Lexmark XC4342 Security White Paper - Page 14

Audit Logging

Get Lexmark XC4342 PDF manuals and user guides View all Lexmark XC4342 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 14 highlights

Secure Remote Management 14 While the backup password is used during initial device configuration or during the loss of connectivity of the device, the primary means of device access by users and administrators should be done via network user accounts (located on a corporate directory server) or local user accounts (located on the device). By requiring users and administrators to provide credentials for authentication, administrators can configure a device to determine access based on user and group needs. This access is done through a combination of FACs, authentication, and authorization. For more details, see authentication-and-authorixationschapter Note: The backup password is not associated with any accounts in the corporate directory. It is a password that is stored only in a device. This password is shared only with users who are authorized to modify the corresponding device's security settings. Audit Logging When you select Security Audit Log from the Security menu, Lexmark devices can track security-related events and device-setting changes. These actions can be exported to detailed logs that describe system user or activity events. The event-tracking feature proactively tracks and identifies potential risks and may be integrated with your intrusion‑detection system for real-time tracking. Lexmark devices are configured to export the Security Audit Log information to a SIEM (Security Information and Event Management) using industry standard syslog protocols, such as RFC 5424 and RFC 3164. The transmission is encrypted when stunnel is selected. Benefits • Tracks device behavior and activities • Identifies authenticated users, logging their activities Details The security-related events that are tracked are system-related events, setting changes, authentication and authorization events, disk-wiping events, and real-time clock changes. Events that are logged include the following: • IP address changes • Logging behavior changes, such as not being able to send the logs to specific destinations or logging settings are changed. • Jobs started, canceled, or completed • Setting modifications of the embedded solutions' FAC • Authentication or authorization success or failure events, including record of user identity • Security reset by jumper changes • Reset to factory defaults for settings, FACs, and other device options • Device settings modifications • Creation, modification, or deletion of authorization and authentication settings • Kerberos file changes • Authorization sessions created or modified • Active Directory join or unjoin • Certificates (device and certificate authority) added or removed • Disk encryption, format, and wiping

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
While the backup password is used during initial device configuration or during the loss of connectivity of the
device, the primary means of device access by users and administrators should be done via network user
accounts (located on a corporate directory server) or local user accounts (located on the device). By requiring
users and administrators to provide credentials for authentication, administrators can configure a device to
determine access based on user and group needs. This access is done through a combination of FACs,
authentication, and authorization. For more details, see
authentication-and-authorixations-
chapter
Note:
The backup password is not associated with any accounts in the corporate directory. It is a password
that is stored only in a device. This password is shared only with users who are authorized to modify the
corresponding device’s security settings.
Audit Logging
When you select Security Audit Log from the Security menu, Lexmark devices can track security-related events
and device-setting changes. These actions can be exported to detailed logs that describe system user or activity
events. The event-tracking feature proactively tracks and identifies potential risks and may be integrated with
your intrusion
detection system for real-time tracking.
Lexmark devices are configured to export the Security Audit Log information to a SIEM (Security Information
and Event Management) using industry standard syslog protocols, such as RFC 5424 and RFC 3164. The
transmission is encrypted when stunnel is selected.
Benefits
Tracks device behavior and activities
Identifies authenticated users, logging their activities
Details
The security-related events that are tracked are system-related events, setting changes, authentication and
authorization events, disk-wiping events, and real-time clock changes. Events that are logged include the
following:
IP address changes
Logging behavior changes, such as not being able to send the logs to specific destinations or logging
settings are changed.
Jobs started, canceled, or completed
Setting modifications of the embedded solutions’ FAC
Authentication or authorization success or failure events, including record of user identity
Security reset by jumper changes
Reset to factory defaults for settings, FACs, and other device options
Device settings modifications
Creation, modification, or deletion of authorization and authentication settings
Kerberos file changes
Authorization sessions created or modified
Active Directory join or unjoin
Certificates (device and certificate authority) added or removed
Disk encryption, format, and wiping
Secure Remote Management
14