Konica Minolta bizhub PRO 950 bizhub PRO 950 Security User Guide - Page 77

Result = OK/NG, ation on the document in the personal box or secure box was made by a le - specifications

Get Konica Minolta bizhub PRO 950 PDF manuals and user guides View all Konica Minolta bizhub PRO 950 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 77 highlights

Administrator Security Functions 5 Specify unauthorized actions: password authentication If logs have NG as the result of password authentication (action: 01, 02, 11, 16), items protected by passwords may have been attacked. - Failed password authentication (NG) log entries specify who made the operation, and show if unauthorized actions were made when password authentication failed. - Even if password authentication succeeded (OK), it shows whether a legitimate user created the action. You need to check carefully when successful authentication occurs after series of failures especially during times other than normal operating hours. Specify unauthorized actions: actions other than password authentication under security All operation results other than password authentication will be indicated as successful (OK), so determine if there were any unauthorized actions by ID and action. - Since you cannot specify what was attacked only with an ID, you need to see the action and the table on the previous page to determine whether unauthorized actions were made on a personal box or secure box. - Check the time, and see if the user who operated the specific subject made any unauthorized actions. (Example) If a document saved in a box was printed using fraudulent authorization, the following audit log entry will be created. 1. Password authentication for the box: Action = 11 ID = Box that authentication was made Result = OK/NG 2. Access to the document in the box: Action = 13 ID = Box that authentication was made Check the date and time the above operation occurred, and see if the operation on the document in the personal box or secure box was made by a legitimate box user. Actions to take if unauthorized operations are found - If it's found that a password has been leaked after analyzing the audit log, change the password immediately. - It's possible that a password may have been tampered with and legiti- mate users cannot access a box. The administrator must contact the user to confirm the situation, and if that's the case, the administrator must change the password and delete the data saved in the box. - If you cannot find documents that should be in a box or if you find a document with changed content, unauthorized actions may have occurred. Similar countermeasures are needed. bizhub PRO 950 69

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
Administrator Security Functions
5
bizhub PRO 950
69
Specify unauthorized actions: password authentication
If logs have NG as the result of password authentication (action: 01, 02, 11,
16), items protected by passwords may have been attacked.
-
Failed password authentication (NG) log entries specify who made the
operation, and show if unauthorized actions were made when password
authentication failed.
-
Even if password authentication succeeded (OK), it shows whether a le-
gitimate user created the action. You need to check carefully when suc-
cessful authentication occurs after series of failures especially during
times other than normal operating hours.
Specify unauthorized actions: actions other than password authentica-
tion under security
All operation results other than password authentication will be indicated as
successful (OK), so determine if there were any unauthorized actions by ID
and action.
-
Since you cannot specify what was attacked only with an ID, you need to
see the action and the table on the previous page to determine whether
unauthorized actions were made on a personal box or secure box.
-
Check the time, and see if the user who operated the specific subject
made any unauthorized actions.
(Example)
If a document saved in a box was printed using fraudulent authorization, the
following audit log entry will be created.
1.
Password authentication for the box:
Action = 11
ID = Box that authentication was made
Result = OK/NG
2.
Access to the document in the box:
Action = 13
ID = Box that authentication was made
Check the date and time the above operation occurred, and see if the oper-
ation on the document in the personal box or secure box was made by a le-
gitimate box user.
Actions to take if unauthorized operations are found
-
If it’s found that a password has been leaked after analyzing the audit log,
change the password immediately.
-
It’s possible that a password may have been tampered with and legiti-
mate users cannot access a box. The administrator must contact the
user to confirm the situation, and if that’s the case, the administrator
must change the password and delete the data saved in the box.
-
If you cannot find documents that should be in a box or if you find a doc-
ument with changed content, unauthorized actions may have occurred.
Similar countermeasures are needed.