Konica Minolta bizhub PRO 951 bizhub PRO 951 Security User Guide - Page 62

2.5 Administrator Security Functions 2 No. Operation 14 Delete file Delete document data 15 Change file attribute 16 Password authentication for secure print 17 Access to secure print file 18 Delete secure print file 19 Change HDD lock password Audit ID User ID User ID Secure user ID Secure user ID Secure user ID Administrator ID Stored action 14 Result OK 15 OK 16 OK/NG 17 OK 18 OK 19 OK *1: Audit log ID will be saved as user ID when user authentication is successfully made, or when password inconformity occurs with a registered user name. *2: Audit log ID will be saved as unregistered user ID when authentication failure occurs with an unregistered user name. The purpose of analyzing the audit log is to understand the following and implement countermeasures: - Whether or not data was accessed or tampered with - Subject of attack - Details of attack - Result of attack For specific analysis methods, see the following description. Specifying unauthorized actions: password authentication If logs have NG as the result of password authentication (action: 01, 02, 11), items protected by passwords may have been attacked. - Failed password authentication (NG) log entries specify who made the operation, and show if unauthor- ized actions were made when password authentication failed. - Even if password authentication succeeded (OK), you may need to check whether a legitimate user cre- ated the action. Careful check is recommended especially when successful authentication occurs after series of failures, or for those made during times other than normal operating hours. Specifying unauthorized actions: actions other than password authentication Since all operation results other than password authentication are indicated as successful (OK), use ID and action to determine if any unauthorized actions were made. - Since you cannot identify what was attacked only with an ID, you need to refer to the correspondence table of actions on the previous page to determine whether unauthorized actions were made on a personal box or secure box. - Check the time of operation, and see if the user who operated the specific subject made any unauthorized actions. For example: If a document saved in a box is printed with fraudulent authentication, the following audit log entry will be created. 1. Password authentication to the box: action = 11 id = Box for which the authentication was performed result = OK/NG 2. Access to the document in the box: action = 13 id = Box for which the authentication was performed Check the date and time of the operation, and see if the user who operated on documents in the specific personal/secure box was a legitimate owner of the box. bizhub PRO 951 2-53