Lexmark XC4342 Security White Paper - Page 35

Secure Start Process and Operating System Protections

Get Lexmark XC4342 PDF manuals and user guides View all Lexmark XC4342 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 35 highlights

Secure Access 35 For added security, the device administrator can require a user or a group to be authenticated prior to releasing the faxes. By adding this component, the administrator is validating that the faxes are released to authorized individuals and audits the action (for example, who released the faxes and the date and time) if there are concerns about malicious use. Secure Start Process and Operating System Protections Overview Security is an integral part of the Lexmark development process and is the reason security is a standard offering on all Lexmark devices. Device security is not to be an afterthought or a separate security chip inserted in a device after it has been manufactured. Device security must be holistic, which includes protection against malware and viruses. It is one of the reason's why Lexmark has been committed to developing security mechanisms around device operating systems, firmware updates, and embedded solutions well before it became a published attack vector for malicious individuals. Benefits • Ensures that there is virtually no option for loading malware or viruses in the operating system or other operating firmware of a device • Ensures that only trusted firmware is installed on Lexmark devices by using digital signatures and other security mechanisms • Stops operation and reports error if self-checking detects its security is compromised Details For their operating systems, Lexmark devices use a version of Linux. The kernel, which is a central part of the Linux operating system, is obtained directly from the Linux distribution site and not from a third party. Lexmark makes modifications to the Linux kernel so that the operating system can better meet the needs of hard copy devices. This approach provides hardening against external attacks. Lexmark is using the AndroidTM Open Source Project to drive the graphical user interface (GUI) for the current generation of Lexmark touch-screen devices. Additional protections used in the development of the Lexmark operating system are: • Standard applications, such as Apache, Samba, Telnet, FTP, that are found in a standard Linux distribution, have well-documented security exposures and are subject to rootkit attacks. These applications have been removed and replaced with applications specifically written by Lexmark developers for a hard copy device. • Lexmark development teams create custom applications that control functions such as print, fax, copy, and scan. After all modifications are made to the operating system, it is firewalled and hardened to the point that the embedded environment is closed. • In the event that a vulnerability is found on a device or additional functionalities are added to the operating system, the entire operating system is replaced on the device through a firmware update.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
For added security, the device administrator can require a user or a group to be authenticated prior to releasing
the faxes. By adding this component, the administrator is validating that the faxes are released to authorized
individuals and audits the action (for example, who released the faxes and the date and time) if there are
concerns about malicious use.
Secure Start Process and Operating System Protections
Overview
Security is an integral part of the Lexmark development process and is the reason security is a standard offering
on all Lexmark devices. Device security is not to be an afterthought or a separate security chip inserted in a
device after it has been manufactured. Device security must be holistic, which includes protection against
malware and viruses. It is one of the reason’s why Lexmark has been committed to developing security
mechanisms around device operating systems, firmware updates, and embedded solutions well before it
became a published attack vector for malicious individuals.
Benefits
Ensures that there is virtually no option for loading malware or viruses in the operating system or other
operating firmware of a device
Ensures that only trusted firmware is installed on Lexmark devices by using digital signatures and other
security mechanisms
Stops operation and reports error if self-checking detects its security is compromised
Details
For their operating systems, Lexmark devices use a version of Linux. The kernel, which is a central part of the
Linux operating system, is obtained directly from the Linux distribution site and not from a third party. Lexmark
makes modifications to the Linux kernel so that the operating system can better meet the needs of hard copy
devices. This approach provides hardening against external attacks.
Lexmark is using the Android
TM
Open Source Project to drive the graphical user interface (GUI) for the current
generation of Lexmark touch-screen devices.
Additional protections used in the development of the Lexmark operating system are:
Standard applications, such as Apache, Samba, Telnet, FTP, that are found in a standard Linux distribution,
have well-documented security exposures and are subject to rootkit attacks. These applications have been
removed and replaced with applications specifically written by Lexmark developers for a hard copy device.
Lexmark development teams create custom applications that control functions such as print, fax, copy, and
scan. After all modifications are made to the operating system, it is firewalled and hardened to the point
that the embedded environment is closed.
In the event that a vulnerability is found on a device or additional functionalities are added to the operating
system, the entire operating system is replaced on the device through a firmware update.
Secure Access
35