Table of Contents
Advertisement
2
No.
Operation
14
Delete file
Delete document data
15
Change file attribute
16
Password authentication for secure
print
17
Access to secure print file
18
Delete secure print file
19
Change HDD lock password
*1
: Audit log ID will be saved as user ID when user authentication is successfully made, or when password
inconformity occurs with a registered user name.
*2
: Audit log ID will be saved as unregistered user ID when authentication failure occurs with an unregistered
user name.
*3
: Audit log ID will be saved as secure user ID when secure print authentication in successfully made, or when
password inconformity occurs with a registered secure user name.
*4
: Audit log ID will be saved as unregistered user ID when secure print authentication failure occurs with an
unregistered user name.
The purpose of analyzing the audit log is to understand the following and implement countermeasures:
-
Whether or not data was accessed or tampered with
-
Subject of attack
-
Details of attack
-
Result of attack
For specific analysis methods, see the following description.
Specifying unauthorized actions: password authentication
If logs have NG as the result of password authentication (action: 01, 02, 11), items protected by passwords
may have been attacked.
-
Failed password authentication (NG) log entries specify who made the operation, and show if unauthor-
ized actions were made when password authentication failed.
-
Even if password authentication succeeded (OK), you may need to check whether a legitimate user cre-
ated the action. Careful check is recommended especially when successful authentication occurs after
series of failures, or for those made during times other than normal operating hours.
Specifying unauthorized actions: actions other than password authentica-
tion
Since all operation results other than password authentication are indicated as successful (OK), use ID and
action to determine if any unauthorized actions were made.
-
Since you cannot identify what was attacked only with an ID, you need to refer to the correspondence
table of actions on the previous page to determine whether unauthorized actions were made on a per-
sonal box or secure box.
-
Check the time of operation, and see if the user who operated the specific subject made any unauthor-
ized actions.
For example:
If a document saved in a box is printed with fraudulent authentication, the following audit log entry will be
created.
1. Password authentication to the box:
action = 11
id = Box for which the authentication was performed
result = OK/NG
2. Access to the document in the box:
2-46
Administrator Security Functions
Audit ID
User ID
User ID
*3
Secure user ID
/Unreg-
*4
istered user ID
Secure user ID
Secure user ID
Administrator ID
2.5
Stored ac-
Result
tion
14
OK
15
OK
16
OK/NG
17
OK
18
OK
19
OK
bizhub PRESS 1250P
Hide quick links:
Advertisement
Table of Contents
