Lexmark XC4342 Security White Paper - Page 61

Security Standards 61 Two Levels of Security There are two levels of security that are supported based on the product definition. The simplest level of security supports only internal-device authentication and authorization methods. The more advanced level of security permits internal and external authentication and authorization, as well as additional restriction capabilities for management, function, and solution access. Advanced security is supported for those devices that permit the installation of additional solutions (applications) to the device. In general, if the device supports a touch-screen display, then the security level for that device is advanced. Simple security utilizes a single PIN to restrict user access to the device's control panel and a single web page password to restrict administrator access to the device. PIN access for the control panel is specified because text entry is generally difficult on the control panels for these devices while web page access supports passwords because there are no device panel restrictions. Devices that support simple security are generally used in environments where security risk is limited and advanced security is not required. Advanced-level security devices support a wide range of local and network authentication and authorization methods. Multiple local authentication functions that support PINs, passwords and username-password combinations for many locally defined users are supported. Standard network authentication through LDAP, LDAP+GSSAPI, Kerberos and Active Directory are supported. Authorization can be specified individually or by groups (either local or network). Devices that support advanced-level security are capable of running installed solutions, which permit the usage of card readers to provide advanced two-factor authentication.