Lexmark C4342 Security White Paper - Page 28

Access controls

Get Lexmark C4342 PDF manuals and user guides View all Lexmark C4342 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 28 highlights

Secure Access 28 Details The process of authenticating users is flexible. Lexmark devices can use various internal authentication mechanisms and network directory authentication mechanisms and protocols to validate user credentials. Lexmark devices can be set up to use device internal accounts, device passwords, device PINs, LDAP (with or without TLS), Kerberos, and LDAP+GSSAP for authenticating users. Support for a wide array of authentication protocols means that the device user authentication function is compatible with an array of network environments, including Microsoft Active Directory, Novell eDirectory, and other directory environments that support LDAP. Secure user authentication protocols, such as LDAP with TLS configured, Kerberos, and LDAP+GSSAPI to protect users' credentials during the authentication process. The device manages authentication and authorization with one, or more, of the following methods: • PIN or Panel PIN Protect • Password or Web Page Password Protect • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used only with LDAP+GSSAPI) • Active Directory To provide low-level security, you can use either PIN and Password or Panel PIN Protect and Web Page Password Protect for some printer models, by limiting access to a printer-or specific functions of a printer-to anyone who knows the correct code. This type of security might be appropriate if a printer is located in the lobby or other public areas of a business so that only the employees who know the password or PIN can use the printer. Because anyone who enters the correct password or PIN receives the same privileges and users cannot be individually identified, passwords and PINs are considered less secure than other building blocks that require you to be identified, or both be identified and authorized. Note: The default settings do not contain any authentication or authorization building blocks, which means that everyone has unrestricted access to the Embedded Web Server. Access controls Access controls limit users access to functions, applications, and printer management. Note: Some access controls are available only in some printer models. When the device is first powered on, only a "Guest" account exists, which is a user who is not logged into the device. This user is granted access to all access controls that are selected in the Security - Public (Manage Permissions) section. When a user "opts-in" to Secure by Default during the initial setup wizard, certain Administrative Menus and Device Management access controls are deselected from the Public (Manage Permissions) section. For more details, see "Lexmark Secure by Default" on page 11. Access to device functions and menus can be set by the selection of a permission for that respective access control. For more information regarding access controls, please see, Embedded Web Server - Security Guide for your particular device, at https://support.lexmark.com. Examples of Function Access that can be controlled are: • Copy Function • E-mail Function

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
Details
The process of authenticating users is flexible. Lexmark devices can use various internal authentication
mechanisms and network directory authentication mechanisms and protocols to validate user credentials.
Lexmark devices can be set up to use device internal accounts, device passwords, device PINs, LDAP (with or
without TLS), Kerberos, and LDAP+GSSAP for authenticating users.
Support for a wide array of authentication protocols means that the device user authentication function is
compatible with an array of network environments, including Microsoft Active Directory, Novell eDirectory, and
other directory environments that support LDAP. Secure user authentication protocols, such as LDAP with TLS
configured, Kerberos, and LDAP+GSSAPI to protect users’ credentials during the authentication process.
The device manages authentication and authorization with one, or more, of the following methods:
PIN or Panel PIN Protect
Password or Web Page Password Protect
Internal accounts
LDAP
LDAP+GSSAPI
Kerberos 5 (used only with LDAP+GSSAPI)
Active Directory
To provide low-level security, you can use either PIN and Password or Panel PIN Protect and Web Page Password
Protect for some printer models, by limiting access to a printer—or specific functions of a printer—to anyone
who knows the correct code. This type of security might be appropriate if a printer is located in the lobby or
other public areas of a business so that only the employees who know the password or PIN can use the printer.
Because anyone who enters the correct password or PIN receives the same privileges and users cannot be
individually identified, passwords and PINs are considered less secure than other building blocks that require
you to be identified, or both be identified and authorized.
Note:
The default settings do not contain any authentication or authorization building blocks, which means
that everyone has unrestricted access to the Embedded Web Server.
Access controls
Access controls limit users access to functions, applications, and printer management.
Note:
Some access controls are available only in some printer models.
When the device is first powered on, only a “Guest” account exists, which is a user who is not logged into the
device. This user is granted access to all access controls that are selected in the Security – Public (Manage
Permissions) section.
When a user “opts-in” to Secure by Default during the initial setup wizard, certain Administrative Menus and
Device Management access controls are deselected from the Public (Manage Permissions) section. For more
details, see
“Lexmark Secure by Default” on page
11
.
Access to device functions and menus can be set by the selection of a permission for that respective access
control. For more information regarding access controls, please see,
Embedded Web Server - Security Guide
for your particular device, at
.
Examples of Function Access that can be controlled are:
Copy Function
E-mail Function
Secure Access
28