Konica Minolta bizhub PRESS C8000 bizhub PRESS C8000 Security User Guide - Page 43

2.4 Administrator Security Functions 2 No. Operation Audit ID 4 Print audit log/output all to USB CE ID/Administrator ID 5 Change/Register CE password CE ID 6 Change/Register administrator pass- CE ID/Administrator ID word 7 Create user by administrator User ID 8 Change/register user password by ad- User ID ministrator 9 Delete user by administrator User ID 10 Change attributes of user by adminis- User ID trator 11 Password authentication for user User ID*1/Unregistered user ID*2 12 Change attributes of user by user (user User ID password, etc.) 13 Change HDD lock password Administrator ID 14 (not used) 15 Access to stored job User ID (Printing hold/HDD store job, recalling HDD store job to hold job, storing hold job on HDD) 16 Delete stored job User ID Stored action 04 05 06 Result OK OK OK 07 OK 08 OK 09 OK 10 OK 11 OK/NG 12 OK 19 OK 15 OK 16 OK *1: Audit log ID will be saved as user ID when user authentication is successfully made, or when password inconformity occurs with a registered user name. *2: Audit log ID will be saved as unregistered user ID when authentication failure occurs with an unregistered user name. The purpose of analyzing the audit log is to understand the following and implement countermeasures: - Whether or not data was accessed or tampered with - Subject of attack - Details of attack - Result of attack For specific analysis methods, see the next page. Specifying unauthorized actions: password authentication If logs have NG as the result of password authentication (action: 01, 02, 11), items protected by passwords may have been attacked. - Failed password authentication (NG) log entries specify who made the operation, and show if unauthor- ized actions were made when password authentication failed. - Even if password authentication succeeded (OK), you may need to check whether a legitimate user cre- ated the action. Careful check is recommended especially when successful authentication occurs after series of failures, or for those made during times other than normal operating hours. Specifying unauthorized actions: actions other than password authentication Since all operation results other than password authentication are indicated as successful (OK), use ID and action to determine if any unauthorized actions were made. Check the time of operation, and see if the user who operated the specific subject made any unauthorized actions. Remedy for unauthorized operations If you find that a password has leaked out after analyzing the audit log, change the password immediately. bizhub PRESS C8000 2-36