Dell B3465dnf Mono Embedded Web Server -- Security Administrators Guide
Dell B3465dnf Mono Manual
View all Dell B3465dnf Mono manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell B3465dnf Mono manual content summary:
- Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 1
Embedded Web Server - Security Administrator's Guide October 2013 www.dell.com | dell.com/support/printers - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 2
Contents 2 Contents Security devices covered in this guide 4 Simple security devices...4 Advanced security devices...4 Using through Panel PIN Protect ...10 Setting up internal accounts ...10 Connecting your printer to an Active Directory domain 11 Using LDAP...13 Using LDAP+GSSAPI ...15 - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 3
volatile memory ...34 Erasing non‑volatile memory...34 Configuring Out of Service Erase ...35 Completely erasing printer hard disk memory 36 Configuring printer hard disk encryption...36 Scenarios...38 Scenario: Printer in a public place ...38 Scenario: Standalone or small office ...39 Scenario - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 4
this guide There are two levels of security supported based on the product definition. For a complete list of available functionality, see "Authentication and Authorization" on page 5. Simple security devices B2360d/dn, B3460dn, B5460dn Advanced security devices B3465dn (without fax), B3465dnf (with - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 5
security utilizes the "Panel PIN Protect" to restrict user access to the printer control panel and the "Web Page Password Protect" to restrict admin access Page Password Protect" on page 9. Advanced level security devices support PIN and password restrictions in addition to the other authentication - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 6
features in the Embedded Web Server 6 = Supported X = Not supported Panel PIN Protect PIN Protection Function Simple security that only employees who know the password or PIN are able to use the printer. Because anyone who enters the correct password or PIN receives the same privileges and - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 7
that can be controlled varies depending on the type of device, but in some multifunction printers, over 40 individual menus and functions can be protected. Note: For a list Authorization only PIN Authorization only Each device can support up to 140 security templates, allowing administrators to - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 8
password for advanced security setup Notes: • This is available only in select printer models. • The Embedded Web Server can store a combined total of 250 user‑level and administrator‑level passwords on each supported device. 1 From the Embedded Web Server, click Settings > Security > Security Setup - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 9
Web Page Password Protect Notes: • This is available only in low‑level‑security printers. • The Embedded Web Server can store a combined total of 250 user‑level and administrator‑level passwords on each supported device. 1 From the Embedded Web Server, click Settings > Security > Web Page Password - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 10
complete this procedure. Setting up internal accounts Note: This is available only in select printer models. Embedded Web Server administrators can configure one internal account building block per supported device. Each internal account building block can include a maximum of 250 user accounts and - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 11
either User ID or User ID and password to specify the information a user must submit when authenticating. Connecting your printer to an Active Directory domain Notes: • This is available only in select printer models. • Make sure to use HTTPS to protect the credentials that are used to join the - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 12
type the IP address or host name of the printer. Note: A warning with a message associated to your printer IP address or host name will appear. Click Continue KDC Server Affinity Service. Older devices will not recognize the special mappings associated with the KDC Server Affinity Service. d Click - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 13
(e.g. "dc=company,dc=com"). • Use Kerberos Service Ticket‑‑This setting is an advanced setup otherwise known Using LDAP Note: This is available only in select printer models. Lightweight Directory Access Protocol (LDAP) is a authentication methods. Notes: • Supported devices can store a maximum - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 14
Enter a value from 5 to 30 seconds or 5 to 300 seconds depending on your printer model. • Required User Input-Select either User ID and password or User ID to can be pulled from the existing network comparable to other network services. • Anonymous LDAP Bind-If selected, then the Embedded Web - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 15
in select printer models. Some administrators prefer authenticating to an LDAP server using Generic Security Services Application Programming Notes: • LDAP+GSSAPI requires that Kerberos 5 also be configured. • Supported devices can store a maximum of five unique LDAP+GSSAPI configurations. Each - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 16
(organization), c (country), and dc (domain). • Search Timeout-Enter a value from 5 to 30 seconds or 5 to 300 seconds depending on your printer model. • Use Kerberos Service Ticket-If selected, then a Kerberos ticket is presented to the LDAP server using the GSSAPI protocol to obtain access. Device - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 17
Kerberos 5 for use with LDAP+GSSAPI Note: This is available only in select printer models. Though it can be used by itself for user authentication, Kerberos 5 one Kerberos configuration file (krb5.conf) can be stored on a supported device, that krb5.conf file can apply to multiple realms and - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 18
servers require that key requests bear a recent time stamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the KDC system clock. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 19
CA certificate monitor Note: This is available only in select printer models. When joined to an Active Directory environment, automatic measures become unavailable, such as when there is a network communication problem or an authentication server fails. Note: In some organizations, security - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 20
security template to control function access Note: This is available only in select printer models. Each access control, or function access control, can be set 128 characters to create a security template. Each device can support up to 140 security templates. Though the names of security templates - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 21
Certain building blocks (such as passwords and PINs) do not support separate authorization. • For simple authorization‑level security, in users are encouraged to securely end each session by selecting Log out on the printer control panel. • For a list of individual access controls and what they do - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 22
"Appendix A: CA file creation" on page 41. 1 Open a Web browser, and then type the IP address or host name of the printer. 2 From the Embedded Web Server, click Settings > Security > Certificate Management > Certificate Authority Management. Notes: • This window allows the device administrator the - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 23
Configuring the device for certificate information Note: This is available only in select printer models. The printer has a self‑generated certificate. For some operations (e.g. 802.1x, IPSec, etc.), the printer certificate needs to be upgraded to a certificate that has been signed by a certificate - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 24
Certificate file that was created in step 8. 11 Click Submit. Note: This completes the process of creating and installing a signed printer certificate. The printer can now present a valid certificate to systems to which it attempts to negotiate an SSL or IPSec connection. Creating a new certificate - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 25
can set default values for certificates generated for a supported device. The values entered here will be present an invalid PIN can be entered. Notes: • This menu item appears only when a formatted, working printer hard disk is installed. • Enter 0 to allow users to enter an incorrect PIN as many - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 26
changes, or click Reset Form to restore the default settings. Enabling and disabling USB devices Note: This is available only in select printer models. 1 From the Embedded Web Server, click Settings > Security > Schedule USB Devices. 2 From the Disable Devices menu, select to disable printing from - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 27
for securely erasing data from a hard disk. Note: Not all printers have a hard disk installed. If you do not see "Erase Temporary Data Files" in the main Security menu, then it is not supported on your device. 1 From the Embedded Web Server, click Settings > Security > Erase - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 28
will wait for a response from the SMTP server before timing out. The default value is 30 seconds. 6 To receive responses to messages sent from the printer (in case of failed or bounced messages), type the Reply Address. - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 29
to an Ethernet network. • A wireless network adapter is installed in your printer and working properly. For more information, see the instruction sheet that came with your wireless network adapter. 1 Open a Web browser, and then type the printer IP address in the address field. Notes: • View the - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 30
EAP‑MD5 EAP‑TLS EAP‑TTLS PEAP (TLS) LEAP Needs on MFP or Printer Device login name and password Device login name and password, CA certificate, to make sure that all of the devices participating in the 802.1X process support the same EAP authentication type. 1 From the Embedded Web Server, click - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 31
4 From the TTLS Authentication Method list, select the authentication method to accept through the secure tunnel created between the authentication server and the printer. 5 Click Submit to save the changes, or Reset Form to restore the default settings. Note: Changes made to settings marked with an - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 32
save the changes, or click Reset Form to clear all fields. Configuring the TCP/IP port access setting Note: This is available only in select printer models. This feature allows you to set access settings on the different TCP/IP ports of the device. 1 From the Embedded Web Server, click Settings - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 33
. To replace the device RIP card (motherboard) and regain access to the security menus, a service call will be required. Securing the hard disk and other installed memory Statement of Volatility Your printer contains various types of memory that are capable of storing device and network settings - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 34
the type of data stored by that device. • Individual settings-You can erase individual printer settings using the printer control panel or the printer Embedded Web Server. For more information, see the User's Guide. • Device and network settings-You can erase device and network settings and restore - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 35
erase information and settings associated with embedded solutions by uninstalling the solutions, or by restoring factory defaults using the printer Config menu. Configuring Out of Service Erase Notes: • This menu appears only when basic or advanced security is enabled on the device and the "Security - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 36
hard disk memory using the Embedded Web Server, see "Erasing temporary data files from the hard disk" on page 27. Using the printer control panel 1 Turn off the printer using the power switch. 2 Simultaneously press and hold the 2 and 6 keys on the numeric keypad while turning the device back on. It - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 37
disk encryption. • Enable-Use this to enable disk encryption. Notes: - Disable is the factory default setting. - Changing this setting will cause the printer to undergo a power‑on reset. Warning-Potential Damage: Changing the setting for disk encryption will erase the contents of the hard disk - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 38
Web Server, click Settings > Security > Security Setup. 2 Under Advanced Security Setup, click either PIN or Password, and then configure it. For some printer models, you can set your PIN and password through Panel PIN Protect and Web page Password Protect. For more information, see "Creating a PIN - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 39
Standalone or small office Note: This is available only in select printer models. If your printer is not connected to a network, or you do not use . Note: Certain building blocks (such as PINs and passwords) do not support separate authorization. 7 To use groups, click Modify Groups, and then select - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 40
deployed on the network. User credentials and group designations can be pulled from the existing network, making access to the printer as seamless as other network services. Before configuring the Embedded Web Server to integrate with Active Directory, you need to know the following: • Domain Name - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 41
Click Base 64 encoded, and then click Download CA Certificate. Note: DER encoding is not supported. 4 Save the certificate that is offered in a file. The file name is arbitrary, install the certificate. The previous manual process is replaced by a simple process with only limited initial setup - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 42
installed on the customer's network. Note: The example usage instructions given below assume the Certificate Enrollment Web Services is installed on a Windows 2008 R2 server. 1 Open a Web browser, and then type the IP address or host name of the printer in the address field. 2 From the Embedded Web - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 43
to the Security menu from the Embedded Web Server. Service Engineer Menus at the Device This protects access to the Service Engineer menu from the printer control panel. Service Engineer Menus Remotely This protects access to the Service Engineer menu from the Embedded Web Server. Settings Menu - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 44
This controls the ability to use the Copy function. Create Bookmarks at the Device This controls the ability to create new bookmarks from the printer control panel. Create Bookmarks Remotely This controls the ability to create new bookmarks from the Bookmark Setup section of the Settings menu on - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 45
access control New Apps App 1-10 What it does This controls the initial security profile of each application‑specific access control installed on the printer. The App 1 through App 10 access controls can be assigned to installed eSF applications and profiles created by LDSS. The access control for - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 46
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 47
Notices 47 Agustín Delgado (Servinform S.A.), Aitor Almeida (University of Deusto), Alasdair Mackintosh (Google), Alexander Martin (Haase & Martin GmbH), Andreas Pillath, Andrew Walbran (Google), Andrey Sitnik, Androida.hu / http://www.androida.hu/, Antonio Manuel Benjumea (Servinform S.A.), Brian - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 48
you may have executed with Licensor regarding such Contributions. 6 Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 49
Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 50
Glossary of Security Terms 50 Glossary of Security Terms Access Controls Authentication Authorization Building Block Group Security Template Settings that control whether individual device menus, functions, and settings are available, and to whom. Also referred to as Function Access Controls on - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 51
or password 20 managing with security templates 20 understanding 7 Active Directory printer, connecting 11 advanced security setup password 8 Appendix A CA file Out of Service Erase 35 TCP/IP port access setting 32 configuring device certificate information 23 Configuring Out of Service Erase 35 - Dell B3465dnf Mono | Embedded Web Server -- Security Administrators Guide - Page 52
and 17 using 15 lockout 20 login failure 20 restrictions 20 M memory types installed on printer 33 menu, security Erase Temporary Data Files 27 N non‑volatile memory 33 erasing 34 O Out of Service Erase configuring 35 P Panel PIN Protect 10 password advanced security setup 8 creating or editing
Embedded Web Server — Security
Administrator's Guide
October 2013
www.dell.com | dell.com/support/printers