Lexmark MS817 Embedded Web Server Administrator s Guide - Page 67
Scenario: More security, aware environment 802.1X and SNMPv3, Scenario: Network, based usage
View all Lexmark MS817 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 67 highlights
Securing printers 67 Scenario: More security‑aware environment (802.1X) and SNMPv3 In this scenario, the network uses 802.1X communication to restrict network access, and secure LDAP to enforce authentication and authorization for access of device functions. Also, device access is logged and the device is remotely managed using SNMPv3. 1 Load a CA certificate for the authority you want into the device. For more information, see "Installing a Certificate Authority certificate on the device" on page 43. 2 Create the CA‑signed device certificate and load it into the device. For more information, see "Configuring the device for certificate information" on page 43. 3 Set up a secure a connection using the 802.1X authentication. Make sure that the usage of 802.1X is specified in the CA‑signed certificate. For more information, see "Configuring 802.1X authentication" on page 54. 4 To allow remote management of SNMPv3, enable SNMPv3, and then disable SNMPv1,2. For more information, see "Setting up SNMP" on page 47. Note: Specify the user credentials for Read/Write and optionally Read/Only users. We recommend setting the authentication level to Authentication, Privacy. 5 Configure audit logging. For more information, see "Configuring security audit log settings" on page 48. Remote system log for events can be specified by identifying the syslog server and selecting the appropriate settings. We recommend specifying an e‑mail address for the administrator and selectingn the events to be e‑mailed. 6 Set up secure LDAP authentication and authorization. For more information, see "Using LDAP" on page 37. Note: Specify the LDAP setup name, server address, port, and other appropriate settings. To enhance security, use a TLS or SSL/TLS connection. 7 Create one or more security templates using the LDAP building block, and then assign them to the appropriate access controls. For more information, see "Using a security template to control function access" on page 32. Scenario: Network‑based usage restrictions using access card Note: Before you begin, make sure that the Smart Card Authentication bundle is installed. In this scenario, the network uses an Active Directory environment. A SIPR access card and a password are used for device authentication and authorization. Device access is audited and the device is remotely managed using SNMPv3. All ports except the HTTPS (443) port and the SNMPv3 port are blocked. 1 Configure the Active Directory domain. For more information, see "Connecting your printer to an Active Directory domain" on page 35. Make sure to specify the following: • Domain name • User ID • Password Note: Make sure to enable CA Certificate Monitoring. 2 Specify an LDAP building block and security template, and then configure CA certificate monitoring. For more information, see "Setting up a Certificate Authority certificate monitor" on page 46.