GSSAPI with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Individually, building blocks, groups, and access controls may not meet the...
... LDAP + GSSAPI Authentication only LDAP + GSSAPI with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. Access Controls (also referred to in some multifunction printers, over 40 individual menus and functions can be controlled varies depending on page 29. Individually, building blocks, groups, and access controls may not meet the...
Embedded Web Server Administrator's Guide
Page 9
... protocol that relies on an external server, users will not be used by selecting Log out on top of authentication that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 ... Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used to access information stored in the event of an outage that prevents the printer from communicating with any form of the TCP/IP layer, and is divided into four parts: General Information • Setup Name-This name will be...
... protocol that relies on an external server, users will not be used by selecting Log out on top of authentication that runs directly on the printer control panel. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 ... Click Add an LDAP Setup. 4 The LDAP Server Setup dialog is used to access information stored in the event of an outage that prevents the printer from communicating with any form of the TCP/IP layer, and is divided into four parts: General Information • Setup Name-This name will be...
Embedded Web Server Administrator's Guide
Page 11
... Name-This name will be used to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under... attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server.
... Name-This name will be used to the LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of authentication that relies on the printer control panel. To add a new LDAP+GSSAPI setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under... attributes-such as cn (common name), ou (organizational unit), o (organization), c (country), or dc (domain)-separated by commas. Notes: • LDAP+GSSAPI requires that prevents the printer from communicating with the LDAP server.
Embedded Web Server Administrator's Guide
Page 13
...configuration file. • The krb5.conf file can specify a default realm. Using security features in the event of authentication that relies on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...search for a new configuration file. However, if a realm is used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ...
...configuration file. • The krb5.conf file can specify a default realm. Using security features in the event of authentication that relies on the printer control panel. Creating a simple Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit...search for a new configuration file. However, if a realm is used as a krb5.conf file on a supported device, that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click Test Setup ...
Embedded Web Server Administrator's Guide
Page 14
...able to access protected device functions in the event of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each ...to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting Log out on the user's password. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building block ...
...able to access protected device functions in the event of an outage that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with a trusted clock-typically the same one NTLM configuration on a supported device because each ...to a single NT domain. Using NTLM authentication NTLM (Windows NT LAN Manager) is being used by selecting Log out on the user's password. Printer clock settings can be used in a security template only after a supported device has registered with the NTLM domain. • The NTLM building block ...
Embedded Web Server Administrator's Guide
Page 16
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... of time before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings... of time before lockout takes place. • Lockout time-Specify the duration of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit Access Controls, select Access ...
Embedded Web Server Administrator's Guide
Page 17
... protect, select the newly created security template from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in order to gain access to any function controlled...
... protect, select the newly created security template from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of security templates must be required to enter the appropriate credentials in order to gain access to any function controlled...
Embedded Web Server Administrator's Guide
Page 18
... security template, select it , a password or PIN can provide simple protection right at the device. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that code. Step One: Set up internal accounts" on ... to remember is located in use an authentication server to grant users access to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is selected. The key to the name of the device, or separate codes to Settings ª Security ª Edit Security ...
... security template, select it , a password or PIN can provide simple protection right at the device. Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that code. Step One: Set up internal accounts" on ... to remember is located in use an authentication server to grant users access to a function controlled by that code. Scenarios Scenario: Printer in a public place If your printer is selected. The key to the name of the device, or separate codes to Settings ª Security ª Edit Security ...
Embedded Web Server Administrator's Guide
Page 19
...Authorization Setup list. It can be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _... • Character encoding (used for authenticating users. This list will be pulled from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 This list will be helpful to take advantage of the Embedded Web Server to ...
...Authorization Setup list. It can be populated with Active Directory, you want to protect, select a security template from the existing network, making access to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common _... • Character encoding (used for authenticating users. This list will be pulled from the drop-down the Ctrl key to the printer Using security features in the Embedded Web Server 19 This list will be helpful to take advantage of the Embedded Web Server to ...
Embedded Web Server Administrator's Guide
Page 20
..., and then select the name given to your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
..., and then select the name given to your LDAP+GSSAPI setup. 7 To use with LDAP+GSSAPI" on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Under Edit Building Blocks...
Embedded Web Server Administrator's Guide
Page 21
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
... deleting a certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. Leave this field blank to use the IPv4 address (128-character maximum). 5 Click Generate New...
Embedded Web Server Administrator's Guide
Page 24
..., modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Continue pressing 2 and 6 until you...). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Disk encryption can be ...
..., modify the time and day as "Exit Config Menu." 4 Press the down arrow to scroll through the Embedded Web Server). 1 Turn off the printer during the encryption process. • Select No to cancel and return to proceed with disk wiping and encryption. Continue pressing 2 and 6 until you...). 6 Click Submit to finalize changes. Encrypting the hard disk Hard disk encryption helps prevent loss of sensitive data in the event your printer-or its hard disk-is in Configuration mode by locating the Exit Configuration button in the Embedded Web Server 24 Disk encryption can be ...
Embedded Web Server Administrator's Guide
Page 25
... Audit to activate security audit logging (syslog). 3 To transmit log events to a device. Warning" is chosen, severity levels 0-4 will power-on the destination server. The printer will be logged). 8 To send all events regardless of severity to the remote server, select the Remote Syslog non-logged events check box. 9 To have...
... Audit to activate security audit logging (syslog). 3 To transmit log events to a device. Warning" is chosen, severity levels 0-4 will power-on the destination server. The printer will be logged). 8 To send all events regardless of severity to the remote server, select the Remote Syslog non-logged events check box. 9 To have...
Embedded Web Server Administrator's Guide
Page 26
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order ... type the number of seconds (5-30) the device will use . For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file of the destination server. Note:...
... or Required to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will be sent using digital certificates to establish a secure connection to the authentication server, you want to use to log in order ... type the number of seconds (5-30) the device will use . For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. Viewing or deleting the security audit log • To view or save a text file of the destination server. Note:...
Embedded Web Server Administrator's Guide
Page 27
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk...
... Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. Using security features in network management... systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. Note: Changes made to settings marked with an asterisk...
Embedded Web Server Administrator's Guide
Page 29
...Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan ...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to...
...Users who are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability to scan ...the Held Jobs function Protects access to the Manage Shortcuts section of the Settings menu on some Access Controls (referred to on the printer control panel Protects access to update firmware from any installed eSF applications Controls access to the Scan to Fax function Controls the ability to...
Embedded Web Server Administrator's Guide
Page 30
... the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 through...manage certificates using remote management tools. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings ...
... the Service Engineer menu from the Embedded Web Server Protects access to the General and Print Settings sections of the Settings menu from the printer control panel Protects access to the General and Print Settings items of the Settings menu from the Embedded Web Server The Solution 1 through...manage certificates using remote management tools. When disabled, it does Protects access to the Network/Ports section of the Settings menu from the printer control panel Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server When disabled, all device settings ...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31