Embedded Web Server Administrator's Guide
Page 3
... password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to...and disabling USB devices...23 Disk wiping...23 Encrypting the hard disk ...24 Configuring security audit log settings ...25 Configuring 802.1x authentication ...26 Setting up SNMP ...27 Enabling the security reset jumper ...28 Contents 3
... password ...7 Creating a PIN...7 Setting up internal accounts ...8 Using LDAP ...9 Using LDAP+GSSAPI ...11 Configuring Kerberos 5 for use with LDAP+GSSAPI ...13 Using NTLM authentication ...14 Securing access...15 Setting a backup password...15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to...and disabling USB devices...23 Disk wiping...23 Encrypting the hard disk ...24 Configuring security audit log settings ...25 Configuring 802.1x authentication ...26 Setting up SNMP ...27 Enabling the security reset jumper ...28 Contents 3
Embedded Web Server Administrator's Guide
Page 5
... Groups-to define who has been authenticated by which functions are available to anyone who you are able to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution ...in keeping document outputs safe and confidential in today's busy environments. Authentication and Authorization Authentication is allowed to use Embedded Web Server Security Templates to control ...
... Groups-to define who has been authenticated by which functions are available to anyone who you are able to or stored on the printer, and the information security policies of security features available in the Lexmark Embedded Web Server represents an evolution ...in keeping document outputs safe and confidential in today's busy environments. Authentication and Authorization Authentication is allowed to use Embedded Web Server Security Templates to control ...
Embedded Web Server Administrator's Guide
Page 6
... not meet the needs of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication only LDAP Authentication only LDAP with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with one or more groups...restrictions. A Security Template is a profile constructed using a building block, or certain building blocks paired with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can be able to a common set using a ...
... not meet the needs of security Internal Accounts Authentication only Internal Accounts with Groups Authentication and authorization Kerberos 5 Authentication only LDAP Authentication only LDAP with Groups Authentication and authorization LDAP + GSSAPI Authentication only LDAP + GSSAPI with one or more groups...restrictions. A Security Template is a profile constructed using a building block, or certain building blocks paired with Groups Authentication and authorization Password Authorization only PIN Authorization only Each device can be able to a common set using a ...
Embedded Web Server Administrator's Guide
Page 8
... provide the information needed only by certain users. Note: When creating groups, it . 7 Click Submit. You can be assigned to more groups to provide both authentication and authorization. Each internal account building block can be used as printing, scanning, and copying-will be needed by all users, and then determine which... PIN. Using security features in the Embedded Web Server 8 6 Select Admin PIN if the PIN will be used by itself in a security template to provide authentication-level security, or in conjunction with internal accounts. 4 Type the Group Name.
... provide the information needed only by certain users. Note: When creating groups, it . 7 Click Submit. You can be assigned to more groups to provide both authentication and authorization. Each internal account building block can be used as printing, scanning, and copying-will be needed by all users, and then determine which... PIN. Using security features in the Embedded Web Server 8 6 Select Admin PIN if the PIN will be used by itself in a security template to provide authentication-level security, or in conjunction with internal accounts. 4 Type the Group Name.
Embedded Web Server Administrator's Guide
Page 9
... Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that apply to each unique LDAP configuration. • As with the authenticating server. • To help prevent unauthorized access, users are encouraged to identify each session by selecting Log out on an external server, ... ID or User ID and Password to communicate with many different kinds of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address-Select this box to make the E-mail address a required field when creating new internal accounts. •...
... Protocol (LDAP) is a standards-based, cross-platform, extensible protocol that apply to each unique LDAP configuration. • As with the authenticating server. • To help prevent unauthorized access, users are encouraged to identify each session by selecting Log out on an external server, ... ID or User ID and Password to communicate with many different kinds of multiple attributes-such as the information a user must submit when authenticating. • Require e-mail address-Select this box to make the E-mail address a required field when creating new internal accounts. •...
Embedded Web Server Administrator's Guide
Page 11
.... LDAP+GSSAPI is divided into four parts: General Information • Setup Name-This name will be used to communicate with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when creating ...security templates. • Server Address-Enter the IP Address or the Host Name of the LDAP server where the authentication will not be configured. • Supported devices can store a maximum of multiple attributes-such as cn (common name), ou (organizational unit...
.... LDAP+GSSAPI is divided into four parts: General Information • Setup Name-This name will be used to communicate with the authenticating server. • To help prevent unauthorized access, users are encouraged to securely end each particular LDAP+GSSAPI Server Setup when creating ...security templates. • Server Address-Enter the IP Address or the Host Name of the LDAP server where the authentication will not be configured. • Supported devices can store a maximum of multiple attributes-such as cn (common name), ou (organizational unit...
Embedded Web Server Administrator's Guide
Page 13
...will not be used by the Kerberos server in the Realm field 6 Click Submit to save the information as the default realm for user authentication, Kerberos 5 is functional. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...and search for a new configuration file. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to reset the fields and start again. Configuring Kerberos 5 for...
...will not be used by the Kerberos server in the Realm field 6 Click Submit to save the information as the default realm for user authentication, Kerberos 5 is functional. Uploading a Kerberos configuration file 1 From the Embedded Web Server Home screen, browse to Settings ª Security ...and search for a new configuration file. Notes: • Click Delete File to remove the Kerberos configuration file from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to reset the fields and start again. Configuring Kerberos 5 for...
Embedded Web Server Administrator's Guide
Page 14
... will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in the event of an outage that relies on the user's password....Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Setting date and time Because Kerberos servers require...
... will require configuration of additional settings under Custom Time Zone Setup. 3 If Daylight Saving Time (DST) is Microsoft's solution for enabling authentication without requiring the transmission of a user's password across a network in the event of an outage that relies on the user's password....Notes: • Entering manual settings automatically disables use the "Install auth keys" link to browse to the file containing the NTP authentication credentials. 7 Click Submit to save changes, or Reset Form to restore default values. Setting date and time Because Kerberos servers require...
Embedded Web Server Administrator's Guide
Page 15
... for example, if there is not successful, the Manage NTLM Setup screen will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. Note: If you will not be helpful if other security measures become unavailable, for the NTLM server 1 Open the Embedded Web Server home...
... for example, if there is not successful, the Manage NTLM Setup screen will display "Status....Registered." • If registration is a network communication problem, or an authentication server fails. Note: If you will not be helpful if other security measures become unavailable, for the NTLM server 1 Open the Embedded Web Server home...
Embedded Web Server Administrator's Guide
Page 16
Note: To help prevent unauthorized access, users are not authenticated), administrators can attempt login before being locked out. • Failure time frame-Specify the amount of time before lockout takes place. • Lockout time-Specify ...
Note: To help prevent unauthorized access, users are not authenticated), administrators can attempt login before being locked out. • Failure time frame-Specify the amount of time before lockout takes place. • Lockout time-Specify ...
Embedded Web Server Administrator's Guide
Page 17
...click Modify Groups, and then select one or more groups to retain previously configured values. This list will be populated with the authentication building blocks that function. 4 Click Submit to save changes, or Cancel to include in the security template. Note: Certain ...a security template from the list. 4 Edit the fields as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Users will be populated with a unique name of that have been configured on the device. Step 2: Create a security template Once ...
...click Modify Groups, and then select one or more groups to retain previously configured values. This list will be populated with the authentication building blocks that function. 4 Click Submit to save changes, or Cancel to include in the security template. Note: Certain ...a security template from the list. 4 Edit the fields as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication list, select a method for authenticating users. Users will be populated with a unique name of that have been configured on the device. Step 2: Create a security template Once ...
Embedded Web Server Administrator's Guide
Page 18
..." on page 8. Step One: Set up internal accounts" on page 7. The key to remember is located in the Settings screen for authentication, authorization, or both. Users will delete all authorized users of the device, or separate codes to protect individual functions. Using security features... in use an authentication server to grant users access to devices, Internal Accounts can be protected, and then: 1 From the Embedded Web Server Home screen,...
..." on page 8. Step One: Set up internal accounts" on page 7. The key to remember is located in the Settings screen for authentication, authorization, or both. Users will delete all authorized users of the device, or separate codes to protect individual functions. Using security features... in use an authentication server to grant users access to devices, Internal Accounts can be protected, and then: 1 From the Embedded Web Server Home screen,...
Embedded Web Server Administrator's Guide
Page 19
... Location of the Key Distribution Center (KDC) - Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with the authentication building blocks which have been configured on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - This... list will now be pulled from the drop-down the Ctrl key to use the LDAP+GSSAPI capabilities of authentication and authorization services already deployed on the device. The IP address or hostname of the Kerberos file on the device. 6 To use...
... Location of the Key Distribution Center (KDC) - Step 1: Collect information about the network Before configuring the Embedded Web Server to integrate with the authentication building blocks which have been configured on the network (if importing a krb5.conf file) • If creating a Simple Kerberos Setup: - This... list will now be pulled from the drop-down the Ctrl key to use the LDAP+GSSAPI capabilities of authentication and authorization services already deployed on the device. The IP address or hostname of the Kerberos file on the device. 6 To use...
Embedded Web Server Administrator's Guide
Page 20
...Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for user credentials during authentication (optional) • A list of up to 128 characters. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web Server Home screen,...server, which will be helpful to use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication Setup list, select the name given to your LDAP+GSSAPI setup. 6 Click Add authorization, and then select the name given to your LDAP+GSSAPI ...
...Security Templates Name field, type a unique name containing up to 32 groups stored on the LDAP server which will be searched for user credentials during authentication (optional) • A list of up to 128 characters. Step 3: Configure LDAP+GSSAPI Settings 1 From the Embedded Web Server Home screen,...server, which will be helpful to use a descriptive name, such as "Administrator _ Only", or "Common _ Functions _ Template." 5 From the Authentication Setup list, select the name given to your LDAP+GSSAPI setup. 6 Click Add authorization, and then select the name given to your LDAP+GSSAPI ...
Embedded Web Server Administrator's Guide
Page 21
... New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the drop-down...
... New. 4 Enter values in order to gain access to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. 3 For each function you want to protect, select the newly created security template from the drop-down...
Embedded Web Server Administrator's Guide
Page 25
... security audit log settings The security audit log allows administrators to monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to overwrite the oldest entries Log full behavior-Wrap over oldest entries, or E-mail log then delete E-mail % full alert...
... security audit log settings The security audit log allows administrators to monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to overwrite the oldest entries Log full behavior-Wrap over oldest entries, or E-mail log then delete E-mail % full alert...
Embedded Web Server Administrator's Guide
Page 26
... Primary SMTP Gateway Port number of seconds (5-30) the device will wait for a response from the SMTP server before changing 802.1x authentication settings. If only one certificate has been installed, default will use . Note: If using an encrypted link. 8 If your network ...out. Note: Server certificate validation is 30 seconds. 6 To receive responses to create port-based connections. Using security features in to the authentication server. • Select the Validate Server Certificate check box to require verification of failed or bounced messages), type the Reply Address . 7...
... Primary SMTP Gateway Port number of seconds (5-30) the device will wait for a response from the SMTP server before changing 802.1x authentication settings. If only one certificate has been installed, default will use . Note: If using an encrypted link. 8 If your network ...out. Note: Server certificate validation is 30 seconds. 6 To receive responses to create port-based connections. Using security features in to the authentication server. • Select the Validate Server Certificate check box to require verification of failed or bounced messages), type the Reply Address . 7...
Embedded Web Server Administrator's Guide
Page 27
...Server 27 Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version 3, you can further customize which authentication method will cause the print server to monitor network-attached devices for the SNMP Community identifier (the default community name... default values. Using security features in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication, No Privacy, or Authentication, Privacy. 6 From the SNMPv3 Authentication Hash list, select MD5 or SHA1. 7 From the SNMPv3 Privacy Algorithm list, select...
...Server 27 Setting SNMP Traps After configuring SNMP Version 1, 2c or SNMP Version 3, you can further customize which authentication method will cause the print server to monitor network-attached devices for the SNMP Community identifier (the default community name... default values. Using security features in the appropriate fields. 5 From the SNMPv3 Minimum Authentication Level list, select No Authentication, No Privacy, Authentication, No Privacy, or Authentication, Privacy. 6 From the SNMPv3 Authentication Hash list, select MD5 or SHA1. 7 From the SNMPv3 Privacy Algorithm list, select...
Embedded Web Server Administrator's Guide
Page 39
A method for securely ientifying a user. what the user is allowed to as Function Access Controls on some devices. Authentication and Authorization tools used in the Embedded Web Server. Glossary of users sharing common characteristics. A profile created and stored in... password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. Also referred to do. Glossary of Security Terms Access Controls Authentication Authorization Building Block Group Security Template Settings that control whether individual device menus, functions, and settings are available to a user, i.e.
A method for securely ientifying a user. what the user is allowed to as Function Access Controls on some devices. Authentication and Authorization tools used in the Embedded Web Server. Glossary of users sharing common characteristics. A profile created and stored in... password, PIN, Internal accounts, LDAP, LDAP+GSSAPI, Kerberos 5, and NTLM. Also referred to do. Glossary of Security Terms Access Controls Authentication Authorization Building Block Group Security Template Settings that control whether individual device menus, functions, and settings are available to a user, i.e.
Embedded Web Server Administrator's Guide
Page 40
... networks 19 printer in a public place 18 standalone or small office 18 using passwords and PINs 18 security 802.1x authentication 26 Authentication 5 Authorization 5 backup password 15 confidential printing 22 digital certificates 21 disk encryption 24 disk wiping 23 encrypting the hard ...disk 24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates ...
... networks 19 printer in a public place 18 standalone or small office 18 using passwords and PINs 18 security 802.1x authentication 26 Authentication 5 Authorization 5 backup password 15 confidential printing 22 digital certificates 21 disk encryption 24 disk wiping 23 encrypting the hard ...disk 24 groups 6 internal accounts 8 Kerberos authentication 13 LDAP authentication 9 LDAP+GSSAPI authentication 11 login restrictions 16 NTLM authentication 14 password 7 PIN 7 reset jumper on motherboard 28 security audit log 25 security templates ...