Xerox ColorQube 9203 안전한 설치 및 운영 - 페이지 5
{카테고리_이름} Xerox ColorQube 9203에 대한 안전한 설치 및 운영을 온라인으로 검색하거나 PDF를 다운로드하세요. Xerox ColorQube 9203 12 페이지. Mfp
Xerox ColorQube 9203에 대해서도 마찬가지입니다: 설치 및 작동 지침 (14 페이지), 평가자 매뉴얼 (28 페이지), 빠른 사용 설명서 (38 페이지), 빠른 매뉴얼 (8 페이지), 빠른 매뉴얼 (16 페이지), 빠른 매뉴얼 (33 페이지), 안전한 설치 및 운영 (12 페이지), 사본을 만드는 방법 (9 페이지)
Select the Secure HTTP (SSL) Enabled checkbox in the Configuration group box and enter the desired HTTPS port
•
number in the Port Number text box.
Select the [Apply] button. This will save the indicated settings. After saving the changes the Web UI will become
•
disabled; the System Administrator will have to access the Web UI again.
n). Xerox recommends the following when utilizing Secure Sockets Layer (SSL) for secure scanning:
SSL should be enabled and used for secure transmission of scan jobs.
•
When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority
•
certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository.
When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted
•
and not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job
status reported in the Completed Job Log for this job will read: "Job could not be sent as a connection to the server
could not be established".
o). To be consistent with the evaluated configuration, the HTTPS protocol should be used to send scan jobs to a remote IT
product.
p). To be consistent with the evaluated configuration, protocol choices for remote authentication should be limited to
[Kerberos (Solaris)], [Kerberos (Windows] or [LDAP]. The device supports other protocol options. Choose the protocol
option that best suits your needs. The System Administrator should be aware, however, that remote authentication using
Kerberos will not work with Windows Server 2003.
In the case of LDAP/LDAPS the System Administrator should ensure that SSL is enabled as discussed in Step 19 on page 7-9
in the SAG.
q). To be consistent with the evaluated configuration, the device should be set for local authorization. Remote authorization
was not evaluated since that function is performed external to the system. Choose the authorization option that best suits
your needs.
r). In viewing the Audit Log the System Administrator should note the following:
Deletion of a file from Reprint Saved Job folders or deletion of a Reprint Saved Job folder itself is recorded in the Audit
•
Log.
Deletion of a print or scan job or deletion of a scan-to-mailbox job from its scan-to-mailbox folder may not be recorded
•
in the Audit Log.
Extraneous process termination events (Event 50) may be recorded in the Audit Log when the device is rebooted or
•
upon a Power Down / Power Up. Extraneous security certificate completion status (Created/Uploaded/Downloaded)
events (Event 38) may also be recorded.
s). The System Administrator should download and review the Audit Log on a daily basis. In downloading the Audit Log the
System Administrator should ensure that Audit Log records are protected after they have been exported to an external
trusted IT product and that the exported records are only accessible by authorized individuals.
t).
Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set to 80;
this will disable the Web UI. Also, the System Administrator should configure IP filtering so that traffic to open ports from
external users (specified by subnet mask) is dropped and so that the following ports for web services are closed: tcp ports
53202, 53303, 53404 and tcp/udp port 3702.
IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the 'IPX' filing transport. Also, IP
Filtering will not work if IPv6 is used instead of IPv4.
u). To enable disk encryption:
At the Web UI, select the Properties tab.
•
Select the following entries from the Properties 'Content menu': Security
•
Select the Enabled checkbox in the User Data Encryption Enablement group box.
•
Select the [Apply] button. This will save the indicated setting. After saving the changes the Network Controller will
•
reboot; once this reboot is completed the System Administrator will have to access the Web UI again.
Xerox recommends that before enabling disk encryption the System Administrator should make sure that the device is not
in diagnostics mode and that there are no active or pending scan jobs.
v). The System Administrator should ensure that the Embedded Fax Card and fax software is installed in accordance with the
"Complete the Fax Setup Screens" instructions on page 15-2 in the SAG. The System Administrator can then set Embedded
User Data Encryption.
4