Lexmark XC9445 Security White Paper - Page 35
Secure Start Process and Operating System Protections
View all Lexmark XC9445 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 35 highlights
Secure Access 35 For added security, the device administrator can require a user or a group to be authenticated prior to releasing the faxes. By adding this component, the administrator is validating that the faxes are released to authorized individuals and audits the action (for example, who released the faxes and the date and time) if there are concerns about malicious use. Secure Start Process and Operating System Protections Overview Security is an integral part of the Lexmark development process and is the reason security is a standard offering on all Lexmark devices. Device security is not to be an afterthought or a separate security chip inserted in a device after it has been manufactured. Device security must be holistic, which includes protection against malware and viruses. It is one of the reason's why Lexmark has been committed to developing security mechanisms around device operating systems, firmware updates, and embedded solutions well before it became a published attack vector for malicious individuals. Benefits • Ensures that there is virtually no option for loading malware or viruses in the operating system or other operating firmware of a device • Ensures that only trusted firmware is installed on Lexmark devices by using digital signatures and other security mechanisms • Stops operation and reports error if self-checking detects its security is compromised Details For their operating systems, Lexmark devices use a version of Linux. The kernel, which is a central part of the Linux operating system, is obtained directly from the Linux distribution site and not from a third party. Lexmark makes modifications to the Linux kernel so that the operating system can better meet the needs of hard copy devices. This approach provides hardening against external attacks. Lexmark is using the AndroidTM Open Source Project to drive the graphical user interface (GUI) for the current generation of Lexmark touch-screen devices. Additional protections used in the development of the Lexmark operating system are: • Standard applications, such as Apache, Samba, Telnet, FTP, that are found in a standard Linux distribution, have well-documented security exposures and are subject to rootkit attacks. These applications have been removed and replaced with applications specifically written by Lexmark developers for a hard copy device. • Lexmark development teams create custom applications that control functions such as print, fax, copy, and scan. After all modifications are made to the operating system, it is firewalled and hardened to the point that the embedded environment is closed. • In the event that a vulnerability is found on a device or additional functionalities are added to the operating system, the entire operating system is replaced on the device through a firmware update.