User's Guide: Security
User's Guide: Security
Security
Security Functions Enhanced Security Mode Protect and Delete Data After Use User Authentication in Enhanced Security Mode HDD Store Function in Enhanced Security Mode Administrator Security Functions
ACKNOWLEDGEMENTS: - KONICA MINOLTA, KONICA MINOLTA Logo and the essentials of imaging are registered trademarks or trademarks of KONICA MINOLTA HOLDINGS, INC. - bizhub PRO is a registered trademark or trademark of KONICA MINOLTA BUSINESS TECHNOLOGIES, INC. Copyright 2005 KONICA MINOLTA BUSINESS TECHNOLOGIES, Inc. EXEMPTION - No part of this manual may be used or duplicated without permission. - Manufacturer and Sales Company will have no liability for any influences caused by using the printing system and this Users Guide. - The information written in this Users Guide is subject to change without prior notice.
3 4
Protect and Delete Data After Use .................................. 7 User Authentication in Enhanced Security Mode .......... 8
4.1 4.2 4.3 4.4 4.5 Description of user authentication .....................................................8 To register a new user .........................................................................9 To change a user data ........................................................................14 To delete a user ..................................................................................18 To change password by user ............................................................21
Index................................................................................. 61
Security Functions
Security Functions
The bizhub PRO 920 device has two security modes. Normal mode Use this mode if the machine is used by a single person and there is a low possibility of illicit access and operations. This is the default mode when shipped from the factory. To use regular mode, please see the uses guide for each individual machine. Enhanced Security mode Use this mode if the machine is connected to a local area network, or to external networks through a telephone line or other means. An Administrator manages the device according to this users guide, so that users can have a safe operating environment. Your administrator is the only one who can turn the Enhanced Security mode ON and OFF, and make other changes, and your service representative will designate an administrator. To turn the Enhanced Security mode ON, the service representative should set a CE authentication password and Administrator password for the device. If IC-203 is not installed, you cannot set the Enhanced Security Mode to ON. The Enhanced Security mode cannot be turned ON when the Machine NIC is activated. Please contact your service representative when using the Enhanced Security mode. Enhanced Security mode is recommended to prevent data from being accessed or tampered with. Environments in which Enhanced Security mode is recommended The device is connected to an local network, the Internet through a firewall, or the external telephone line for maintenance. The device is monitored by a telephone line or a network.
1
Creating a secure environment
Security Functions
For security, we recommend that supervisors and an administrator use Enhanced Security mode and establish an environment as follows. - Where to set up the device Set up the device in a place where only designated personnel can operate it. - User training The administrator must provide training and information to users to maintain the security of the device. Users should keep passwords set up by the administrator, and a password that they set up on their own in a secure place.
The administrator is supposed to give the instructions for releasing the authentication function to a user when creating a Box for that user, therefore the user should perform to release the authentication function when machine operation is completed.
Qualifications to be an administrator A supervisor must select a reliable person who has adequate knowledge, technical ability, and experience as an administrator, to whom to delegate administration of the device. Guarantee of service representative (CE) A supervisor or an administrator can use Enhanced Security mode after confirming that a service contract was signed with the service representative (CE). Clearly state in the service contract that the service representative will not engage in any fraudulent actions. Secure LAN We recommend that you use an apparatus such as WEP code (802.11) to prevent tapping during communication when setting up a local area network.
2
Downloaded from www.Manualslib.com manuals search engine
2
2.1
2
-
Enhanced Security Mode Administrator authentication A service representative will set up an authentication data for an administrator. The administrator must input a password to gain authorized access. Only one authentication string can be registered per machine. Administrator Setting mode If the Administrator Setting mode has been entered by successful administrator authentication, the setting change of various machine functions will be available on the machine. Be sure to exit the Administrator Setting mode if you leave in front of the machine while using the Administrator Setting mode.
2.2
4
Downloaded from www.Manualslib.com manuals search engine
2.3
!
Detail
To turn Enhanced Security mode ON/OFF, see Security Administrator Operation on page 44.
When Enhanced Security mode is ON, the enhanced security icon [ appear on the Copy/Box/Scanner Basic Screens. Copy Basic Screen ] will
2
Scanner Basic Screen
Check the Enhanced Security icon on each Basic Screen to see if Enhanced Security mode is ON or OFF.
6
Downloaded from www.Manualslib.com manuals search engine
4 4
4.1
2
Reminder
Do not use your name, birthday, employee number, etc. for a password that others can easily figure out.
If a password set in normal mode is fewer than 8 characters or more than 64 characters, you cannot use it in Enhanced Security mode. If this happens, contact the administrator to turn OFF Enhanced Security mode, and set a new password following the above conditions. Even after a successful access has been made, authentication with user name and password will be required under the following conditions. - The main power switch is turned off. - The sub power switch is turned off. - The [Access] on the control panel is pressed. - The [Copy]/[Scan]/[Box] on the control panel is pressed, when the User/ Account Authentication Connect is turned on. - The [Job List] on the touch panel is touched, when the User/Account Authentication Connect is turned on. - The auto reset function operates.
8
Downloaded from www.Manualslib.com manuals search engine
!
Detail
When a user accesses a Box for which a password has been set in the HDD, all authentication operations with password will be saved in an audit log.
!
Detail
Initially, the user authentication is not available on the machine. To activate this function, the distribution number for each section should be changed. For details, see the User's guide of POD Administrator's Reference.
4.2
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
4
2
Enter the password. Use the touch screen keypad to enter the 8-digit Administrator password, then touch [OK].
10
Downloaded from www.Manualslib.com manuals search engine
11
4
7
User Authentication in Enhanced Security Mode Touch [User Number], [User Name], [Password], or [Account Name] to display each subsequent screen, then make the desired setting.
To enter the User Number, touch [User Number] on the New User Registration Screen. Use the screen keypad on the popup menu to enter the desired user number. Touch [OK] to return to the New User Registration Screen.
12
Downloaded from www.Manualslib.com manuals search engine
To enter the User Name, touch [User Name] on the New User Registration Screen. Enter the desired user name from the screen keypad. Touch [OK] to return to the New User Registration Screen.
To enter the Password, touch [Password] on the New User Registration Screen. Enter the desired password from the screen keypad. Touch [OK] to return to the New User Registration Screen.
To enter the account name, touch [Account Name] on the New User Registration Screen. Touch the desired account name key to highlight it. Touch [OK] to return to the New User Registration Screen.
13
4
8 9
User Authentication in Enhanced Security Mode Specify the usable function. To prohibit a specific function, touch the key on the New User Registration Screen to release the highlight. Touch [OK]. When settings are completed, touch [OK] on the New User Registration Screen. The User Authentication Setting Screen will be restored.
4.3
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. The current password cannot be used again. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
14
Downloaded from www.Manualslib.com manuals search engine
Enter the password. Use the touch screen keypad to enter the 8-digit Administrator password, then touch [OK].
15
4
5
Touch [Change].
16
Downloaded from www.Manualslib.com manuals search engine
Touch [User Name], [Password] or [Account Name] to display each subsequent screen, then make the desired setting change.
To change the user name, touch [User Name] on the User Registration Screen. Enter the desired user name from the screen keypad. Touch [OK] to return to the Change Registered User Data Screen.
To change the Password, touch [Password] on the User Registration Screen. Enter the desired password from the screen keypad. Touch [OK] to return to the Change Registered User Data Screen.
17
User Authentication in Enhanced Security Mode To change the account name, touch [Account Name] on the User Registration Screen. Touch the desired section key to highlight it. Touch [OK] to return to the Change Registered User Data Screen.
9 10
Specify the usable function. To prohibit a specific function, touch the key on the Change Registration User Data Screen to release the highlight. Touch [OK]. When settings are completed, touch [OK] on the Change Registered User Data Screen. The User Authentication Setting Screen will be restored.
4.4
To delete a user
Follow the procedure below to delete a user name, password, and also Personal Folder.
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
18
Downloaded from www.Manualslib.com manuals search engine
Enter the password. Use the touch screen keypad to enter the 8-digit Administrator password, then touch [OK].
19
4
5
Touch [Delete].
The popup menu will be displayed to confirm that the selected user will be deleted.
20
Downloaded from www.Manualslib.com manuals search engine
Touch [Yes].
The selected user name and password will be deleted. Also the personal folder that belongs to the user will be deleted together.
4.5
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
2
Reminder
Do not use your name, birthday, employee number, etc. for a password that others can easily figure out.
!
Detail
If password setup doesnt proceed successfully, the information will be saved in the audit log. The password currently used cannot be entered as a new password.
21
4
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
22
Downloaded from www.Manualslib.com manuals search engine
Enter your user name. Touch [User Name] to display the Input User Name Screen.
Enter your user name, then touch [OK] to return to the User Authentication Screen.
Enter your current password. Touch [Password] to display the Input User Password Screen.
23
User Authentication in Enhanced Security Mode Enter your current password. The entered password will appear as asterisks (********) on the screen. Then touch [OK].
Enter your new password. Touch [New Password] to display the Input New Password Screen.
24
Downloaded from www.Manualslib.com manuals search engine
Enter your new password once more for confirmation, then touch [OK].
25
5 5
5.1
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
26
Downloaded from www.Manualslib.com manuals search engine
Enter your user name and user password on the User Authentication Screen. Touch [User Name] to display the Input User Name Screen.
Enter your user name, then touch [OK] to return to the User Authentication Screen.
27
HDD Store Function in Enhanced Security Mode Enter your user passwor, then touch [OK] to return to the User Authentication Screen
28
Downloaded from www.Manualslib.com manuals search engine
Enter the password if selected Box requires one. The Personel File Screen will be displayed.
Touch [Store].
29
5
7
HDD Store Function in Enhanced Security Mode Press [Start] on the control panel to scan. After scanning all the originals, the machine automatically starts to print and store the data in a Box.
When operation is completed, press [Access] on the control panel. The User Authentication Screen will be displayed to prohibit the machine operation without entering a user name and password.
5.2
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Box] on the control panel. The Image Data Store/Recall Screen will be displayed.
30
Downloaded from www.Manualslib.com manuals search engine
Touch [Store].
Enter your user name and user password on the User Authentication Screen. Touch [User Name] to display the Input User Name Screen.
Enter your user name, then touch [OK] to return to the User Authentication Screen.
31
HDD Store Function in Enhanced Security Mode Touch [Password] to display the Input User Password Screen.
Enter your user password, then touch [OK] to return to the User Authentication Screen.
32
Downloaded from www.Manualslib.com manuals search engine
Enter the password if selected Box requires one. The Personal File Screen will be displayed.
Touch [Store].
33
5
8
HDD Store Function in Enhanced Security Mode Enter the file name, then touch [OK].
Press [Start] on the control panel to scan and store the image data. The popup menu to confirm whether to continue or close it will be displayed.
10
To continue to store the next image data, touch [Yes]. The Input File Name Screen will be restored. To close, touch [No]. The User Authentication Screen will be displayed.
34
Downloaded from www.Manualslib.com manuals search engine
11
When operation is completed, press [Access] on the control panel. The User Authentication Screen will be displayed to prohibit the machine operation without entering a user name and password.
5.3
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Box] on the control panel. The Image Data Store/Recall Screen will be displayed.
Touch [Recall].
35
5
3
HDD Store Function in Enhanced Security Mode The User Authentication Screen will be displayed. Enter your user name and user password on the User Authentication Screen. Touch [User Name] to display the Input User Name Screen.
Enter your user name, then touch [OK] to return to the User Authentication Screen.
36
Downloaded from www.Manualslib.com manuals search engine
HDD Store Function in Enhanced Security Mode Touch [Password] to display the Input User Password Screen.
Enter your user password, then touch [OK] to return to the User Authentication Screen.
37
5
5
HDD Store Function in Enhanced Security Mode Select the desired personal Box.
Touch [OK]. The Personal Box File Selection Screen will be displayed. Proceed to step 7 if recalls the image data file. Proceed to step 8 if deletes the image data file.
Recall the image data. Touch the desired file key, then touch [>>>]. To output the image data, touch [Wait Output], [Proof Output], or [Auto Output], as desired, and then touch [OK].
Enter the desired print quantity from touch panel keypad on the Input Print Quantity Screen.
38
Downloaded from www.Manualslib.com manuals search engine
After outputting, the popup menu to confirm whether to continue or close it will be displayed. To continue to recall the next image data, touch [Yes]. The Personal Box File Selection Screen will be restored. To close, touch [No]. The Image Data Store/Recall Screen will be displayed.
Delete the image data. Touch the desired file key, then touch [File Delete]. The popup menu to confirm will be displayed. Touch [Yes] to delete the selected file. Touch [No] to display the Image Data Store/Recall Screen.
When operation is completed, press [Access] on the control panel. The User Authentication Screen will be displayed to prohibit the machine operation without entering a user name and password.
39
5
5.4
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Outputting secure printing using a PC: printing on the machine:
Press [Box] on the control panel. The Image Data Store/Recall Screen will be displayed.
Touch [Recall].
Enter your user name and user password on the User Authentication Screen. Touch [User Name] to display the Input User Name Screen.
Enter your user name, then touch [OK] to return to the User Authentication Screen.
41
HDD Store Function in Enhanced Security Mode Enter your user password, then touch [OK] to return to the User Authentication Screen.
6 7
42
Select the desired secure box. Enter the secure password setup in secure printing.
8 9
Touch [OK]. The Secure File List Screen will be displayed. Select the desired secure file. Touch the desired secure file key, then touch [>>>].
10
Secure printing will start. Touch [Wait Output], [Proof Output], or [Auto Output], as desired.
43
6 6
6.1
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
44
Downloaded from www.Manualslib.com manuals search engine
Enter the password. Use the touch panel keypad to enter the 8-digit Administrator password, then touch [OK].
45
6
5
Touch [3 Enhance Security Mode].
Turn Enhanced Security mode ON or OFF. If you want to turn Enhanced Security mode ON, touch [On] to highlight it. If you want to turn it OFF, touch [Off] to highlight it. Touch [OK].
Touch [Yes].
The machine will restart and the new setting will be activated.
46
Downloaded from www.Manualslib.com manuals search engine
6.2
2
Reminder
Do not use your name, birthday, employee number, etc. for a password that others can easily figure out.
!
Detail
The HDD lock password functions only when the Enhanced Security mode is ON. When turned OFF, the message Please set Enhanced Security mode will be displayed.
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
!
Detail
The main body serial number will be printed at the upper left on the Utility Screen and the upper right corner of the audit log. For details, see the next section Print audit log and page 57 for the sample log. If authentication is succeeded, touch New Password to enter the new password. The key will not be active until authentication is succeeded.
47
If authentication fails, the information will be saved in the audit log. The current password cannot be used again as a new password.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
48
Downloaded from www.Manualslib.com manuals search engine
Enter the password. Use the touch panel keypad to enter the 8-digit administrator password, then touch [OK].
49
6
6
Enter current password. Touch [Current Password] to display the Input Current Password Screen.
Enter current password (The first password: 9-digit alphanumeric serial number of the main body). The entered password will appear as asterisks on the screen. Then, touch [OK].
50
Downloaded from www.Manualslib.com manuals search engine
Enter new password. Touch [New Password] to display the Input New Password Screen.
Enter new password. The entered new password will appear as asterisks on the screen. Then, touch[OK].
51
Administrator Security Functions Enter new password once more for confirmation, then touch [OK].
52
Downloaded from www.Manualslib.com manuals search engine
6.3
!
Detail
Passwords are case sensitive. If a wrong password or fewer than 8 alphanumerical characters are entered and the [OK] is touched, the warning message Password does not match will appear, and no key will work for five seconds. Enter the right password after five seconds. If authentication fails, the information will be saved in the audit log.
!
Detail
To stop printing, press [Stop] on the control panel, then touch [Cancel] on the confirmation popup screen.
Procedure
Press [Utility/Counter] on the control panel. The Utility Screen will be displayed.
53
6
2
Touch [6 Administrator Setting].
Enter the password. Use the touch panel keypad to enter the 8-digit administrator password, then touch [OK].
54
Downloaded from www.Manualslib.com manuals search engine
55
6
8
Administrator Security Functions Touch [Management List] to restore the Print Management List Screen.
56
Downloaded from www.Manualslib.com manuals search engine
6.4
Audit Log Information The audit log contains the following information. 1. date/time: date and time when an operation was made that results in the creation of a log entry. 2. id: the person who made the operation or who is subject to security protection can be specified. -1: Operation by CE (service representative). -2: Operation by the administrator. -3: Operation by the unregistered user. Other integer: Indicates subjects for security protection, and the following action IDs narrow down the subject for protection. User ID (1 to 1000 numerical symbols) Secure User ID (1 to 99999 numerical symbols) 3. action: Used to specify the operation. Check details of operation that action indicates in the following table. 4. result: Result of an operation. For password authentication, success or failure will be indicated as OK and NG. For operations without password authentication, all log entries will be indicated as OK.
57
6
6.5
ID
Stored action
01 02 03 04 05 06 07 08 09 10 11 12 13 14 16 17 18 19
58
Downloaded from www.Manualslib.com manuals search engine
The purpose of analyzing the audit log is to understand the following and implement countermeasures: Whether or not data was accessed or tampered with Subject of attack Details of attack Results of attack Specify unauthorized actions: password authentication If logs have NG as the result of password authentication (action: 01, 02, 11, 16), items protected by passwords may have been attacked. - Failed password authentication (NG) log entries specify who made the operation, and show if unauthorized actions were made when password authentication failed. - Even if password authentication succeeded (OK), it shows whether a legitimate user created the action. You need to check carefully when successful authentication occurs after series of failures especially during times other than normal operating hours. Specify unauthorized actions: actions other than password authentication under security All operation results other than password authentication will be indicated as successful (OK), so determine if there were any unauthorized actions by ID and action. - Since you cannot specify what was attacked only with an ID, you need to see the action and the table on the previous page to determine whether unauthorized actions were made on a personal box or secure box. - Check the time, and see if the user who operated the specific subject made any unauthorized actions. ( Example ) If a document saved in a box was printed using fraudulent authorization, the following audit log entry will be created. 1. Password authentication for the box: Action = 11 ID = Box that authentication was made Result = OK/NG 2. Access to the document in the box: Action = 13 ID = Box that authentication was made Check the date and time the above operation occurred, and see if the operation on the document in the personal box or secure box was made by a legitimate box user.
59
Administrator Security Functions Actions to take if unauthorized operations are found - If its found that a password has been leaked after analyzing the audit log, change the password immediately. - Its possible that a password may have been tampered with and legitimate users cannot access a box. The administrator must contact the user to confirm the situation, and if thats the case, the administrator must change the password and delete the data saved in the box. - If you cannot find documents that should be in a box or if you find a document with changed content, unauthorized actions may have occurred. Similar countermeasures are needed.
60
Downloaded from www.Manualslib.com manuals search engine
Index
7 Index
7
A
Administrator Security Functions ..... 44 Audit log Analyze ........................................ 57 Box .......................... 26, 30, 35, 40 Change a user data ..................... 14 Change password ....................... 21 Delete a user ............................... 18 Print ............................................. 53
E
Enhanced security mode Administrator authentication ......... 4 Administrator setting mode ........... 4 Audit log ........................................ 3 Data protected .............................. 4 Enhanced password ..................... 3 Enhanced security icon ................. 5 Environments ................................ 1 HDD ............................................. 26 HDD lock password .................... 47 HDD store function ..................... 26 Normal mode ................................ 1 Protect and delete used data ....3, 7 Turn ON/OFF ................................. 4
O
Out put Data in the Secure Box ............... 40
R
Recall/Delete Data in a Box ............................... 35 Register a new user ...................... 9
S
Store Data in a Box while copying ........ 26 Scanned data in a Box ................ 30 User authentication ....................... 8 bizhub PRO 920
Downloaded from www.Manualslib.com manuals search engine
61
1 2
3 4
Protect and Delete Data After Use .................................. 7 User Authentication in Enhanced Security Mode .......... 8
4.1 4.2 4.3 4.4 4.5 Description of user authentication .....................................................8 To register a new user .........................................................................9 To change a user data ........................................................................14 To delete a user ..................................................................................18 To change password by user ............................................................21
Index .................................................................................61
A
Administrator Security Functions Audit log Analyze 57 Box 26, 30, 35, 40 Change a user data 14 Change password 21 Delete a user 18 Print 53
44
E
Enhanced security mode Administrator authentication 4 Administrator setting mode 4 Audit log 3 Data protected 4 Enhanced password 3 Enhanced security icon 5 Environments 1 HDD 26 HDD lock password 47 HDD store function 26 Normal mode 1 Protect and delete used data 3, Turn ON/OFF 4
O
Out put Data in the Secure Box
40
R
Recall/Delete Data in a Box 35 Register a new user
S
Store Data in a Box while copying Scanned data in a Box 30 User authentication 8
26
2005.7
57GN97070
2005