Konica Minolta bizhub PRO C754e bizhub C754e/C654e Security Operations User Gu - Page 11

bizhub C754e/C654e

1-7

1.3

Precautions for Operation Control

1

1.3

Precautions for Operation Control

This machine and the data handled by this machine should be used in an office environment that meets the

following conditions. The machine must be controlled for its operation under the following conditions to pro-

tect the data that should be protected.

Roles of the Owner of the Machine

The owner (an individual or an organization) of the machine should take full responsibility for controlling the

machine, thereby ensuring that no improper operations are performed.

-

The owner of the machine should have the administrator of the machine recognize the organizational

security policy and procedure, educate him or her to comply with the guidance and documents pre-

pared by the manufacturer, and allow time for him or her to acquire required ability. The owner of the

machine should also operate and manage the machine so that the administrator of the machine can

configure and operate the machine appropriately according to the policy and procedure.

-

The owner of the machine should have users of the machine recognize the organizational security policy

and procedure, educate them to follow the policy and procedure, and operate and manage the machine

so that the users acquire the required ability.

-

The owner of the machine should vest the user with authority to use the machine according to the or-

ganizational security policy and procedure.

-

The owner of the machine should operate and manage the machine so that the administrator of the ma-

chine checks the Job Log (Audit Log) data at appropriate timing to thereby determine whether a security

compromise or a faulty condition has occurred during an operating period.

-

If the Job Log (Audit Log) data is to be exported to another product, the owner of the machine should

ensure that only the administrator of the machine performs the task. The owner of the machine should

also operate and manage the machine so that the Job Log (Audit Log) data is not illegally accessed,

deleted, or altered.

Roles and Requirements of the Administrator of the machine

The administrator of the machine should take full responsibility for controlling the machine, thereby ensuring

that no improper operations are performed.

-

A person who is capable of taking full responsibility for controlling the machine should be appointed as

the administrator of the machine to make sure that no improper operations are performed.

-

When using an SMTP server (mail server) or an DNS server, each server should be appropriately man-

aged by the administrator and should be periodically checked to confirm that settings have not been

changed without permission.

Password Usage Requirements

The administrator must control the Administrator Password, Encryption Key, auth-password, priv-Password,

and WebDAV Server Password appropriately so that they may not be leaked. These passwords should not

be ones that can be easily guessed. The user, on the other hand, should control the User Box Password,

Secure Print Password, and User Password appropriately so that they may not be leaked. Again, these pass-

words should not be ones that can be easily guessed. For the Public User Box shared among a number of

users, the User Box Password should be appropriately controlled so that it may not be leaked to anyone who

is not the user of the Public User Box.

<To Achieve Effective Security>

-

Make absolutely sure that only the administrator knows the Administrator Password, Encryption Key,

auth-password, priv-Password, and WebDAV Server Password.

-

The administrator must change the Administrator Password, Encryption Key, auth-password, priv-

Password, and WebDAV Server Password at regular intervals.

-

The administrator should make sure that any number that can easily be guessed from birthdays, em-

ployee identification numbers, and the like is not set for the Administrator Password, Account Pass-

word, Encryption Key, auth-password, priv-Password, and WebDAV Server Password.

-

If a User Password or User Box Password has been changed, the administrator should have the corre-

sponding user change the password as soon as possible.

-

The administrator should change the Account Password set for each account at regular intervals and,

should one be changed, he or she should immediately inform users who implement Account Track of

the new Account Password.

-

If the Administrator Password has been changed by the Service Engineer, the administrator should

change the Administrator Password as soon as possible.

Section	Page
Contents	2
1 Security	6
1.1 Introduction	6
Compliance with the ISO15408 Standard	6
Operating Precautions	6
INSTALLATION CHECKLIST	7
1.2 Security Functions	9
Check Count Clear Conditions	9
1.3 Precautions for Operation Control	11
Roles of the Owner of the Machine	11
Roles and Requirements of the Administrator of the machine	11
Password Usage Requirements	11
User information control server control requirements	12
Security function operation setting operating requirements	12
Operation and control of the machine	12
Machine Maintenance Control	14
1.4 Miscellaneous	15
Password Rules	15
Precautions for Use of Various Types of Applications	16
Encrypting communications	16
Print functions	17
IPP printing	17
Items of Data Cleared by Overwrite All Data Function	18
Fax functions	18
USB keyboard	18
Different types of boxes	19
Hardware and software used in the machine	19
Firmware integrity verification function	19
IPsec setting	20
CS Remote Care function	20
Terminating a Session and Logging out	20
Authentication error during external server authentication	20
2 Administrator Operations	22
2.1 Accessing the Administrator Settings	22
2.1.1 Accessing the Administrator Settings	22
2.1.2 Accessing the User Mode	24
2.2 Enhancing the Security Function	28
2.2.1 Items cleared by HDD Format	30
2.2.2 Setting the Password Rules	31
2.2.3 Setting the Enhanced Security Mode	33
2.3 Preventing Unauthorized Access	36
Setting Prohibited Functions When Authentication Error	36
2.4 Canceling the Operation Prohibited State	38
Performing Release Setting	38
2.5 Setting the Authentication Method	40
2.5.1 Setting the Authentication Method	40
2.5.2 Setting the External Server	43
2.6 ID & Print Setting Function	46
Setting ID & Print	46
2.7 System Auto Reset Function	48
Setting the System Auto Reset function	48
2.8 User Setting Function	50
Making user setting	50
2.9 Account Track Setting Function	56
Making account setting	56
2.10 User Box Function	61
2.10.1 Setting the User Box	61
2.10.2 Changing the user/account attributes and box password	67
2.10.3 Setting Memory RX	72
2.11 Changing the Administrator Password	75
Changing the Administrator Password	75
2.12 Protecting Data in the HDD	78
2.12.1 Setting the Encryption Key (encryption word)	78
2.12.2 Changing the Encryption Key	82
2.12.3 Setting the Overwrite HDD Data	84
2.13 Overwrite All Data Function	86
Setting the Overwrite All Data function	86
2.14 Obtaining Job Log	88
2.14.1 Obtaining and deleting a Job Log	88
2.14.2 Downloading the Job Log data	90
Job Log data	92
2.15 Setting time/date in machine	99
2.15.1 Setting time/date	99
2.15.2 Setting daylight saving time	102
2.16 SSL Setting Function	104
2.16.1 Device Certificate Setting	104
2.16.2 SSL Setting	106
2.16.3 Removing a Certificate	107
2.17 S/MIME Communication Setting Function	108
2.17.1 Setting the S/MIME Communication	108
2.17.2 Registering the certificate	111
2.18 SNMP Setting Function	113
2.18.1 Changing the auth-password and priv-password	113
2.18.2 SNMP access authentication function	119
2.18.3 SNMP v3 setting function	119
2.18.4 SNMP network setting function	119
2.19 WebDAV Function	120
Setting the WebDAV Server Password	120
2.20 TCP/IP Setting Function	123
2.20.1 Setting the IP Address	123
2.20.2 Registering the DNS Server	124
2.21 AppleTalk Setting Function	125
Making the AppleTalk Setting	125
2.22 E-Mail Setting Function	126
Setting the SMTP Server (E-Mail Server)	126
3 User Operations	128
3.1 User Authentication Function	128
3.1.1 Performing user authentication	128
3.1.2 Accessing the ID & Print Document	134
3.2 Change Password Function	136
Performing Change Password	136
3.3 Secure Print Function	139
Accessing the Secure Print Document	139
3.4 User Box Function	143
3.4.1 Setting the User Box	143
3.4.2 Changing the user/account attributes and box password	149
3.4.3 Accessing the User Box and User Box file	156
3.4.4 Sending S/MIME box files	160
4 Application Software	163
4.1 PageScope Data Administrator	163
4.1.1 Accessing from PageScope Data Administrator	163
4.1.2 Setting the user authentication method	166
4.1.3 Changing the authentication mode	168
4.1.4 Making the user settings	171
4.1.5 Making the account settings	172
4.1.6 Registering the certificate	173
4.1.7 DNS Server Setting Function	175
4.1.8 AppleTalk Setting Function	176

Konica Minolta bizhub PRO C754e bizhub C754e/C654e Security Operations User Gu - Page 11

Precautions for Operation Control, Roles of the Owner of the Machine

Page 11 highlights