Lexmark C4342 Security White Paper - Page 33

Secure Access 33 Benefits • Devices can be secured with a simple method so that during off hours, scanning and printing operations are not permitted. • Jobs printed to a locked device cannot be stolen from the output bin. Details The control panel lock is configured by creating an authentication building block and applying it against the control panel's Lock function access control through the device's Embedded Web Server. Depending on the type of authentication building block and the security template that is applied to this function access control, you can enter a device PIN, a device password or network credentials to lock or unlock the device at its control panel. This feature requires the installation of a hard disk. When a device is locked, the control panel does not allow any interaction other than specifying the appropriate credentials to unlock it. While locked, incoming print jobs and faxes are not printed, but stored in the device's hard disk. If hard disk encryption is enabled, then jobs stored in the hard disk are encrypted. When the device is unlocked, jobs received during the locked period are printed. Any confidential print jobs received during the locked period are not printed, but they are available through the typical "confidential print job" interface on the device's control panel. Confidential Print Overview The Confidential Print feature addresses the basic concern of printed pages left on the device for anyone to pick up. With Confidential Print, the device securely holds submitted jobs until the intended recipient is present at the device and enters the proper PIN code on the device's control panel. Benefits • Ensures that jobs are only printed when the authorized recipient is at the device • Operates whether or not the device is equipped with a hard disk Details Lexmark device drivers can be directed to submit confidential print jobs by specifying a confidential four-digit print PIN. This is a standard feature on Lexmark devices and drivers. When a device receives a confidential print job, the data stream is stored in the device's random access memory (RAM) or in the device's hard disk. Jobs stored in the device's RAM are deleted if the device is turned off. Jobs stored in RAM can also be deleted automatically by the device if a memory shortage is encountered. For these reasons, it is strongly recommended that a hard disk be installed if the Confidential Print function is to be used extensively. When a hard disk is present, jobs are retained across power cycles of devices, greatly increasing the number of jobs that can be held by Lexmark devices. Jobs buffered to a device's hard disk can leverage the security of hard disk encryption. Buffered data on an encrypted hard disk cannot be processed if that hard disk is moved to another device. Furthermore, the hard disk itself cannot be used by another device without being reformatted. For additional security, setting a maximum number of retries on PINs prevents brute-force attempts to guess PINs. If a PIN is entered incorrectly after the specified number of times, the corresponding print jobs are deleted. Additionally, with the Job Expiration feature, your jobs can be automatically deleted from the device after a specified time interval, ranging from one hour to one week.