1 / 613

GW 2009 Autumn Controller Security Features

GW 2009 Autumn Controller Security Features. Full training module. GW2009A_Security_Features_full-ct_SOL_ppt_EN_1.0.a.ppt. Objectives. After completing this training you can: explain the security features of the GW2009 Autumn Controller (09A).

derick
Download Presentation

GW 2009 Autumn Controller Security Features

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GW 2009 Autumn ControllerSecurity Features Full training module GW2009A_Security_Features_full-ct_SOL_ppt_EN_1.0.a.ppt

  2. Objectives • After completing this training you can: • explain the security features of the GW2009 Autumn Controller (09A). • configure and demonstrate the controller features. • advise customers on when and how to use the controller security features. • troubleshoot controller security related problems.

  3. Requirements • Training Materials • Machine (With GW2009 A Controller) • PC Workstation/ Server • Printer drivers & utilities • Access Point

  4. This presentation Including the working example as available from: 8021x_Configuration.doc Service manuals Operating instructions Training materials

  5. Pre-requisites and exam • Pre-requisites: • Basic Network Management • Basic LDAP • Exam: • Multiple choice

  6. Module overview • Introduction • Authentication • GW Connectivity Security Features • Additional Security Features • Security Options

  7. 1. Introduction

  8. Introduction This presentation will cover the security features up to and including the GW2009 Autumn controller series.

  9. Security features The goal of these security features are: Prevent unauthorized modification of settings. Prevent unauthorized machine use. Prevent information leaks.

  10. Methods of security features (1/3) Prevent unauthorized modification of settings Access Control. Possibility to enable/disable each protocol. Administrator Authentication. Menu Protect. Advanced menu protect mode.

  11. Methods of security features (2/3) Prevent unauthorized use: Prevent unauthorized use. Access Control. Enable/disable each protocol. IPP Authentication. User Authentication.

  12. Methods of security features (3/3) Prevent information leaks: Assign access permissions to a stored file Access permission for document server Password Lock the document server file Prevent unauthorized transmission Designate a user as a sender Restrict the use of destinations Prevent adding of destination to address book Protect network transmissions SSL SNMP V3 Password encryption IPP authentication password Group Password for PDF Direct Print Driver encryption key Permit simple encryption for Windows 9x/Me Prevent unauthorized users from reading the address book Encrypt the address book Access permission of address book

  13. Product line-up • The product line-up at the time of creating this material:

  14. 2. Authentication

  15. Overview 2.1 Administrator Authentication 2.2 User Authentication 2.3 User Text 2.4 Selective User Authentication 2.5 Selective Color Authentication

  16. 2.1 Administrator Authentication

  17. Administrator authentication Up to 4 types of administrators can be designated, to provide for a variety of security needs. These administrators al have their own privilege types, username and password. A supervisor account can be used to reset administrator passwords. Benefit of using Administrator Authentication: Avoid assigning excessive privileges to any one administrator. Enhanced security. Reduce the workload of each administrator.

  18. MFP’s and LP’s The Administrator Authentication and User Authentication functions were previously only available on MFPs. From 06S onwards, these functions are available on printers as well. Note for printers: The authentication functions can only be configured via WIM. A HDD is required.

  19. Administrator types Machine Administrator Network Administrator File Administrator User Administrator Supervisor

  20. Administrator accounts 4 Administrator Accounts

  21. Machine administrator Settings available to the Machine Administrator:

  22. Network administrator Settings available to the Network Administrator:

  23. File administrator Settings available to the File Administrator:

  24. User administrator Settings available to the User Administrator:

  25. Supervisor Settings available to Supervisor:

  26. Administrator configuration (1/2) Step 1: Enable Administrator Authentication and choose which functions to manage. When Admin Authentication is switched on, Available Settings becomes visible. [Available Settings] are settings to which regular users are restricted. If an available setting is enabled, only the administrator will be privileged to use these settings.

  27. Administrator configuration (2/2) Step 2: Register the Administrators. If [Change] is pressed under the Administrator name, a screen that can be used for configuring or changing User Name and Password is displayed. Administrator 1

  28. Supervisor configuration

  29. Login Press the [User Tools] key. Press the [Login/ Logout] key. 2 1

  30. Logout Press the [Login/ Logout] key.

  31. Menu protect Menu Protect can be enabled by the Machine Administrator. This protects [User Tools/Counter] from unauthorized access. Copier / Document Server Printer Features Scanner Features The following 3 levels of security are available:

  32. How to set Menu Protect “Menu Protect” is located under different tabs depending on the application.

  33. Service mode lock With Service Mode Lock enabled, the SP and PP modes are locked and cannot be used. Only available when Administrator Authentication is enabled.

  34. Practical work Exercise 1

  35. 2.2 User Authentication

  36. Overview 2.2.1 Introduction to User Authentication 2.2.2 User Code Authentication 2.2.3 Basic Authentication 2.2.4 Windows Authentication 2.2.5 LDAP Authentication 2.2.6 Integration Server Authentication 2.2.7 Printer Job Authentication 2.2.8. Authentication Error Code

  37. 2.2.1 Introduction to User Authentication

  38. What is User Authentication? User authentication is an access control method. Users require a user code or a login name and password if they want to use the device. Administrator Authentication must be enabled before you can enable user Authentication. The exception is User Code Authentication. For User Code Authentication it is not required to enable Administrator Authentication.

  39. Five types of authentication Local authentication: Authentication of users is based on the MFP address book. User Code Authentication. Basic Authentication. Server authentication: Authentication is performed by a server (Domain Controller, LDAP server, Integration Server). Windows Authentication. LDAP Authentication. Integration Server Authentication. The following slides will explain their functions and how to setup.

  40. Data Carry-over Setting for Address Book Auto-program • With this user template function, you can configure the user-settings for the machine faster. • You can set one user template to the device. • All newly created accounts will default get the settings of the user template. • The selected user template is applied to accounts for users that have not logged onto the device before. • “Data Carry-over” is available from GW2009S controller. • The “Data Carry-over” is available when one of the following authentication methods is enabled: • Windows Authentication • LDAP Authentication • Integration Server Authentication • If another (or no) authentication is enabled, the functionality is hidden. • Enable it via the operation panel or WIM.

  41. Configuration via the operation panel • You need user-administrator privileges to set this. • Set “Carry-over Data”. • Set the default user. (This users’ settings are used as template for newly created users.)

  42. Configuration via Web Image Monitor • You need user-administrator privileges to set this. • Set it to On. • Set the default user. (This users’ settings are used as template for newly created users.)

  43. Settings • The following settings are used from the user template: • Title • Group • E-mail Address information • Fax information • Folder information • Protection Code • SMTP Authentication • LDAP Authentication • Folder (SMB/FTP) authentication • ACL • Document access privileges • User Certificate • As of 09A User Certificates can no longer be added to the template.

  44. 2.2.2 User Code Authentication

  45. What is User Code Authentication? The machine’s address book is used to authenticate users. Users must enter a user code before they can use a function of the device. User codes can also be used as a profile that can be shared by groups of users Copy, Print, Scan, Fax, Document Server

  46. Requirements User codes must be registered in the address book. This can be done with: Operation Panel Web Image Monitor SmartDeviceMonitor for Admin Cannot be used in combination with other authentication methods like: Basic Authentication Windows Authentication LDAP Authentication Integration Server Authentication

  47. Specifications Functions and settings to which access restriction can be applied:

  48. Configuration Select User Code Authentication. Select the functions for which restriction is required. Register user accounts in the address book. Note: Printer Job Authentication will be explained in chapter 4.6

  49. Authentication process - Copy Success 1. Enter the user code. 2. Compares the entered User Code to the address book. Failure

  50. Authentication process - Print Can be used with PCL, RPCS and PS3 driver. Success : Print 3. Compares the entered User Code to the address book. 1. Enter the User Code. %-12345X@PJL Comment RPJL, WIN ::::::::::::::::::::::::::::: @PJL SET USERCODE=“12345678” 2. Print Failure

More Related