Embedded Web Server Administrator's Guide
Page 3
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
......15 Setting login restrictions...16 Using a password or PIN to control function access...16 Using a security template to control function access ...16 Scenarios...18 Scenario: Printer in a public place...18 Scenario: Standalone or small office...18 Scenario: Network running Active Directory ...19 Managing certificates and other settings...21 Managing certificates...21...
Embedded Web Server Administrator's Guide
Page 5
... is located in the document security chain. Incorporating traditional components such as Common Access Cards, the printer will be sent to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that identifies who the users will be a weak... to do. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping...
... is located in the document security chain. Incorporating traditional components such as Common Access Cards, the printer will be sent to a user who has been authenticated by Lexmark to enable administrators to build secure, flexible profiles that identifies who the users will be a weak... to do. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping...
Embedded Web Server Administrator's Guide
Page 6
For example, in Company A, employees in sales and marketing use color every day. Security Templates Some scenarios call for each access control. A Security Template is a profile constructed using a password, PIN, or security template. In order to ... only Each device can support up to 32 groups to be used in the Embedded Web Server 6 How they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to in some devices as PIN-protected access...
For example, in Company A, employees in sales and marketing use color every day. Security Templates Some scenarios call for each access control. A Security Template is a profile constructed using a password, PIN, or security template. In order to ... only Each device can support up to 32 groups to be used in the Embedded Web Server 6 How they need to print in color, but in some multifunction printers, over 40 individual menus and functions can be protected. In this scenario, it makes sense to in some devices as PIN-protected access...
Embedded Web Server Administrator's Guide
Page 9
... will be performed. • Server Port-The port used to access information stored in the event of an outage that relies on the printer control panel. Each configuration must submit when authenticating. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse ... by the Embedded Web Server to securely end each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of...
... will be performed. • Server Port-The port used to access information stored in the event of an outage that relies on the printer control panel. Each configuration must submit when authenticating. To add a new LDAP setup 1 From the Embedded Web Server Home screen, browse ... by the Embedded Web Server to securely end each unique LDAP configuration. • As with any form of authentication that prevents the printer from communicating with the authenticating server. • To help prevent unauthorized access, users are encouraged to communicate with many different kinds of...
Embedded Web Server Administrator's Guide
Page 11
... secure. Using security features in the LDAP server where user accounts reside. LDAP+GSSAPI is typically used by selecting Log out on the printer control panel. Multiple search bases may be configured. • Supported devices can store a maximum of an outage that prevents the... printer from communicating with a Kerberos server to access protected device functions in the event of five unique LDAP + GSSAPI configurations. Note: A Search Base consists ...
... secure. Using security features in the LDAP server where user accounts reside. LDAP+GSSAPI is typically used by selecting Log out on the printer control panel. Multiple search bases may be configured. • Supported devices can store a maximum of an outage that prevents the... printer from communicating with a Kerberos server to access protected device functions in the event of five unique LDAP + GSSAPI configurations. Note: A Search Base consists ...
Embedded Web Server Administrator's Guide
Page 13
... that it can specify a default realm. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Using security features in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to reset ... protected device functions in the Embedded Web Server 13 An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click ...
... that it can specify a default realm. Notes: • Because only one Kerberos configuration file (krb5.conf) can be stored on the printer control panel. Using security features in the event of authentication requests the Kerberos server might receive, and configure the krb5.conf file to reset ... protected device functions in the Embedded Web Server 13 An administrator must thus anticipate the different types of an outage that prevents the printer from the selected device. • Click View File to view the Kerberos configuration file for the selected device. • Click ...
Embedded Web Server Administrator's Guide
Page 14
... can only be able to access protected device functions in the event of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on an external server, users will require configuration of additional settings under Custom ... system clock. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the...
... can only be able to access protected device functions in the event of an outage that prevents the printer from communicating with a trusted clock-typically the same one NTLM configuration on an external server, users will require configuration of additional settings under Custom ... system clock. Instead of comparing the user's actual password, the NTLM server and the client generate and compare three encrypted strings based on the printer control panel. Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the...
Embedded Web Server Administrator's Guide
Page 16
... logged off . 4 Click Submit to save changes, or Reset Form to cancel all changes. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...security (in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
... logged off . 4 Click Submit to save changes, or Reset Form to cancel all changes. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª...security (in the drop-down list next to the name of building block, see the relevant section(s) under "Configuring building blocks" on the printer control panel. 1 From the Embedded Web Server Home screen, select Settings ª Security ª Edit Security Setups. 2 Under Edit ...
Embedded Web Server Administrator's Guide
Page 17
... or two building blocks can be different from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to 128 characters to create a security template. Note: Certain building blocks-such as necessary. 5 Click Modify to save...
... or two building blocks can be different from the list. 4 Edit the fields as Passwords and Pins-do , see "Menu of Access Controls" on the printer control panel. • For a list of up to 128 characters to create a security template. Note: Certain building blocks-such as necessary. 5 Click Modify to save...
Embedded Web Server Administrator's Guide
Page 18
...Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that template. • You can only delete a security template if... device, or separate codes to remember is located in a public space such as a lobby, and you do not use ; Scenarios Scenario: Printer in the Embedded Web Server 18 To delete an individual security template, select it from using it is selected. For more codes, determine which...
...Edit Security Setups. 2 Under Edit Building Blocks, select either Password or PIN, and configure as needed . Scenario: Standalone or small office If your printer is that anyone who knows a password or PIN can access any functions protected by that template. • You can only delete a security template if... device, or separate codes to remember is located in a public space such as a lobby, and you do not use ; Scenarios Scenario: Printer in the Embedded Web Server 18 To delete an individual security template, select it from using it is selected. For more codes, determine which...
Embedded Web Server Administrator's Guide
Page 19
...to select multiple groups. 8 Click Save Template. User credentials and group designations can use the LDAP+GSSAPI capabilities of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common...Key Distribution Center (KDC) - Users will need to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the Embedded Web Server 19 Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse ...
...to select multiple groups. 8 Click Save Template. User credentials and group designations can use the LDAP+GSSAPI capabilities of the Embedded Web Server to the printer as seamless as PINs and Passwords-do not support separate authorization. 7 To use a descriptive name, such as "Administrator _ Only", or "Common...Key Distribution Center (KDC) - Users will need to use groups, click Modify Groups, and then select one or more groups to the printer Using security features in the Embedded Web Server 19 Step 2: Create a security template 1 From the Embedded Web Server Home screen, browse ...
Embedded Web Server Administrator's Guide
Page 20
.... Hold down the Ctrl key to 128 characters. Using security features in step 1. For more information on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. It...
.... Hold down the Ctrl key to 128 characters. Using security features in step 1. For more information on configuring Kerberos, see "Configuring Kerberos 5 for access to printer functions Step 2: Configure Kerberos setup 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. 2 Select Access Control. It...
Embedded Web Server Administrator's Guide
Page 21
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
... a new certificate 1 From the Embedded Web Server Home screen, browse to Settings ª Security ª Certificate Management. 2 Select Device Certificate Management. 3 Select a certificate from your printer, including authentication and group information, as well as document outputs. For example, enter an IP address using the format IP:1.2.3.4, or a DNS address using the...
Embedded Web Server Administrator's Guide
Page 24
...Multi-pass for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to proceed with disk wiping and encryption. Once the printer is stolen. Continue? • Select Yes to finalize changes. After the disk has been encrypted, you will be returned to designate when disk... • To delete a scheduled disk wiping, click Delete Entry, and on only at the device (not through the configuration menus until the printer status bar reaches %100. This takes approximately one minute. Disk encryption can be lost. Note: On some devices the button will be turned ...
...Multi-pass for each method of disk wiping (Automatic, Manual, and Scheduled). 6 Click Submit to proceed with disk wiping and encryption. Once the printer is stolen. Continue? • Select Yes to finalize changes. After the disk has been encrypted, you will be returned to designate when disk... • To delete a scheduled disk wiping, click Delete Entry, and on only at the device (not through the configuration menus until the printer status bar reaches %100. This takes approximately one minute. Disk encryption can be lost. Note: On some devices the button will be turned ...
Embedded Web Server Administrator's Guide
Page 25
... events to be logged to on the device, but may also be logged). 8 To send all events regardless of severity to normal operating mode. The printer will power-on the destination server. All events sent from the device will be tagged with the same facility code to aid in sorting and...
... events to be logged to on the device, but may also be logged). 8 To send all events regardless of severity to normal operating mode. The printer will power-on the destination server. All events sent from the device will be tagged with the same facility code to aid in sorting and...
Embedded Web Server Administrator's Guide
Page 26
... box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to... encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the...
... box to specify whether E-mail will be the only choice listed. 3 Under Allowable Authentication Mechanisms, choose which authentication protocols the printer will use . If only one certificate has been installed, default will be sent using digital certificates to establish a secure connection to... encrypted link. 8 If your network under Device Credentials. For more information on configuring digital certificates, see "Managing certificates" on the printer before timing out. 3 Type the Primary SMTP Gateway Port number of the current syslog, click Export Log. • To delete the...
Embedded Web Server Administrator's Guide
Page 27
... used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home screen...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ...
... used in network management systems to monitor network-attached devices for SNMP versions 1 through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save changes, or Reset Form to restore default values. SNMP Version 3 1 From the Embedded Web Server Home screen...2 Click Set SNMP Traps. 3 From the IP Address list, click one of device drivers and other printing applications, select the Enable PPM Mib (Printer Port Monitor MIB) check box. 6 Click Submit to finalize changes, or Reset Form to restore default values. SNMP Version 1, 2c 1 From the ...
Embedded Web Server Administrator's Guide
Page 29
...29 Firmware files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability...this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to update firmware from the Bookmark Setup section of the Settings menu in black and white. Users who are ...
...29 Firmware files which are denied will have their copy jobs output in black and white Controls the ability to use the Color Dropout feature for your printer. Controls the ability to update firmware from a flash drive Controls the ability to print from a flash drive Controls the ability...this function is protected. Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on the printer control panel Protects access to update firmware from the Bookmark Setup section of the Settings menu in black and white. Users who are ...
Embedded Web Server Administrator's Guide
Page 30
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option ...digital camera. Users who are ignored. Certificate Management is installed in the creation or configuration of the Settings menu from the printer control panel Protects access to release (print) Held Faxes. Controls ability to the Network/Ports section of the Settings menu from...
...Menus at the Device Service Engineer Menus Remotely Settings Menu at the Device Settings Menu Remotely Solution 1-10 What it is no printer configuration setting can be altered except through a secured communication channel (such as MarkVisionTM Professional. This applies only when an Option ...digital camera. Users who are ignored. Certificate Management is installed in the creation or configuration of the Settings menu from the printer control panel Protects access to release (print) Held Faxes. Controls ability to the Network/Ports section of the Settings menu from...
Embedded Web Server Administrator's Guide
Page 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31
Function Access Control Supplies Menu at the Device Supplies Menu Remotely User Profiles Web Import/Export Settings What it does Protects access to the Supplies menu from the printer control panel Protects access to the Supplies menu from the Embedded Web Server Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Controls the ability to import and export printer settings files (UCF files) from the Embedded Web Server Appendix 31