Lexmark MB2546 Embedded Web Server--Security Administrator s Guide
Lexmark MB2546 Manual
View all Lexmark MB2546 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark MB2546 manual content summary:
- Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 1
Embedded Web Server - Security Administrator's Guide April 2018 www.lexmark.com - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 2
Contents 2 Contents Change history 4 Overview...5 Supported printers...5 Supported web browsers...7 Securing network connections 8 Accessing the Embedded Web Server...8 Con ...26 Creating a printer certificate...26 Installing certificates manually...27 Installing certificates automatically...27 - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 3
Contents 3 Viewing, downloading, and deleting a certificate 27 Managing other access functions guring printer hard disk encryption...31 Restoring factory default settings...31 Statement of Volatility...32 Troubleshooting 33 User is locked out...33 User is logged out automatically...33 User cannot - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 4
printer models and web browsers. August 2017 • Added information on supported printer models. June 2017 • Added information on supported printer models. February 2017 • Added information on supported printer models. January 2017 • Updated information on the Common Criteria certified target of - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 5
reader. When users badge in, their credentials are authenticated using a master printer, LDAP, Lexmark Document Distributor (LDD), or Identity Service Providers (ISP). Note: For more information, see the Administrator's Guide for the solution. • The group where the users belong to. You can create - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 6
Overview 6 • CX921 • CX922 • CX923 • CX924 • CX927 • MB2338adn • MB2338adw • MB2338dw • MB2442ade • MB2442adwe • MB2546ade • MB2650ade • MX321 • MX421 • MX521 • MX522 • MX622 • XC4140 • XC4150 • XC6152 • XC8155 • XC8160 Single‑function printers (SFPs): • B2338dn • B2338dw • B2442dn • B2442dw • - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 7
Overview 7 • MS321 • MS421 • MS521 • MS621 Supported web browsers • Google ChromeTM version 32 or later • Internet ExplorerTM version 11 or later • Microsoft EdgeTM • Mozilla Firefox version 24 or later • Safari version 6 or later - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 8
IP Security (IPsec) between the printer and the workstation or server to secure traffic between the systems with a strong encryption. The printers support IPsec with preshared keys (PSK) and certificates. You can use both options simultaneously. When using PSK authentication, printers are configured - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 9
settings. For more information, see "Managing certificates" on page 26. • Make sure that all printers on the same network using 802.1x are supporting the same EAP authentication type. 1 From the Embedded Web Server, click Settings > Network/Ports > 802.1x. 2 From the 802.1x Authentication section, do - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 10
Securing network connections 10 4 In the TTLS Authentication Method menu, select the authentication method to use. 5 Click Save. Setting the restricted server list You can configure printers to connect only from a list of specified TCP/IP addresses. This action blocks all TCP connections from other - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 11
Enable PPM Mib (Printer Port Monitor MIB) to facilitate the automatic installation of printer drivers and other printing applications. 5 Click Save. Configuring SNMP version 3 settings Before the Privacy Algorithm menu, select the strongest setting supported by your network environment. 7 Click Save. - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 12
Managing devices remotely 12 Configuring SNMP traps After configuring SNMP settings, you can customize which alerts are sent to the network management system by designating events (SNMP traps) that trigger an alert message. 1 From the Embedded Web Server, click Settings > Network/Ports > SNMP > Set - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 13
authorized administrators by using access control. Printers inspect all downloaded firmware packages for required attributes before adopting and executing all firmware packages to include multiple digital 2048-bit RSA signatures from Lexmark. If these signatures are not valid, or if the message logs - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 14
Managing login methods 14 Managing login methods Restricting public access to functions, applications, printer management, and security options The guest account can use the printer without logging in. To control the access of guest account users, restrict the functions, applications, printer - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 15
Managing login methods 15 4 Do either of the following: • To edit the user account, update the user information, and then click Save. • To delete the user account, click Delete User. Note: To delete multiple user accounts, select the account, and then click Delete. Creating local account groups - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 16
Active Directory. Notes: • LDAP+GSSAPI requires a Kerberos network account. For more information, see "Creating a Kerberos login method" on page 19. • Supported printers can store a maximum of five unique LDAP or LDAP+GSSAPI login methods. Each method must have a unique name. • Administrators can - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 17
Use Active Directory Device Credentials-Use user credentials and group designations that are pulled from the existing network comparable to other network services. This option is available only in the LDAP +GSSAPI setup. • If Anonymous LDAP Bind or Use Active Directory Device Credentials is disabled - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 18
Managing login methods 18 Search Specific Object Classes • person-Search the "person" object class. • Custom Object Classes-Type the name of the custom object class to search. Note: A maximum of three custom object classes can be searched. Type the other object class in the other Custom Object - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 19
using Kerberos authentication, make sure that the time difference between the printer and the domain controller does not exceed five minutes. You can manually update the date and time settings or use the Network Time Protocol (NTP) to sync the time with the domain controller automatically. 1 From - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 20
Managing login methods 20 Configuring manually Note: Configuring the date and time manually disables NTP. a From the Configure section, in the "Manually Set Date and Time" field, enter the appropriate date and time. b Select the date format, time format, and time zone. Note: If you select (UTC+ - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 21
Use Active Directory Device Credentials-Use user credentials and group designations that are pulled from the existing network comparable to other network services. - If Use Active Directory Device Credentials is disabled, then provide the authentication credentials used to bind the printer with the - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 22
search scope selected, type the group name or user name. c Click Search. d Select the group that you want to add. e Click Add Selected. Add a group manually a Click Manual Add. b In the Group Name field, type the name of the group. - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 23
following access controls modify users' access to available printer functions: • Access Address Book in Apps-Use Address Book from eSF applications that support it. • Manage Shortcuts-Access the Manage Shortcuts menu, and enable the "Save as Shortcut" option available in the Copy, E‑mail, Fax, and - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 24
icon is removed. - No fax‑related intervention‑required messages appear on the printer display. - The printer does not answer incoming calls or print driver faxes. Note: The Embedded Web Server and control panel show fax‑related settings even if this function is disabled. • FTP Function-Scan to an - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 25
and unlock the printer home screen. • Import / Export Settings-Import or export a printer settings file (.ucf) from the Embedded Web Server. • Out of Service Erase-Clear all settings, applications, and pending jobs stored in the printer memory, or erase all data in the printer hard disk. Apps • New - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 26
section, click Generate. 3 Configure the settings. For more information, see "Configuring printer certificate defaults" on page 26. 4 Click Generate or Generate and Download. - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 27
certificates 27 Installing certificates manually Note: To download the CA certificate automatically, see without waiting for the scheduled run time, then select Fetch Immediately. 4 Click Save. Viewing, downloading, and deleting a certificate 1 From the Embedded Web Server, click Settings > Security > - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 28
Managing other access functions 28 Managing other access functions Scheduling access to USB devices In secure environments, devices can be configured to limit or disable the capabilities of USB host ports. You can disable the front USB port using access control restrictions. Devices also have a - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 29
Managing other access functions 29 Notes: - When the limit is reached, the print jobs for that user name and PIN are deleted. - This setting appears only when a formatted, working printer hard disk is installed. - To turn off this setting, enter 0. • Confidential Job Expiration-Specify how long the - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 30
the device is locked down and you cannot access the security menus. To replace the device controller board and regain access to the security menus, a service call is required. 3 Click Save. - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 31
Securing data 31 Securing data Erasing printer memory To erase volatile memory or buffered data in your printer, turn off the printer. To erase non‑volatile memory or individual settings, printer and network settings, security settings, and embedded solutions, do the following: 1 From the Embedded - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 32
. • The printer is being moved to a different department or location. • The printer is being serviced by someone from outside your organization. • The printer is being removed from your premises for service. • The printer is being sold to another organization. Disposing of a printer hard disk Note - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 33
Troubleshooting 33 Troubleshooting User is locked out Try one or more of the following: Update the allowed number of login failures and lockout time Note: This solution is - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 34
Troubleshooting 34 Domain controller certificate is not installed Make sure that authentication may require you to enable SSL for LDAP lookups. For more information, see the administrator's guide for the solution. Narrow the LDAP search base to the lowest possible scope that includes all necessary - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 35
products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. For Lexmark technical support, visit http://support.lexmark.com. For information on supplies and downloads, visit www.lexmark.com. © 2016 Lexmark International, Inc. All rights - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 36
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 37
Notices 37 "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 38
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 39
Notices 39 APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 40
login method 21 applications restricting public access to 14 C card is locked out 33 certificate deleting 27 downloading 27 viewing 27 certificate error 34 certificates installing 27 installing manually 27 change history 4 confidential printing configuring 28 configuring IP Security settings 8 TCP/IP port - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 41
viewing or saving 12 security certificates installing 27 installing manually 27 security options restricting public access to 14 security reset 29 statement of volatility 32 supported printers 5 supported web browsers 7 T TCP/IP port access configuring 8 troubleshooting certificate error 34 domain - Lexmark MB2546 | Embedded Web Server--Security Administrator s Guide - Page 42
Index 42 domain controller certificate not installed 34 KDC and MFP clocks out of sync 33 KDC is not responding within the required time 34 LDAP lookups fail 34 MFP clock out of sync 33 printer clock out of sync 33 unexpected logout 33 user cannot access applications or functions 33 user is locked
Embedded Web Server — Security
Administrator's Guide
April 2018
www.lexmark.com