Lexmark C4352 Security White Paper - Page 18

SNMPv3, Secure Password Reset

Get Lexmark C4352 PDF manuals and user guides View all Lexmark C4352 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Secure Remote Management 18 SNMPv3 Overview SNMP (Simple Network Management Protocol) provides another means to remotely configure Lexmark devices. Because SNMP can be used to both view and modify device settings, the basic security questions of how to control its use and how to protect the associated network traffic when it is used are relevant. Lexmark devices support the latest version of SNMP (currently SNMPv3). They also support SNMPv1 and v2 for backward compatibility. The standard protocol includes support for authentication and data encryption. Benefits With support for SNMPv3, Lexmark devices can be managed securely with standard SNMP console applications. There are two important elements to the security provided by SNMPv3: • With authentication, authorized systems can see and manage devices through SNMPv3 while shutting out unauthorized systems. • Encryption of the SNMPv3 packets protects the information from being detected while on the network, or more accurately, the detected data is useless because it is encrypted. Details Lexmark solutions-capable devices support SNMPv3. This protocol features extensive security capabilities, including the authentication and data encryption components for the secure remote management of a device. SNMPv1 and SNMPv2 are also supported. Using the authentication features of SNMPv3, Lexmark devices can refute SNMPv3 traffic unless the requests are preceded by valid digital signatures, such as MD5 and SHA1. The device supports two SNMPv3 accounts. Authenticating against one yields the ability to read the device's settings but not write them; authenticating against the other provides the right to read and write the device's settings. Support for data privacy in SNMPv3 means that the device and SNMP client can use an encryption algorithm (DES, or AES with 128-, 192-, or 256bit keys) to encrypt the SNMPv3 traffic. Like other mechanisms for managing devices, SNMP can be disabled. If the protocol is not used in a particular environment, it can-and should be-turned off entirely. Note: In order to utilize SNMPv3 securely, you need to disable SNMPv1 and v2, type a user name and password, and select the minimum authentication level to "Authentication, Privacy." Secure Password Reset Overview With the security reset feature, you can recover a device that is locked down through the use of one of the device's various authentication mechanisms. This feature can also be used if the administrator's password is lost or forgotten or the device loses network connectivity. You can use a cable lock to ensure that this is not reset maliciously. Benefits Provides a two-way method to recover a device if a local password is lost or forgotten, or if the device loses its ability to communicate with the network.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
SNMPv3
Overview
SNMP (Simple Network Management Protocol) provides another means to remotely configure Lexmark devices.
Because SNMP can be used to both view and modify device settings, the basic security questions of how to
control its use and how to protect the associated network traffic when it is used are relevant. Lexmark devices
support the latest version of SNMP (currently SNMPv3). They also support SNMPv1 and v2 for backward
compatibility. The standard protocol includes support for authentication and data encryption.
Benefits
With support for SNMPv3, Lexmark devices can be managed securely with standard SNMP console applications.
There are two important elements to the security provided by SNMPv3:
With authentication, authorized systems can see and manage devices through SNMPv3 while shutting out
unauthorized systems.
Encryption of the SNMPv3 packets protects the information from being detected while on the network, or
more accurately, the detected data is useless because it is encrypted.
Details
Lexmark solutions-capable devices support SNMPv3. This protocol features extensive security capabilities,
including the authentication and data encryption components for the secure remote management of a device.
SNMPv1 and SNMPv2 are also supported.
Using the authentication features of SNMPv3, Lexmark devices can refute SNMPv3 traffic unless the requests
are preceded by valid digital signatures, such as MD5 and SHA1. The device supports two SNMPv3 accounts.
Authenticating against one yields the ability to read the device’s settings but not write them; authenticating
against the other provides the right to read and write the device’s settings. Support for data privacy in SNMPv3
means that the device and SNMP client can use an encryption algorithm (DES, or AES with 128-, 192-, or 256-
bit keys) to encrypt the SNMPv3 traffic. Like other mechanisms for managing devices, SNMP can be disabled.
If the protocol is not used in a particular environment, it can—and should be—turned off entirely.
Note:
In order to utilize SNMPv3 securely, you need to disable SNMPv1 and v2, type a user name and
password, and select the minimum authentication level to “Authentication, Privacy.”
Secure Password Reset
Overview
With the security reset feature, you can recover a device that is locked down through the use of one of the
device’s various authentication mechanisms. This feature can also be used if the administrator’s password is
lost or forgotten or the device loses network connectivity. You can use a cable lock to ensure that this is not
reset maliciously.
Benefits
Provides a two-way method to recover a device if a local password is lost or forgotten, or if the device loses its
ability to communicate with the network.
Secure Remote Management
18