Lexmark XC4342 Security White Paper - Page 17

Https

Get Lexmark XC4342 PDF manuals and user guides View all Lexmark XC4342 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

Secure Remote Management 17 HTTPS You can securely manage your networked printers and MFPs with HTTPS from each device's Embedded Web Server. For more security, you can use HTTPS to conveniently and effectively manage the device remotely. Overview The most common means to remotely configure networked devices, including Lexmark MFPs, is through the device's web interface. You can configure device settings by pointing a browser to its IP address or host name and providing the proper credentials. However, browsers and the HTTP traffic associated with them are not inherently secure. An intruder can detect the network traffic used in the web session and determine the device's password. To address this concern, Lexmark devices support HTTPS. Through a recent firmware update, Lexmark has extended the capabilities of our devices' handling of HTTPS. This new capability allows a redirect from the HTTP (TCP 80) connection to an HTTPS (TCP 443) connection when using the devices' Embedded Web Server. Benefits • Ease of use in establishing a connection for the end user. Point the browser to "https://" instead of "http://" and the device and browser will automatically process the rest. • The encryption of all data exchanged through the browser, including passwords and any other settings that are set or viewed. • Supported by most commonly used web browsers. HTTPS and TLS are widely used standards. • Integration in preexisting CA or PKI environments. The device's certificate that allows the TLS session to be established can be signed by a CA. • Web sessions can be conveniently and effectively secured. Details Lexmark devices include an Embedded Web Server. When a browser is pointed to a device's address with the "https://" prefix, the device and the client system negotiate an TLS connection. This involves the device passing its x.509 certificate to the client system to establish its identity. Because the device's certificate is self-signed by default, the client typically presents a warning to the user (whether and how this happens depends on the settings of the web browser). The client system can choose to trust the self-signed certificate, and thereafter does not receive further warnings. Alternatively, the device's certificate can be signed by a CA. This can be an external CA or a CA that is internal to the customer's environment. The device's web interface includes a certificate management page that facilitates this process. Replacing the self-signed certificate with a CA-signed certificate avoids the warnings associated with the HTTPS session. The HTTPS session is built on an TLS connection in which all exchanged data is encrypted. This protects the contents of the session against eavesdropping and enables secure remote management of the device. Notes: • Device web page access can be restricted to HTTPS only by turning off the HTTP port, leaving only the HTTPS port (443) active. • Forced HTTPS redirection requires that both TCP port 80 and TCP port 443 be enabled in the TCP/IP Port Access menu.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
HTTPS
You can securely manage your networked printers and MFPs with HTTPS from each device’s Embedded Web
Server. For more security, you can use HTTPS to conveniently and effectively manage the device remotely.
Overview
The most common means to remotely configure networked devices, including Lexmark MFPs, is through the
device’s web interface. You can configure device settings by pointing a browser to its IP address or host name
and providing the proper credentials. However, browsers and the HTTP traffic associated with them are not
inherently secure. An intruder can detect the network traffic used in the web session and determine the device’s
password. To address this concern, Lexmark devices support HTTPS.
Through a recent firmware update, Lexmark has extended the capabilities of our devices’ handling of HTTPS.
This new capability allows a redirect from the HTTP (TCP 80) connection to an HTTPS (TCP 443) connection
when using the devices’ Embedded Web Server.
Benefits
Ease of use in establishing a connection for the end user. Point the browser to “https://” instead of “http://”
and the device and browser will automatically process the rest.
The encryption of all data exchanged through the browser, including passwords and any other settings that
are set or viewed.
Supported by most commonly used web browsers. HTTPS and TLS are widely used standards.
Integration in preexisting CA or PKI environments. The device’s certificate that allows the TLS session to be
established can be signed by a CA.
Web sessions can be conveniently and effectively secured.
Details
Lexmark devices include an Embedded Web Server. When a browser is pointed to a device’s address with the
“https://” prefix, the device and the client system negotiate an TLS connection. This involves the device passing
its x.509 certificate to the client system to establish its identity. Because the device’s certificate is self-signed
by default, the client typically presents a warning to the user (whether and how this happens depends on the
settings of the web browser). The client system can choose to trust the self-signed certificate, and thereafter
does not receive further warnings.
Alternatively, the device’s certificate can be signed by a CA. This can be an external CA or a CA that is internal
to the customer’s environment. The device’s web interface includes a certificate management page that
facilitates this process. Replacing the self-signed certificate with a CA-signed certificate avoids the warnings
associated with the HTTPS session. The HTTPS session is built on an TLS connection in which all exchanged
data is encrypted. This protects the contents of the session against eavesdropping and enables secure remote
management of the device.
Notes:
Device web page access can be restricted to HTTPS only by turning off the HTTP port, leaving only the
HTTPS port (443) active.
Forced HTTPS redirection requires that both TCP port 80 and TCP port 443 be enabled in the TCP/IP
Port Access menu.
Secure Remote Management
17