Lexmark MX931 Security White Paper - Page 20

Secure Network Interfaces, TCP Connection Filtering

Get Lexmark MX931 PDF manuals and user guides View all Lexmark MX931 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

Secure Network Interfaces 20 Secure Network Interfaces Hardening a networked device is a powerful way to secure its network interfaces from malicious users. This includes blocking unnecessary features and functions, locking down any interfaces that remain and securing the data hosted by the device. Lexmark devices include a range of features embedded in the firmware to help you harden the device. TCP Connection Filtering Overview Solutions-capable devices can be configured to allow TCP/IP connections only from a specified list of TCP/IP addresses, also known as whitelisting. This mechanism blocks all TCP connections from other addresses, protecting the device against unauthorized printing and configuration. Lexmark devices support TCP connection filtering with the Restricted Server List field. By using this option, the device accepts only previously specified TCP/IP connections and rejects all others. Benefits • Approved systems, such as print servers and administrative workstations, are allowed to make connections to your device. This security feature allows normal and approved functions such as printing, routine monitoring, and maintenance. • All network interactions that involve TCP/IP connections can be controlled to increase security. The following types of connections rely on TCP/IP: - HTTP and browser connections - FTP - Telnet - Printing through the Line Printer Remote/Line Printer Daemon (LPR/LPD) protocol or through the Windows print subsystem Note: All of these connections are allowed only to and from the specified systems. • End-user systems can be omitted from the list, which prohibits them from connecting to the device through a web browser or FTP connection. • Any system that is not listed is refused access, securing the device against unauthorized external connections. Details The restricted server list allows up to 10 IP addresses or subnets to be specified. The device responds normally to any address in the list and rejects TCP connections to any address that is not on the list. The restricted server list does not affect UDP traffic, and so connectionless interactions, such as PING, are allowed from any address.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
Secure Network Interfaces
Hardening a networked device is a powerful way to secure its network interfaces from malicious users. This
includes blocking unnecessary features and functions, locking down any interfaces that remain and securing
the data hosted by the device. Lexmark devices include a range of features embedded in the firmware to help
you harden the device.
TCP Connection Filtering
Overview
Solutions-capable devices can be configured to allow TCP/IP connections only from a specified list of TCP/IP
addresses, also known as whitelisting. This mechanism blocks all TCP connections from other addresses,
protecting the device against unauthorized printing and configuration. Lexmark devices support TCP
connection filtering with the Restricted Server List field. By using this option, the device accepts only previously
specified TCP/IP connections and rejects all others.
Benefits
Approved systems, such as print servers and administrative workstations, are allowed to make connections
to your device. This security feature allows normal and approved functions such as printing, routine
monitoring, and maintenance.
All network interactions that involve TCP/IP connections can be controlled to increase security.
The following types of connections rely on TCP/IP:
HTTP and browser connections
FTP
Telnet
Printing through the Line Printer Remote/Line Printer Daemon (LPR/LPD) protocol or through the
Windows print subsystem
Note:
All of these connections are allowed only to and from the specified systems.
End-user systems can be omitted from the list, which prohibits them from connecting to the device through
a web browser or FTP connection.
Any system that is not listed is refused access, securing the device against unauthorized external
connections.
Details
The restricted server list allows up to 10 IP addresses or subnets to be specified. The device responds normally
to any address in the list and rejects TCP connections to any address that is not on the list. The restricted server
list does not affect UDP traffic, and so connectionless interactions, such as PING, are allowed from any address.
Secure Network Interfaces
20