Lexmark 13B0503 - X 364dw B/W Laser Administrator's Manual
  1. Manuals
  2. Brands
  3. Lexmark Manuals
  4. Server
  5. 13B0503 - X 364dw B/W Laser
  6. Administrator's manual

Lexmark 13B0503 - X 364dw B/W Laser Administrator's Manual

Embedded web server administrator's guide
Hide thumbs Also See for 13B0503 - X 364dw B/W Laser:
Table of Contents

Advertisement

Quick Links

See also: Reference Manual , User Manual

Embedded Web Server

Administrator's Guide
February 2009
www.lexmark.com
Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries.
All other trademarks are the property of their respective owners.
© 2009 Lexmark International, Inc.
All rights reserved.
740 West New Circle Road
Lexington, Kentucky 40550

Advertisement

Table of Contents
loading

Related Manuals for Lexmark 13B0503 - X 364dw B/W Laser

Summary of Contents for Lexmark 13B0503 - X 364dw B/W Laser

  • Page 1: Embedded Web Server

    Administrator's Guide February 2009 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners. © 2009 Lexmark International, Inc.
  • Page 2 This software and any accompanying documentation provided under this agreement are commercial computer software and documentation developed exclusively at private expense. Trademarks Lexmark, Lexmark with diamond design, and MarkVision are trademarks of Lexmark International, Inc., registered in the United States and/or other countries. All other trademarks are the property of their respective owners.

  • Page 3: Table Of Contents

    Contents Using security features in the Embedded Web Server....5 Understanding the basics..............................5 Authentication and Authorization ..............................5 Groups ........................................6 Access Controls....................................6 Security Templates....................................6 Configuring building blocks..............................7 Creating a password ..................................7 Creating a PIN......................................7 Setting up internal accounts .................................8 Using LDAP ......................................9 Using LDAP+GSSAPI ..................................
  • Page 4 Appendix....................29 Notices....................32 Glossary of Security Terms.............39 Index....................40 Contents...

  • Page 5: Using Security Features In The Embedded Web Server

    Using security features in the Embedded Web Server The latest suite of security features available in the Lexmark Embedded Web Server represents an evolution in keeping document outputs safe and confidential in today's busy environments. Incorporating traditional components such as authentication and group permissions, administrators can use Embedded Web Server Security Templates to control access to the devices that produce, store, and transmit sensitive documents.

  • Page 6: Groups

    Groups Administrators can designate up to 32 groups to be used in association with either the Internal accounts or LDAP/LDAP+GSSAPI building blocks. For the purposes of Embedded Web Server security, groups are used to identify sets of users needing access to similar functions. For example, in Company A, employees in the warehouse do not need to print in color, but those in sales and marketing use color every day.

  • Page 7: Configuring Building Blocks

    Configuring building blocks Creating a password The Embedded Web Server can store a combined total of 250 user-level and administrator-level passwords on each supported device. To create a password From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. Under Edit Building Blocks, select Password.

  • Page 8: Setting Up Internal Accounts

    Select Admin PIN if the PIN will be used as the Administrator PIN. Note: If an activity is secured by a specific Administrator PIN, then only that PIN will grant access to it. Click Submit. Setting up internal accounts Embedded Web Server administrators can configure one internal account building block per supported device. Each internal account building block can include a maximum of 250 user accounts, and 32 user groups.

  • Page 9: Using Ldap

    Specifying settings for internal accounts Settings selected in the Internal Accounts Settings section will determine the information an administrator must submit when creating a new internal account, as well as the information a user must submit when authenticating. Require e-mail address—Select this box to make the E-mail address a required field when creating new internal •...
  • Page 10 Search Timeout—Enter a value of from 5 to 30 seconds. • Required User Input—Select either User ID and Password or User ID to specify which credentials a user • must provide when attempting to access a function protected by the LDAP building block. Device Credentials Anonymous LDAP Bind—If selected, the Embedded Web Server will bind with the LDAP server anonymously, •...

  • Page 11: Using Ldap+Gssapi

    To validate an existing LDAP setup From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. Under Edit Building Blocks, select LDAP. Click Test LDAP Authentication Setup next to the setup you want to test. Using LDAP+GSSAPI Some administrators prefer authenticating to an LDAP server using Generic Security Services Application Programming Interface (GSSAPI) instead of simple LDAP authentication because the transmission is always secure.
  • Page 12 Search Timeout—Enter a value of from 5 to 30 seconds. • Required User Input—Select either User ID and Password or User ID to specify which credentials a user • must provide when attempting to access a function protected by the LDAP building block. Device Credentials MFP Kerberos Username—Enter the distinguished name of the print server(s).

  • Page 13: Configuring Kerberos 5 For Use With Ldap+Gssapi

    Configuring Kerberos 5 for use with LDAP+GSSAPI Though it can be used by itself for user authentication, Kerberos 5 is most often used in conjunction with the LDAP +GSSAPI building block. While only one Kerberos configuration file (krb5.conf) can be stored on a supported device, that krb5.conf file can apply to multiple realms and Kerberos Domain Controllers (KDCs).

  • Page 14: Using Ntlm Authentication

    Setting date and time Because Kerberos servers require that key requests bear a recent timestamp (usually within 300 seconds), the printer clock must be in sync or closely aligned with the KDC system clock. Printer clock settings can be updated manually, or set to use Network Time Protocol (NTP), to automatically sync with a trusted clock—typically the same one used by the Kerberos server.

  • Page 15: Securing Access

    Specifying the default user domain for the NTLM server Open the Embedded Web Server home screen using the secure version of the page (with the URL beginning “https://”), rather than an unsecured browsing window. Note: If you do not connect to the Embedded Web Server using HTTPS, you will not be able to register your device with an NT domain.

  • Page 16: Setting Login Restrictions

    Setting login restrictions Many organizations establish login restrictions for information assets such as workstations and servers. Embedded Web Server administrators should verify that printer login restrictions also comply with organizational security policies. From the Embedded Web Server Home screen, browse to Settings ª Security ª Miscellaneous Security Settings.
  • Page 17 Step 2: Create a security template Once configured, one or two building blocks can be combined with a unique name of up to 128 characters to create a security template. Each device can support up to 140 security templates. Though the names of security templates must be different from one another, building blocks and security templates can share a name.

  • Page 18: Scenarios

    Notes: Clicking Delete List will delete all security templates on the device, regardless of which one is selected. To delete • an individual security template, select it from the list, and then click Delete Entry in the Settings screen for that template.

  • Page 19: Scenario: Network Running Active Directory

    Step 2: Create a security template From the Embedded Web Server Home screen, browse to Settings ª Security ª Edit Security Setups. Under Edit Security Templates, select Security Templates. Under Manage Security Templates, select Add a Security Template. In the Security Templates Name field, type a unique name containing up to 128 characters. It can be helpful to use a descriptive name, such as ”Administrator _ Only”, or “Common _ Functions _ Template.”...
  • Page 20 LDAP server information The IP address or hostname of the LDAP server • The LDAP server port (the default is 389) • A list of up to three object classes stored on the LDAP server, which will be searched for user credentials during •...

  • Page 21: Managing Certificates And Other Settings

    For each function you want to protect, select the newly created security template from the drop-down list next to the name of that function. Click Submit to save changes, or Reset Form to cancel all changes. Users will now be required to enter the appropriate credentials in order to gain access to any function controlled by the security template.

  • Page 22: Setting Certificate Defaults

    From here, you can: Delete—Remove a previously stored certificate. • Download to File—Download or save the certificate as a .pem file. • Download Signing Request—Download or save the signing request as a .csr file. • Install Signed Certificate—Upload a previously signed certificate. •...

  • Page 23: Enabling And Disabling Usb Devices

    Select an option for Job Expiration: Select Off to allow unprinted confidential print jobs to remain in the print queue indefinitely. • Select a value of 1 hour, 4 hours, 24 hours, or 1 week to specify the amount of time that an unprinted •...

  • Page 24: Encrypting The Hard Disk

    If you have enabled Manual mode and wish to set up a schedule for disk wiping, select Scheduled Disk Wiping. Use the Time and Day(s) lists to designate when disk wiping should occur, and then click Add. Repeat as needed to schedule additional times for disk wiping.

  • Page 25: Configuring Security Audit Log Settings

    The printer will power-on reset, and then return to normal operating mode. Configuring security audit log settings The security audit log allows administrators to monitor security-related events on a device including, among others, user authorization failures, successful administrator authentication, or Kerberos files being uploaded to a device. By default, security logs are stored on the device, but may also be transmitted to a network syslog server for further processing or storage.

  • Page 26: Configuring 802.1X Authentication

    Type the Primary SMTP Gateway Port number of the destination server. The default value is port 25. If using a secondary or backup SMTP server, enter the IP address/hostname and SMTP port for that server. For SMTP Timeout, type the number of seconds (5-30) the device will wait for a response from the SMTP server before timing out.

  • Page 27: Setting Up Snmp

    From the TTLS Authentication Method list, choose which authentication method will be accepted through the secure tunnel created between the authentication server and the printer. Click Submit to save the changes, or Reset Form to restore the default settings. Note: Changes made to settings marked with an asterisk (*) will cause the print server to reset. Setting up SNMP Simple Network Management Protocol (SNMP) is used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.

  • Page 28: Enabling The Security Reset Jumper

    Under Trap Destination, type the IP address of the network management server or monitoring station, and then click the check box next to each condition that should generate an alert. Click Submit to save changes, or Reset Form to clear all fields. Enabling the security reset jumper The Security Reset Jumper is a hardware jumper located on the motherboard.

  • Page 29: Appendix

    Appendix Menu of Access Controls Depending on device type and installed options, some Access Controls (referred to on some devices as Function Access Controls) may not be available for your printer. Function Access Control What it does Address Book Controls the ability to perform address book searches in the Scan to Fax and Scan to Email functions Change Language from Home Controls access to the Change Language feature from the printer control panel...
  • Page 30 Function Access Control What it does Network Ports/Menu at the Device Protects access to the Network/Ports section of the Settings menu from the printer control panel Network Ports/Menu Remotely Protects access to the Network/Ports section of the Settings menu from the Embedded Web Server NPA Network Adapter Setting When disabled, all network adaptor NPA settings change commands are ignored...
  • Page 31 Function Access Control What it does Supplies Menu at the Device Protects access to the Supplies menu from the printer control panel Supplies Menu Remotely Protects access to the Supplies menu from the Embedded Web Server User Profiles Controls access to Profiles, such as scanning shortcuts, workflows, or eSF applications Web Import/Export Settings Controls the ability to import and export printer settings files (UCF files) from the...

  • Page 32: Notices

    Notices This product includes software developed by the Apache Software Foundation (http://www.apache.org). The Apache Software License, Version 1.1 Copyright (c) 2000-2002 The Apache Software Foundation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Page 33 TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity"...
  • Page 34 Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files;...

  • Page 35: Gnu Lesser General Public License

    International, Inc. ("Lexmark") that, to the extent your Lexmark product or Software Program is not otherwise subject to a written software license agreement between you and Lexmark or its suppliers, governs your use of any Software Program installed on or provided by Lexmark for use in connection with your Lexmark product. The term "Software Program"...
  • Page 36 Lexmark that cannot be excluded or modified. If any such provisions apply, then to the extent Lexmark is able, Lexmark hereby limits its liability for breach of those provisions to one of the following: replacement of the Software Program or reimbursement of the price paid for the Software Program.
  • Page 37 UPGRADES. To Use a Software Program identified as an upgrade, you must first be licensed to the original Software Program identified by Lexmark as eligible for the upgrade. After upgrading, you may no longer use the original Software Program that formed the basis for your upgrade eligibility.
  • Page 38 Software Program and requested by you. Lexmark agrees not to use this information in a form that personally identifies you except to the extent necessary to provide such services.

  • Page 39: Glossary Of Security Terms

    Glossary of Security Terms Access Controls Settings that control whether individual device menus, functions, and settings are available, and to whom. Also referred to as Function Access Controls on some devices. Authentication A method for securely ientifying a user. Authorization A method for specifying which functions are available to a user, i.e.

  • Page 40: Index

    Index Numerics 802.1x 26 encrypting the hard disk 24 Scenario Active Directory networks 19 printer in a public place 18 standalone or small office 18 Access Controls Function Access Controls 6 using passwords and PINs 18 list of 29 list of 29 security managing with PIN or 802.1x authentication 26...

This manual is also suitable for:

264dn - x b/w laser364dn - x b/w laser464de - x b/w laser466de - x b/w laser466dte - x b/w laser651de - x b/w laser ... Show all

Table of Contents