Konica Minolta bizhub 950i bizhub 950i/850i Security Operations User Guide - Page 16

bizhub 950i/850i/AccurioPrint 950i/850i

1-12

1.5

Precautions for operation control

1

1.5

Precautions for operation control

This machine and the data handled by this machine should be used in an office environment that meets the

following conditions. The machine must be controlled for its operation under the following conditions to pro-

tect the data that should be protected.

1.5.1

Roles of the owner of the machine

NOTICE

An improper administrator may weaken and invalidate the security function. Besides, to maintain the security

for users who are to use the machine, the following actions must be taken.

The owner (an individual or an organization) of the machine should take full responsibility for controlling the

machine, thereby ensuring that no improper operations are performed.

-

The owner of the machine should have the administrator recognize the organizational security policy

and procedure, educate him or her to comply with the guidance and documents prepared by the man-

ufacturer, and allow time for him or her to acquire required ability. The owner of the machine should

also operate and manage the machine so that the administrator can configure and operate the machine

appropriately according to the policy and procedure. If the administrator does not or cannot follow the

policy and procedure, the security function of this machine cannot be maintained.

-

The owner of the machine should have users of the machine recognize the organizational security policy

and procedure, educate them to follow the policy and procedure, and operate and manage the machine

so that the users acquire the required ability. If the ability is insufficient, the administrator may not be

able to protect user's personal information, and a secure operation of the machine cannot be main-

tained.

-

The owner of the machine should vest the user with authority to use the machine according to the or-

ganizational security policy and procedure. The owner of the machine must carry out it to prevent se-

curity information from being leaked by users.

-

The owner of the machine should select a trustworthy person as an administrator who has sufficient

knowledge, technology, and experience to maintain the security of the machine and can take proper

actions when trouble occurs, then ask he/she to control the machine.

-

The owner of the machine should operate and manage the machine so that the administrator checks

the job log (audit log) data at appropriate timing to thereby determine whether a security compromise

or a faulty condition has occurred during an operating period. Proper management makes it possible

to prevent trouble from occurring, or take prompt actions soon after a trouble occurs.

-

The owner of the machine must permit only the administrator to handle the job log (audit log) data that

has automatically been distributed. The owner of the machine should also operate and manage the ma-

chine such that the job log (audit log) data is not illegally accessed, deleted, or altered. Critical informa-

tion may be leaked unintentionally.

1.5.2

Maintenance of the security environment

The owner of the machine should use the Enhanced Security Mode and maintain the operating environment

as follows.

-

The client PC for operating the machine should be used in a secure state where the latest published

update program is used for the OS and applications (such a virus software, printer driver, browser, and

etc.).

-

Connect the machine to the internal network which is protected by the firewall to prohibit any access

from the external network to the machine. Furthermore, control the machine to prevent the internal net-

work from being accessed by illegal devices.

NOTICE

If the machine is connected to an internal network which is not protected by the firewall, the machine may be

attacked from the external network.

Section	Page
Contents	2
1 Security	6
1.1 Introduction	6
1.1.1 Persons using the machine	6
1.1.2 Relation between user and job deletion	7
1.2 Compliance with the ISO15408 Standard	8
1.2.1 Hardware and software	8
1.2.2 Operating precautions	8
1.3 Installation procedure	10
1.3.1 Setting of password rules	11
1.3.2 Setting of IP address and DNS host	11
1.3.3 Setting of administrator password	11
1.3.4 Setting of user authentication	12
1.3.5 Setting of accurate date and time	12
1.3.6 Setting of job log obtaining method	12
1.3.7 Setting of operation of ID & Print function	12
1.3.8 Setting of Memory RX	12
1.3.9 Setting of FW Update (USB) Password	13
1.3.10 Setting of FIPS mode	13
1.3.11 Setting of function pattern customization	13
1.3.12 Setting of Enhanced Security Mode	13
1.3.13 Setting of IPsec communication certificate	14
1.3.14 Setting of network	14
1.3.15 Check of IPsec setting for communication with each server	14
1.3.16 Check of settings banned for operation	14
1.3.17 Check of device information	14
1.4 Enhanced security mode	15
1.4.1 Major security functions in operation under ISO15408 certification	15
1.5 Precautions for operation control	16
1.5.1 Roles of the owner of the machine	16
1.5.2 Maintenance of the security environment	16
1.5.3 Roles of the administrator	17
1.5.4 Password usage requirements	17
1.5.5 External authentication server control requirements	17
1.5.6 Security function operation setting operating requirements	18
1.5.7 Operation and control of the machine	18
1.5.8 Machine maintenance control	20
1.5.9 Precautions for using the printer driver	20
1.6 Miscellaneous	21
1.6.1 Password rules	21
1.6.2 Precautions for use of various types of applications	21
1.6.3 Encrypting communications	22
1.6.4 Print functions	22
IPP printing	22
1.6.5 FAX functions	22
1.6.6 USB keyboard	22
1.6.7 Different types of boxes	22
1.6.8 Terminating a session and logging out	23
1.6.9 Occurrence of authentication error during external server authentication	23
1.6.10 Finding the version information	23
2 Administrator Operations	25
2.1 Accessing the administrator mode	25
2.1.1 Accessing the administrator mode	25
2.1.2 Accessing the user mode	30
2.1.3 Checking the number of wrong entries in authentication	32
Conditions to clear the number of times of check	32
2.2 Enhancing the security function	33
2.2.1 Items cleared by format	36
2.2.2 Setting the Enhanced Security Mode	37
2.3 Setting the password rules	38
2.3.1 Setting the password rules	38
2.4 Setting IPsec	39
2.4.1 IPsec setting	39
2.4.2 Introducing the device certificate for IPsec communication	41
2.4.3 Deleting the IPsec communication device certificate	42
2.4.4 Introducing the CA (certification authority) certificate for IPsec communication	42
2.5 Firmware verification function at the time of starting the machine	43
2.5.1 Setting the firmware verification function	43
2.5.2 Self-test function	43
2.6 Preventing unauthorized access	44
2.6.1 Setting Prohibited Functions	44
2.7 Canceling the operation prohibited state	46
2.7.1 Performing release setting	46
2.8 Setting the authentication method	47
2.8.1 Setting the authentication method	47
2.8.2 Setting the external server	48
2.9 ID & Print setting function	49
2.9.1 Setting ID & Print	49
2.10 System auto reset function	50
2.10.1 Setting the system auto reset function	50
2.11 User setting function	51
2.11.1 Making user setting	51
2.12 User box function	53
2.12.1 Setting user box usage restriction	53
2.12.2 Setting the user box	54
2.12.3 Changing the user attributes and box password	55
2.12.4 Setting Memory RX	56
2.12.5 Batch deleting the documents in the Memory RX User Box	56
2.13 Changing the administrator password	57
2.13.1 Changing the administrator password	57
2.14 Obtaining job log	58
2.14.1 Obtaining and deleting a job log	58
2.14.2 Job log data	60
2.15 Setting time/date in machine	89
2.15.1 Setting time/date	89
2.15.2 Setting daylight saving time	89
2.16 TCP/IP setting function	90
2.16.1 Setting the IP Address	90
2.16.2 Registering the DNS server	90
2.17 E-mail setting function	91
2.17.1 Setting the SMTP server (E-mail server)	91
2.18 SMB setting function	92
2.18.1 Setting a client	92
2.19 WebDAV setting function	93
2.19.1 Setting a client	93
2.20 Automatic logoff setting function	94
2.20.1 Setting automatic logoff	94
2.21 FIPS mode setting function	95
2.21.1 Setting the FIPS mode	95
2.22 Firmware update function	96
2.22.1 Updating the firmware	96
2.23 Job deletion setting function	97
2.23.1 Setting the job deletion	97
3 User Operations	99
3.1 User authentication function	99
3.1.1 Performing user authentication	99
3.1.2 Accessing the ID & Print document	102
3.1.3 Number of wrong entries in authentication	102
Conditions to clear the number of times of check	102
3.2 Change password function	103
3.2.1 Performing change password	103
3.3 User box function	104
3.3.1 Setting the user box	104
3.3.2 Changing the user attributes and box password	105
3.3.3 Accessing the user box and user box file	106
3.3.4 Number of wrong entries in entering the box password	107

Konica Minolta bizhub 950i bizhub 950i/850i Security Operations User Guide - Page 16

Precautions for operation control

Page 16 highlights