Security Options; Event Log Settings; System Services - HP StorageWorks X5000 Technical Manual
Nas security: technical guide to nsa, c2, e3-fc2, and cc security compliancy
Hide thumbs
Also See for StorageWorks X5000:
- Release note (39 pages) ,
- Limited warranty (76 pages) ,
- Support manual (17 pages)
Table of Contents
Advertisement
2.10.3 Security Options
Most Security Options settings for print servers in the three environments defined in this guide are
configured via the MSBP. For more information about MSBP, section 2.8. Differences between the
MSBP and the Incremental Print Server Group Policy are described in the following section.
Microsoft network server: Digitally sign communications (always)
Print Server Default
Disabled
The Microsoft network server: Digitally sign communications (always) setting determines whether
packet signing is required by the SMB server component. The SMB protocol provides the basis for
Microsoft file and print sharing and many other networking operations, such as remote Windows
administration. To prevent man-in-the-middle attacks that modify SMB packets in transit, the SMB
protocol supports SMB packet digital signing. This setting determines whether SMB packet signing
must be negotiated before further communication with an SMB client is permitted. Although this
setting is disabled by default, the MSBP enables this setting for servers in the High Security
environment defined in this guide. Not disabling this setting on print servers allows users to print, but
not view the print queue. Users attempting to view the print queue will receive an access denied
message. For these reasons, the Microsoft network server: Digitally sign communications (always)
setting is configured to Disabled for print servers in all three environments defined in this guide.
2.10.4 Event Log Settings
The Event Log settings for print servers in the three environments defined in this guide are configured
via the MSBP. For more information on the MSBP, see section 2.8.
2.10.5 System Services
Any service or application is a potential point of attack, and therefore any unneeded services or
executable files should be disabled or removed. In the MSBP, these optional services, as well as any
other unnecessary services, are disabled. The following section details services that must be enabled
on print servers.
Service Name
Member Server
MacPrint
Not installed
Important: The Print Server for Macintosh system service must be set to Automatic within HP NAS
server systems that require print server capabilities for their Apple client systems.
The Print Server for Macintosh system service enables Macintosh clients to route printing to a print
spooler located on a computer running Windows Server 2003 Enterprise Server. These features are
not required in the baseline server environment. Therefore, this service is configured to Disabled in
the three environments defined in this guide.
Service Name
Member Server
Spooler
Important: The Print Spooler system service must be set to Automatic for HP NAS server systems
requiring print server support.
The Print Spooler service manages all local and network print queues and controls all print jobs. The
Print Spooler service is the center of the Windows printing subsystem and communicates with printer
Legacy Client
Disabled
Print Server for Macintosh
Legacy Client
Default
Disabled
Print Spooler
Legacy Client
Default
Automatic
Automatic
131
Enterprise Client
Disabled
Enterprise Client
Disabled
Enterprise Client
Automatic
High Security Client
Disabled
High Security Client
Disabled
High Security Client
Automatic
Advertisement
Table of Contents
