Lexmark T652DTN Embedded Web Server Administrator's Guide - Page 5

Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Incorporating traditional components such as authentication and group permissions, administrators can use Embedded Web Server Security Templates to control access to the devices that produce, store, and transmit sensitive documents. Security templates are an innovative new tool developed by Lexmark to enable administrators to build secure, flexible profiles that provide end users the functionality they require, while limiting access to sensitive printer functions or outputs to only those users holding appropriate credentials. Utilizing soft configuration features alone or in conjunction with physical security such as Common Access Cards, the printer will no longer be a weak link in the document security chain. Understanding the basics Securing a printer through the Embedded Web Server involves combining one or more components- Authentication, Authorization, and Groups-to define who is allowed to use the printer, and which functions those users are allowed to access. Before configuring printer security, it can be helpful to create a plan that identifies who the users will be and what they will need to do. Items to consider might include the location of the printer and whether non-authorized persons have access to that area, sensitive documents that will be sent to or stored on the printer, and the information security policies of your organization. Authentication and Authorization Authentication is the method by which a system securely identifies a user (that is, who you are). Authorization specifies which functions are available to a user who has been authenticated by the system. This set of authorized functions is also referred to as "permissions." The Embedded Web Server handles authentication and authorization using one or more of the following, also referred to as Building Blocks: • PIN • Password • Internal accounts • LDAP • LDAP+GSSAPI • Kerberos 5 (used only in conjunction with LDAP+GSSAPI) • NTLM Some Building Blocks, such as Password or PIN, can be used alone to provide low-level security, by simply limiting access to a printer-or specific functions of a printer-to anyone who knows the correct code. This type of security might be appropriate in a situation in which a printer is located in the lobby or other public area of a business, so that only employees who know the password or PIN are able to use the printer. Because anyone who enters the correct password or PIN receives the same privileges and users can not be individually identified, passwords and PINs are considered less secure than other building blocks that require a user to be identified, or both identified and authorized. Using security features in the Embedded Web Server 5