Lexmark C4352 Security White Paper - Page 24

Secure Network Time Protocol, Fax and Network Separation

Get Lexmark C4352 PDF manuals and user guides View all Lexmark C4352 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

Secure Network Interfaces 24 In certificate mode, Lexmark devices can be configured to establish a secure IPsec connection with up to five other systems or subnets. In this configuration, printers and MFPs can exchange data securely with a large number of systems, and the process can be integrated with a PKI or CA infrastructure. The use of certificates provides a more robust and scalable solution, without the burden of configuring or managing keys or passphrases. Lexmark devices can store and apply two certificates for use with IPsec. Each device includes a self-signed certificate that can be replaced with a certificate signed by a CA. This certificate can be generated from scratch, or it can be generated with the Base64-encoded PKCS file that is embedded in a printer or MFP and available through its web interface. With this certificate generation, a device identity can be validated by other systems in the CA environment. Also, the device can store the CA certificate as a trusted root CA certificate so that it can validate the identity of other systems in the CA environment. Secure Network Time Protocol Overview Network Time Protocol (NTP) provides devices with a common time source to keep them synchronized with the correct date and time so they can successfully use any authentication method that requires accurate time. To ensure that the date and time are being delivered only from an approved authenticated time source, Secure NTP is also supported. Benefits Secure NTP provides the capability for devices on the network to obtain their time from an authenticated, secured source. Details Lexmark devices support the use of Secure NTP, which is used for clock synchronization of various devices on the network. Secure NTP complements audit logging to prevent date and time changes and simplifies several authentication methods that rely on accurate time settings. Secure NTP uses MD5-encrypted keys to authenticate the time stamps that come from the time server. These keys are agreed on in advance between the printer and the time server. If a time stamp comes to the printer from the server without the correct key, the printer ignores the time stamp. Fax and Network Separation Overview A common question about networked MFPs is "Are they exposed to intruders with the presence of a fax modem?" The concern is that an intruder can dial in to the MFP through the fax modem and manipulate the device or somehow gain access to the network to which it is connected. The reality is there is no exposure through a fax modem or network access on Lexmark MFPs. With the fax modem on Lexmark devices, only the exchange of facsimile images is possible. There is no path by which the fax modem connection can interact with or control the MFP network interface, and there is no facility to configure the MFP settings through the fax modem connection. With the Lexmark fax modem connection, you can send and receive only fax images.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
In certificate mode, Lexmark devices can be configured to establish a secure IPsec connection with up to five
other systems or subnets. In this configuration, printers and MFPs can exchange data securely with a large
number of systems, and the process can be integrated with a PKI or CA infrastructure. The use of certificates
provides a more robust and scalable solution, without the burden of configuring or managing keys or
passphrases.
Lexmark devices can store and apply two certificates for use with IPsec. Each device includes a self-signed
certificate that can be replaced with a certificate signed by a CA. This certificate can be generated from scratch,
or it can be generated with the Base64-encoded PKCS file that is embedded in a printer or MFP and available
through its web interface. With this certificate generation, a device identity can be validated by other systems
in the CA environment. Also, the device can store the CA certificate as a trusted root CA certificate so that it
can validate the identity of other systems in the CA environment.
Secure Network Time Protocol
Overview
Network Time Protocol (NTP) provides devices with a common time source to keep them synchronized with
the correct date and time so they can successfully use any authentication method that requires accurate time.
To ensure that the date and time are being delivered only from an approved authenticated time source, Secure
NTP is also supported.
Benefits
Secure NTP provides the capability for devices on the network to obtain their time from an authenticated,
secured source.
Details
Lexmark devices support the use of Secure NTP, which is used for clock synchronization of various devices on
the network. Secure NTP complements audit logging to prevent date and time changes and simplifies several
authentication methods that rely on accurate time settings.
Secure NTP uses MD5-encrypted keys to authenticate the time stamps that come from the time server. These
keys are agreed on in advance between the printer and the time server. If a time stamp comes to the printer
from the server without the correct key, the printer ignores the time stamp.
Fax and Network Separation
Overview
A common question about networked MFPs is “Are they exposed to intruders with the presence of a fax
modem?” The concern is that an intruder can dial in to the MFP through the fax modem and manipulate the
device or somehow gain access to the network to which it is connected.
The reality is there is no exposure through a fax modem or network access on Lexmark MFPs. With the fax
modem on Lexmark devices, only the exchange of facsimile images is possible. There is no path by which the
fax modem connection can interact with or control the MFP network interface, and there is no facility to configure
the MFP settings through the fax modem connection. With the Lexmark fax modem connection, you can send
and receive only fax images.
Secure Network Interfaces
24