Xerox ColorQube 8900 series Instalasi dan Pengoperasian yang Aman - Halaman 5

Jelajahi secara online atau unduh pdf Instalasi dan Pengoperasian yang Aman untuk Printer Xerox ColorQube 8900 series. Xerox ColorQube 8900 series 11 halaman. Color multifunction printer
Juga untuk Xerox ColorQube 8900 series: Spesifikasi (11 halaman), Spesifikasi (11 halaman), Spesifikasi (8 halaman), Spesifikasi (11 halaman), Panduan Referensi (28 halaman), Panduan Penggunaan Cepat (18 halaman), Panduan Evaluator (21 halaman), Peningkatan Perangkat Lunak (36 halaman), Panduan Penggunaan Cepat (18 halaman)

Halaman Cetak

Xerox ColorQube 8900 series Instalasi dan Pengoperasian yang Aman

For the purposes of the evaluation, the maximum validity of digital certificates was set to 180 days.

•

If a self-signed certificate is to be used the generic Xerox root CA certificate should be downloaded from the device and

installed in the certificate store of the user's browser.

n). HTTPS is enabled in the evaluated configuration. To enable secure HTTPS follow the instructions in Steps 6 and 7 under

'Configuring HTTP Settings in CentreWare Internet Services" on page 50 of the SAG.

o). When utilizing Secure Sockets Layer (SSL) for secure scanning:

•

SSL should be enabled and used for secure transmission of scan jobs.

•

When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority

certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository.

When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted

•

and not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job

status reported in the Completed Job Log for this job will read: "Job could not be sent as a connection to the server

could not be established".

p). To be consistent with the evaluated configuration, the HTTPS protocol should be used to send scan jobs to a remote IT

product.

q). SNMPv3 cannot be enabled until SSL (Secure Sockets Layer) and HTTPS (SSL) are enabled on the machine. To enable

SNMPv3 follow the instructions starting on page 35 of the SAG. The System Administrator should be aware that in

configuring SNMPv3 there is the option of resetting both the Privacy and Authentication passwords back to their default

values. This option should only be used if necessary since if the default passwords are not known no one will be able to

access the SNMP administrator account

r). To be consistent with the evaluated configuration, protocol choices for remote authentication should be limited to

[Kerberos (Solaris)], [Kerberos (Windows)] or [LDAP]. The device supports other protocol options. Choose the protocol

option that best suits your needs. The System Administrator should be aware, however, that remote authentication using

Kerberos will not work with Windows Server 2003.

In the case of LDAP/LDAPS the System Administrator should ensure that SSL is enabled as discussed in Step 3 under

"Configuring LDAP Server Optional Information" on page 47 in the SAG. Make sure that [Enable SSL] under SSL is selected.

s). To be consistent with the evaluated configuration, the device should be set for local authorization. Remote authorization

was not evaluated since that function is performed external to the system. Choose the authorization option that best suits

your needs.

t). As part of the evaluated configuration, encryption of transmitted and stored data by the device must meet the FIPS 140-2

Standard. To enable the use of encryption in "FIPS 140 mode" and check for compliance of certificates stored on the device

to the FIPS 140-2 Standard follow the instructions on page 76 of the SAG.

u). In viewing the Audit Log the System Administrator should note the following:

•

Deletion of a file from Reprint Saved Job folders or deletion of a Reprint Saved Job folder itself is recorded in the Audit

Log.

•

Deletion of a print or scan job or deletion of a scan-to-mailbox job from its scan-to-mailbox folder may not be recorded

in the Audit Log.

Extraneous process termination events (Event 50) may be recorded in the Audit Log when the device is rebooted or

•

upon a Power Down / Power Up. Extraneous security certificate completion status (Created/Uploaded/Downloaded)

events (Event 38) may also be recorded.

v).

The System Administrator should download and review the Audit Log on a daily basis. The machine will send a warning

email when the audit log is filled to 90% (i.e., 13,500) of the 15,000 maximum allowable number of entries, and repeated

thereafter at 15,000 entries until the Audit Log is downloaded.

In downloading the Audit Log the System Administrator should ensure that Audit Log records are protected after they have

been exported to an external trusted IT product and that the exported records are only accessible by authorized individuals.

w). Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set to 80;

this will disable the Web UI. Also, the System Administrator should configure IP filtering so that traffic to open ports from

The SNMP administrator account is strictly for the purposes of accessing and modifying the MIB objects via SNMP; it is separate from the System

Administrator "admin" user account or user accounts given SA privileges by the System Administrator "admin" user. The administrator account can

not perform any System Administrator functions.