Lexmark MX718 Embedded Web Server--Security: Administrator s Guide
Lexmark MX718 Manual
View all Lexmark MX718 manuals
Add to My Manuals
Save this manual to your list of manuals |
Lexmark MX718 manual content summary:
- Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 1
Embedded Web Server - Security Administrator's Guide June 2017 www.lexmark.com Model(s): MS911de, MX910de, MX911, MX912, XM9145, XM9155, XM7163, XM7170, XC2132, MS310, MS317dn, MS410, MS417dn, MS510, MS517dn, MS61x, MS617dn, MS81x, MS817dn, MS817n, MS818dn, MX310, MX317dn, MX410, MX417de, MX51x, - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 2
Contents 2 Contents Devices covered in this guide 4 Simple‑security devices...4 Advanced‑security devices...4 Managing authentication and authorization methods 5 Understanding the basics...5 Simple-security device access controls...8 Limiting access using Basic Security Setup 9 - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 3
Erasing hard disk data...49 Out‑of‑service wiping...50 Statement of volatility...51 Security ...54 Security scenarios 55 Scenario: Printer in a public place...55 Scenario Troubleshooting 60 Login troubleshooting...60 LDAP troubleshooting...63 Held Jobs / Print Release Lite troubleshooting - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 4
Devices covered in this guide 4 Devices covered in this guide There are two levels of security supported based on the product definition. For /dn, MS317dn, MS410d/dn, MS417dn, MS510dn, MS517dn, MS610dn, MS610dtn, MS617dn, MS810n/dn, MS810dtn, MS811n/dn, MS811dtn, MS812dn, MS812dtn, MS817dn, MS817n - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 5
security uses Panel PIN Protect to restrict user access to the printer control panel and Web Page Password Protect to restrict administrator access to individually or by groups (either local or network). Devices that support advanced-level security are capable of running installed solutions, which - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 6
Kerberos 5 X Active Directory* X Limited access controls X Access controls (complete) X Security Templates X Basic Security Setup X = Supported X = Not supported * Available only in some printer models The device handles authentication and authorization using one or more of the following - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 7
can be controlled varies depending on the type of device, but in some multifunction printers, over 40 individual menus and functions can be protected. Note: For a list of Authorization only Authorization only Each device can support up to 140 security templates, allowing administrators - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 8
IP address, print a network setup page, and then locate the TCP/IP section. For more information on printing a network setup page, see the printer User's Guide. We recommend using HTTPS when connecting to the Embedded Web Server to prevent network viewing of the data being entered. For example, type - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 9
using Basic Security Setup Use Basic Security Setup to limit access to the Embedded Web Server settings and the configuration menus on the printer control panel. This selection allows the definition of simple internal device security authentication methods. Notes: • This feature is available only in - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 10
security setup are the same for all advanced‑security devices. When configuring from the control panel, the steps may vary depending on your printer model. For example, for devices with a large touch screen, you can access the security setup by doing the following: 1 Navigate to the menu screen - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 11
up internal accounts Note: This feature is available only in advanced‑security devices. Administrators can configure one internal account building block per supported device. Each internal account building block can include a maximum of 750 user accounts and 32 user groups. You can use this building - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 12
the group name. Note: Group names can contain up to 128 UTF‑8 characters. 4 Click Add. Using the control panel Note: These instructions apply only in printer models with a touch‑screen display. 1 Navigate to the menu screen. 2 Touch Security > Edit Security Setups > Edit Building Blocks > Internal - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 13
Managing authentication and authorization methods 13 Using the control panel Note: These instructions apply only in printer models with a touch‑screen display. 1 Navigate to the menu screen. 2 Touch Security > Edit Security Setups > Edit Building Blocks > Internal Accounts > General Settings. 3 - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 14
. Note: Passwords are case sensitive and are not cached by the device. • Organizational Unit-Type the name of your organizational unit, if necessary. 3 Select one or more of the following domain services: • LDAP Address Book-Configure LDAP server address book information using Active Directory data - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 15
service account that is created in Active Directory. If you want to use an existing service This setting is a container or organizational unit that a device searches to validate whether methods. Notes: • Supported devices can store a If an outage prevents the printer from communicating with the server - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 16
unit), o (organization), c (country), and dc (domain). • Search Timeout-Enter a value from 5 to 30 seconds or 5 to 300 seconds, depending on your printer model to be pulled from the existing network comparable to other network services. • Anonymous LDAP Bind-Bind the Embedded Web Server with - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 17
more secure Generic Security Services Application Programming Interface ( LDAP+GSSAPI requires Kerberos 5 to be configured. • Supported devices can store a maximum of five unique LDAP+GSSAPI To help prevent unauthorized access, log out from the printer after each session. Adding an LDAP+GSSAPI setup 1 - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 18
by commas, such as cn (common name), ou (organizational unit), o (organization), c (country), and dc (domain). • Search Timeout-Enter a value from 5 to 30 seconds or 5 to 300 seconds depending on your printer model. • Use Kerberos Service Ticket-If selected, then a Kerberos ticket is presented to - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 19
Kerberos configuration file (krb5.conf) can be stored on a supported device, that file can apply to multiple realms and Kerberos Domain of authentication relies on an external server. If an outage prevents the printer from communicating with the server, then users are able to access protected device - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 20
require key requests to have a recent time stamp (usually within 300 seconds). Therefore, the printer clock must be in sync or closely aligned with the KDC system clock. You can update the printer clock settings manually. You can also set it to use Network Time Protocol (NTP) to sync automatically - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 21
to 128 characters to create a security template. Each device can support up to 140 security templates. Though the names of security templates must by the password or PIN. Using the control panel Note: These instructions apply only in printer models with a touch‑screen display. 1 Navigate to the menu - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 22
. • For a list of individual access controls, see "Appendix D: Access controls" on page 68. Using the control panel Note: These instructions apply only in printer models with a touch‑screen display. 1 Navigate to the menu screen. 2 Touch Security > Edit Security Setups > Edit Access Controls. 3 For - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 23
you can edit a security template that is in use. Editing or deleting a security template from the control panel Note: These instructions apply only in printer models with a touch‑screen display. 1 Navigate to the menu screen. 2 Touch Security > Edit Security Setups > Edit Security Templates. 3 Do - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 24
Managing certificates and other settings 24 Managing certificates and other settings The Certificate Management menu is used for configuring printers to utilize certificates for establishing SSL, IPSec, and 802.1x connections. Additionally, devices utilize certificates for LDAP over SSL authentication - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 25
a certificate signing request that can be viewed or downloaded, which facilitates the process of obtaining the signed certificate for the printer. 1 From the Embedded Web Server, click Settings > Security > Certificate Management > Set Certificate Defaults. 2 Update the information on the device to - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 26
Note: This completes the process of creating and installing a signed printer certificate. The printer can now present a valid CA‑signed certificate to systems issuing the certificate (128‑character maximum). • Unit Name-Type the name of the unit within the company or organization issuing the certificate - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 27
of the company or organization issuing the certificate. • Unit Name-Type the name of the unit within the company or organization issuing the certificate. • certificate monitor Note: This setting is available only in printer models that support Active Directory. When the device is joined to an Active - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 28
Managing certificates and other settings 28 Downloading the Certificate Authority certificates Note: This setting is available only in some printer models. We recommend retrieving the certificate immediately. The default setting for the automatic download of the CA certificates is 12:00 AM in - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 29
type of security assigned. It can also be helpful if other security measures become unavailable, such as when there is a network communication problem or an authentication server fails. Notes: • In some organizations, security policies prohibit the use of a backup password. Consult your organization - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 30
facilitate the automatic installation of device drivers and other printing applications, select Enable PPM Mib (Printer Port Monitor MIB). 6 Click Submit 7 From the SNMPv3 Privacy Algorithm list, select the strongest setting supported by your network environment. 8 Click Submit to save the changes - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 31
Managing devices remotely 31 4 Under Trap Destination, enter the IP address of the network management server or monitoring station, and then select the conditions for which you want to generate an alert. 5 Click Submit to save the changes, or click Reset Form to clear all fields. Configuring - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 32
waits for a response from the SMTP server before timing out. The default value is 30 seconds. 6 To receive responses to messages sent from the printer (in case of failed or bounced messages), type the reply address. 7 From the Use SSL/TLS list, select Disabled, Negotiate, or Required to specify - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 33
encryption algorithm through an embedded key that is known only to Lexmark. However, the strongest security measure comes from requiring all firmware packages to include multiple digital 2048-bit RSA signatures from Lexmark. If these signatures are not valid, or if the message logs - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 34
can be entered. Notes: • This menu item appears only when a formatted, working printer hard disk is installed. • Enter 0 to allow users to enter an incorrect PIN is deleted. Confidential Job Expiration Set a limit on how long the printer stores confidential print jobs. Off 1 hour 4 hours 24 hours 1 - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 35
disabling USB host ports Note: This setting is available only in some printer models. USB host ports on devices do the following: • Detect and in the inserted USB mass storage devices, such as a flash drive. • Print a supported file from the flash drive or initiate a firmware update. • Scan data directly - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 36
an Enable schedule entry to reactivate use of the USB devices. Enabling the security reset jumper Note: This feature is available only in some printer models. If the device is locked down due to a forgotten administrator password or lost network connectivity, then you can recover the device by - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 37
regain access to the security menus, a service call is required. Enabling holding faxes Use to receive faxes and temporarily store them in the printer hard disk. The held faxes are secured in . • Always On-Always holds the fax jobs. • Manual-Lets users select if they want to continue storing the - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 38
panel, provide your credentials. Notes: • This feature requires a hard disk. • When the device is locked, incoming print and fax jobs are stored in the printer hard disk. If the hard disk is encrypted, then the jobs stored are encrypted. • When the device is unlocked, jobs received during the locked - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 39
sure that all of the devices participating in the 802.1X process support the same EAP authentication type. 1 From the Embedded Web Server, click to enable 802.1X authentication. b Type the login name and password the printer uses to log in to the authentication server. c Select the Validate Server - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 40
accept through the secure tunnel created between the authentication server and the printer. 5 Apply the changes. Note: The print server resets when changes to secure traffic between the systems with a strong encryption. The devices support IPSec with preshared keys and certificates. Both modes can be - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 41
is connected temporarily to an Ethernet network. • A wireless network adapter is installed in your printer and working properly. For more information, see the instruction sheet that came with your wireless network adapter. 1 From the Embedded Web Server, click Settings > Network/Ports > Wireless - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 42
setup page, and then in the Network Card [x] section, see if the status is "Connected." For more information, see the "Verifying printer setup" section of the printer User's Guide. Configuring the TCP/IP port access setting You can control your network device activities by configuring your device to - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 43
Securing data 43 Securing data Physical lock Most Lexmark printers support cabled computer locks used to secure the critical and sensitive components of the device, such as the controller board and hard disk. These locks let - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 44
disk are indecipherable. When an encrypted hard disk is moved to another supported device, the hard disk attempts to verify its encryption key with the the disk encryption task. Warning-Potential Damage: Do not turn off the printer during the encryption process. 4 From the Web browser, refresh the - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 45
the configuration menu or the device Embedded Web Server, you can add more options for erasing groups of settings (printer, settings, or application settings). The Erase Printer Memory option (also called Wipe All Settings on some devices) erases all contents stored on non‑volatile memory. Using Wipe - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 46
the Configuration menu appears. 3 From the list, select Restore Factory Settings > Restore Settings. 4 Select one of the following settings: • Restore Printer Settings-Restore all non‑critical base device settings to the factory default. It does not affect network settings or connections, and display - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 47
performs a power‑on sequence, and then the Configuration menu appears. 3 From the list, select Restore Factory Defaults > Erase Printer Memory. While clearing the settings, the "Restoring Factory Defaults" message appears on the display, and then the device reboots to the initial setup wizard screen - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 48
with that file is not actually deleted. This data remains on the hard disk and can be recovered with substantial effort. All printer models with a hard disk support an additional mechanism for protecting residual data, which is hard disk file wiping. Hard disk file wiping actively overwrites any job - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 49
the device to be serviced by someone outside the organization • Removing the device from the premises of service Warning-Potential Damage: This takes approximately a minute before the Configuration menu appears. Note: Some printer models require you to press and hold the check mark and the right - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 50
the hard disk. • Perform Disk Wipe-Clear all job data. • Clear Settings and Solutions-Clear all settings and applications. Note: In some printer models, the Out of Service Wiping setting is visible only if security is enabled. Make sure that the access control for the security menus are set to use - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 51
the instructions on the printer display. Warning-Potential Damage: Do not turn off the printer while printer when: • The printer is being decommissioned. • The printer hard drive is being replaced. • The printer is being moved to a different department or location. • The printer is being serviced - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 52
the Embedded Web Server. For more information, see the printer User's Guide. • Device and network settings-Erase device and network the Restore Factory Defaults setting from the Embedded Web Server. Note: If your printer has a hard disk that has been partitioned for fax storage, then reformat - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 53
the printer until an authorized user releases the job for printing. You can send and store jobs on printers with Print Jobs Administrator's Guide. Card Authentication Lexmark devices support a number of work with a card reader driver application. The card reader driver provides card ID data to other - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 54
safe workflow processes throughout federal government operations. The solution provides more control over the security of networked Lexmark MFPs. The same solution also supports SIPR token cards (using a different card interface application) to provide access over the Secret Internet Protocol Router - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 55
each function you want to protect. 6 Click Submit. Notes: • When an access control is set to user PIN, any administrator PIN set for your printer is valid for that access control. For more information, see "Simple-security device access controls" on page 8. • You can also create a Web Page password - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 56
Web Server for authentication or authorization in the following conditions • Your printer is not connected to a network. • You do not use an Note: Certain building blocks (such as PINs and passwords) do not support separate authorization. 4 To use authorization, click Add authorization, and then - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 57
deployed on the network. User credentials and group designations can be pulled from the existing network, making access to the printer as seamless as other network services. The device automatically downloads the domain controller CA certificate chain. Before configuring the Embedded Web Server to - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 58
Security scenarios 58 Assign security templates to access controls 1 From the Embedded Web Server, click Settings > Security > Security Setup > Access Controls. 2 Select the newly created security template for each function you want to protect. 3 Click Submit. Note: Users are required to enter the - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 59
page 27. 3 Configure the Smart Card Authentication bundle. For more information, see Smart Card Authentication Administrator's Guide. Note: To secure access to all applications and printer functions on the home screen, configure Background and Idle Screen. For more information, see Background and Idle - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 60
Troubleshooting 60 Troubleshooting Login troubleshooting USB device is not supported Make sure that a supported smart card reader is attached Remove the unsupported reader and attach a valid reader. For information on the supported readers, contact your Lexmark representative. Printer home screen - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 61
Troubleshooting 61 KDC and MFP clocks are out of sync This error indicates that the printer clock is more than five minutes out of sync with the domain controller clock. Make sure that the date and time settings on the printer server before manually configuring NTP settings. 3 If the printer uses an - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 62
Troubleshooting not blocked by a firewall Port 88 must be opened between the printer and the KDC for authentication to work. User realm not found in been added to the file The Smart Card Authentication settings do not support multiple Kerberos Realm entries. If multiple realms are needed, then create - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 63
"Getting User Info" For information on LDAP‑related issues, see"LDAP troubleshooting" on page 63. User is logged out automatically Increase the Panel (non‑SSL) and Port 636 (SSL) are not blocked by a firewall The printer uses these ports to communicate with the LDAP server. The ports must be open for - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 64
the user e‑mail address and home directory are correct Held Jobs / Print Release Lite troubleshooting Cannot use the Held Jobs / Print Release feature Add the user to the appropriate smart card principal name or the credential provided by manual login is used to set the user ID (userid@domain). - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 65
Troubleshooting 65 • EDI‑PI-The user ID portion of the smart card principal name or the credential provided by manual login is used to that the jobs were sent to the correct printer and were printed The jobs may have been sent to a different printer, or automatically deleted because they were not - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 66
CRL. 3 Click Base 64 encoded, and then click Download CA Certificate. Note: DER encoding is not supported. 4 Save the certificate that is offered in a file. The file name is arbitrary, but certificate. The previous manual process is replaced by a simple process with only limited initial setup required. - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 67
be installed on the customer's network. Note: The example usage instructions given below assume the Certificate Enrollment Web Services is installed on a Windows 2008 R2 server. 1 Open a Web browser, and then type the IP address or host name of the printer in the address field. 2 From the Embedded Web - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 68
to the Security menu from the Embedded Web Server. Service Engineer Menus at the Device This protects access to the Service Engineer menu from the printer control panel. Service Engineer Menus Remotely This protects access to the Service Engineer menu from the Embedded Web Server. Settings Menu - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 69
from any source other than a flash drive. Firmware files that are received through FTP, the Embedded Web Server, etc., will be ignored (flushed) when this function is protected. Operator Panel Lock This protects access to the locking function of the printer control panel. If this is enabled, then - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 70
access control selections. Appendix E: Common Criteria configuration Overview This guide describes how to configure a supported Lexmark printer to reach Common Criteria Target of Evaluation. Carefully follow the instructions in this guide to make sure that the device meets the requirements of the - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 71
Supported printers MFPs with a hard disk • Lexmark CX510h • Lexmark MX511h • Lexmark MX611h • Lexmark MX710h • Lexmark MX711h • Lexmark MX810 • Lexmark MX811 • Lexmark MX812 • Lexmark MX910 • Lexmark MX911 • Lexmark MX912 • Lexmark XM7155 • Lexmark XM7163 • Lexmark XM7170 • Lexmark XM9145 • Lexmark - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 72
• Lexmark MS610E • Lexmark MS810E • Lexmark MS812E Note: MFPs support copy, e‑mail, fax, and printing features. SFPs support printing features only. Printers with a hard disk support hard disk features. This guide describes the configuration of features that are not available on all printers. Before - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 73
Appendix 73 Encrypting the hard disk If a hard disk is present, then it must be encrypted. For more information, see "Disk encryption" on page 44. Disabling the USB buffer This feature disables the USB client port on the back of the device. 1 Navigate to the menu screen, and then touch Network/ - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 74
Appendix 74 Installing the minimum Common Criteria configuration Configuring disk wiping Disk wiping removes residual confidential material from the printer. It uses random data patterns to securely overwrite files stored on the hard disk that have been marked for deletion. Multiple‑pass wiping is - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 75
Appendix 75 Select Administrator_Security Authenticated_Users For • Administrators allowed to access all device functions • Administrators allowed to use device functions and access the Security menu • Administrators allowed to access all device functions • Administrators allowed to use device - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 76
Menu Remotely Administrator access only Service Engineer Menus at the Device Administrator access only Service Engineer Menus Remotely Administrator access Configuration Administrator access only Remote Management Disabled Firmware Updates Disabled or Administrator access only PJL Device - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 77
access only Authenticated users only Authenticated users only Disabling home screen icons The final step is to remove unnecessary icons from the printer home screen. 1 Navigate to the menu screen, and then touch Settings > General Settings > Home screen customization. 2 Set the following to Do not - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 78
> Activate. 2 Set Activate to No. 3 Apply the changes. Shutting down port access Disabling virtual ports helps prevent intruders from accessing the printer using a network connection. 1 From the Embedded Web Server, click Settings > Security > TCP/IP Port Access. 2 Clear the following check boxes - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 79
Print Service) • TCP 65004 (WSD Scan Service) 3 Click Submit. Network Time Protocol Use Network Time Protocol (NTP) to automatically sync printer time . Fax If your printer includes fax capabilities and is attached to a phone line, then disable fax forwarding and the driver to fax function, and - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 80
"Driver to fax" to No. 5 Apply the changes. Setting up a fax storage location (optional) 1 Turn off the printer. 2 While turning on back the printer, press > Secure Held Print Jobs > Configure. 2 Specify the text and image that you want to appear on your home screen. Note: Some applications require - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 81
enter 0. This prompts the printer to start the secure idle image file types and recommended file sizes, see the mouse‑over help. 10 If necessary, configure the other application settings. For more information about configuring the application, see the Background and Idle Screen Administrator's Guide - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 82
from your existing system, making access to the printer as seamless as other network services. Supported devices can store a maximum of five LDAP+ Smart Card Authentication Administrator's Guide. Understanding the home screen The screen located on the front of the printer is touch‑sensitive and can - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 83
Appendix 83 Using the on‑screen keyboard Some device settings require one or more alphanumeric entries, such as server addresses, user names, and passwords. When an alphanumeric entry is needed, a keyboard appears: Password ~ 1! @# 23 $ 4 5% ^ 6 &* 7 8 ( 9 ) 0 _ + - = @ QWE R T YU - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 84
and verification of operation in conjunction with other products, programs, or services, except those expressly designated by the manufacturer, are the user's responsibility. For Lexmark technical support, visit http://support.lexmark.com. For information on supplies and downloads, visit www - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 85
Notices 85 GifEncoder GifEncoder - writes out an image as a GIF. Transparency handling and variable bit size courtesy OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 86
Notices 86 "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 87
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 88
Notices 88 APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 89
Glossary of Security Terms 89 Glossary of Security Terms Access Controls Authentication Authorization Building Block Group Security Template Settings that control whether individual device menus, functions, and settings are available, and to whom. Also referred to as Function Access Controls on - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 90
the Embedded Web Server 7 Active Directory connecting a printer to 13 adding idle screen images 81 advanced building blocks configuring 10 advanced security 25 configuring disk wiping 74 Configuring Out of Service Erase 50 configuring out‑of‑service wiping 50 connecting to a wireless network 41 control - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 91
disk wiping configuring 74 out of service 50 disposing of printer hard disk 51 domain certificate Security Manager 81 F fax forwarding 79 fax settings Driver to fax 79 fax forwarding 79 held faxes 79 29 I idle screen securing 81 idle screen images adding 81 installing Certificate Authority certificate - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 92
‑volatile memory erasing 52 O Operator Panel Lock enabling 37 out‑of‑service wiping configuring 50 overview Common Criteria 70 P Panel PIN Protect 58 supported printers 71 T TCP/IP Port Access configuring 42 temporary data files erasing 48 touch screen using the 82 troubleshooting authentication - Lexmark MX718 | Embedded Web Server--Security: Administrator s Guide - Page 93
65 not authorized to use Held Jobs / Print Release 64 printer clock out of sync 61 problem getting user info 63 realm on card not found 62 device 60 updating firmware 33 USB buffering disabling 73 USB device not supported 60 USB host ports disabling 35 enabling 35 user access for Common Criteria
Embedded Web Server — Security
Administrator's Guide
June 2017
www.lexmark.com
Model(s):
MS911de, MX910de, MX911, MX912, XM9145, XM9155, XM9165, CS310, CS317dn, CS410, CS417dn, CS510, CS517de, CX310, CX317dn, CX410, CX417de,
CX510, CX517de, M1140, M1145, M3150, M3150dn, M5155, M5163, M5170, XM1140, XM1145, XM3150, XM5163, XM5170, XM7155, XM7163, XM7170, XC2132,
MS310, MS317dn, MS410, MS417dn, MS510, MS517dn, MS61x, MS617dn, MS81x, MS817
d
n, MS817n, MS818dn, MX310, MX317dn, MX410, MX417de, MX51x,
MX517de, MX61x, MX617de, MX71x, MX717de, MX718de, MX81x