Konica Minolta bizhub 950i bizhub 950i/850i Security Operations User Guide - Page 17

bizhub 950i/850i/AccurioPrint 950i/850i

1-13

1.5

Precautions for operation control

1

1.5.3

Roles of the administrator

The administrator should take full responsibility for controlling the machine, thereby ensuring that no improp-

er operations are performed.

-

The machine administrator and the user's administrator should select a trustworthy person who has

sufficient knowledge, technology, and experience as a user's administrator, and ask he/she to control

the machine.

-

When using an external authentication server, an SMTP server (mail server), a DNS server, an audit log

server, a WebDAV server, or an SMB server, each server should be appropriately managed by the ad-

ministrator and should be periodically checked to confirm that settings have not been changed without

permission.

1.5.4

Password usage requirements

NOTICE

Leakage of the password may result in such troubles as invalidated security function, leakage or falsification

of information.

The administrator must control the Memory RX user box password appropriately so that it may not be leaked.

The password should not be one that can be easily guessed. The user, on the other hand, should control the

user password appropriately so that it may not be leaked. Again, the password should not be one that can be

easily guessed. Furthermore, the following actions must be conformed.

Manage carefully not to forget the administrator password. In the event of a forgotten it, it is necessary to in-

itialize all the data including the hardware. Besides, necessary settings and confirmation will be disabled.

<To Achieve Effective Security>

-

The administrator of the machine shall never disclose the administrator password to anyone other than

the administrator of the machine.

-

Make sure that the administrator of the machine changes the administrator password regularly.

-

The administrator must change the Memory RX user box password at regular intervals.

-

The administrator of the machine should make sure that any number that can easily be guessed from

birthdays, employee identification numbers, and the like is not set for the administrator password.

-

The administrator should make sure that any number that can easily be guessed from birthdays, em-

ployee identification numbers, and the like is not set for the Memory RX user box password.

-

If a User Password has been changed, the administrator should have the corresponding user change

the password as soon as possible.

-

If the administrator password has been changed by the Service Engineer, the administrator of the ma-

chine should change the administrator password as soon as possible.

-

The administrator should have users ensure that the passwords set for the user authentication and the

box that can be used by the user are known only by the user concerned.

-

The administrator should have users change the passwords set for the user authentication at regular

intervals.

-

The administrator of the machine should have the user administrator log on to the user mode and

change his or her password in [Utility] - [Utility] - [Information] - [Change User Password] if he or she

changes the password.

-

The administrator should make sure that any user does not set any number that can easily be guessed

from birthdays, employee identification numbers, and the like for the passwords set for the user authen-

tication.

1.5.5

External authentication server control requirements

The administrator and the server administrator are required to apply patches to, or perform account control

for, this machine and the external authentication server connected to the office LAN in which the machine is

installed to ensure operation control that achieves appropriate access control.

This machine can be used only after the user who uses this machine has been registered in the external au-

thentication server. The server administrator should also check registered users at regular intervals to thereby

ensure that any unnecessary users are left registered.

This machine cannot be used unless Windows Server DNS is used for the External authentication server.

Section	Page
Contents	2
1 Security	6
1.1 Introduction	6
1.1.1 Persons using the machine	6
1.1.2 Relation between user and job deletion	7
1.2 Compliance with the ISO15408 Standard	8
1.2.1 Hardware and software	8
1.2.2 Operating precautions	8
1.3 Installation procedure	10
1.3.1 Setting of password rules	11
1.3.2 Setting of IP address and DNS host	11
1.3.3 Setting of administrator password	11
1.3.4 Setting of user authentication	12
1.3.5 Setting of accurate date and time	12
1.3.6 Setting of job log obtaining method	12
1.3.7 Setting of operation of ID & Print function	12
1.3.8 Setting of Memory RX	12
1.3.9 Setting of FW Update (USB) Password	13
1.3.10 Setting of FIPS mode	13
1.3.11 Setting of function pattern customization	13
1.3.12 Setting of Enhanced Security Mode	13
1.3.13 Setting of IPsec communication certificate	14
1.3.14 Setting of network	14
1.3.15 Check of IPsec setting for communication with each server	14
1.3.16 Check of settings banned for operation	14
1.3.17 Check of device information	14
1.4 Enhanced security mode	15
1.4.1 Major security functions in operation under ISO15408 certification	15
1.5 Precautions for operation control	16
1.5.1 Roles of the owner of the machine	16
1.5.2 Maintenance of the security environment	16
1.5.3 Roles of the administrator	17
1.5.4 Password usage requirements	17
1.5.5 External authentication server control requirements	17
1.5.6 Security function operation setting operating requirements	18
1.5.7 Operation and control of the machine	18
1.5.8 Machine maintenance control	20
1.5.9 Precautions for using the printer driver	20
1.6 Miscellaneous	21
1.6.1 Password rules	21
1.6.2 Precautions for use of various types of applications	21
1.6.3 Encrypting communications	22
1.6.4 Print functions	22
IPP printing	22
1.6.5 FAX functions	22
1.6.6 USB keyboard	22
1.6.7 Different types of boxes	22
1.6.8 Terminating a session and logging out	23
1.6.9 Occurrence of authentication error during external server authentication	23
1.6.10 Finding the version information	23
2 Administrator Operations	25
2.1 Accessing the administrator mode	25
2.1.1 Accessing the administrator mode	25
2.1.2 Accessing the user mode	30
2.1.3 Checking the number of wrong entries in authentication	32
Conditions to clear the number of times of check	32
2.2 Enhancing the security function	33
2.2.1 Items cleared by format	36
2.2.2 Setting the Enhanced Security Mode	37
2.3 Setting the password rules	38
2.3.1 Setting the password rules	38
2.4 Setting IPsec	39
2.4.1 IPsec setting	39
2.4.2 Introducing the device certificate for IPsec communication	41
2.4.3 Deleting the IPsec communication device certificate	42
2.4.4 Introducing the CA (certification authority) certificate for IPsec communication	42
2.5 Firmware verification function at the time of starting the machine	43
2.5.1 Setting the firmware verification function	43
2.5.2 Self-test function	43
2.6 Preventing unauthorized access	44
2.6.1 Setting Prohibited Functions	44
2.7 Canceling the operation prohibited state	46
2.7.1 Performing release setting	46
2.8 Setting the authentication method	47
2.8.1 Setting the authentication method	47
2.8.2 Setting the external server	48
2.9 ID & Print setting function	49
2.9.1 Setting ID & Print	49
2.10 System auto reset function	50
2.10.1 Setting the system auto reset function	50
2.11 User setting function	51
2.11.1 Making user setting	51
2.12 User box function	53
2.12.1 Setting user box usage restriction	53
2.12.2 Setting the user box	54
2.12.3 Changing the user attributes and box password	55
2.12.4 Setting Memory RX	56
2.12.5 Batch deleting the documents in the Memory RX User Box	56
2.13 Changing the administrator password	57
2.13.1 Changing the administrator password	57
2.14 Obtaining job log	58
2.14.1 Obtaining and deleting a job log	58
2.14.2 Job log data	60
2.15 Setting time/date in machine	89
2.15.1 Setting time/date	89
2.15.2 Setting daylight saving time	89
2.16 TCP/IP setting function	90
2.16.1 Setting the IP Address	90
2.16.2 Registering the DNS server	90
2.17 E-mail setting function	91
2.17.1 Setting the SMTP server (E-mail server)	91
2.18 SMB setting function	92
2.18.1 Setting a client	92
2.19 WebDAV setting function	93
2.19.1 Setting a client	93
2.20 Automatic logoff setting function	94
2.20.1 Setting automatic logoff	94
2.21 FIPS mode setting function	95
2.21.1 Setting the FIPS mode	95
2.22 Firmware update function	96
2.22.1 Updating the firmware	96
2.23 Job deletion setting function	97
2.23.1 Setting the job deletion	97
3 User Operations	99
3.1 User authentication function	99
3.1.1 Performing user authentication	99
3.1.2 Accessing the ID & Print document	102
3.1.3 Number of wrong entries in authentication	102
Conditions to clear the number of times of check	102
3.2 Change password function	103
3.2.1 Performing change password	103
3.3 User box function	104
3.3.1 Setting the user box	104
3.3.2 Changing the user attributes and box password	105
3.3.3 Accessing the user box and user box file	106
3.3.4 Number of wrong entries in entering the box password	107

Konica Minolta bizhub 950i bizhub 950i/850i Security Operations User Guide - Page 17

Roles of the administrator, Password usage requirements, External authentication server control

Page 17 highlights