White Papers
Table Of Contents
- Contents
- Change history
- Overview
- Securing network connections
- Managing devices remotely
- Managing login methods
- Restricting public access to functions, applications, printer management, and security options
- Using local accounts
- Using LDAP or LDAP+GSSAPI
- Using Kerberos
- Using Active Directory
- Creating LDAP, LDAP+GSSAPI, or Active Directory groups
- Editing or deleting LDAP, LDAP+GSSAPI, or Active Directory groups
- Understanding access controls
- Managing certificates
- Managing other access functions
- Securing data
- Troubleshooting
- User is locked out
- User is logged out automatically
- User cannot access applications or functions
- KDC and MFP clocks are out of sync
- Domain controller certificate is not installed
- KDC is not responding within the required time
- LDAP lookups fail
- Make sure that the server and firewall settings are configured to allow communication between the pr ...
- If reverse DNS lookup is not used in your network, then disable it in the Kerberos settings
- If the LDAP server requires SSL, then enable SSL for LDAP lookups
- Narrow the LDAP search base to the lowest possible scope that includes all necessary users
- Make sure that all LDAP attributes that are being searched for are correct
- Notices
- Index
Managing other access functions
Scheduling access to USB devices
In secure environments, devices can be configured to limit or disable the capabilities of USB host ports.
You can disable the front USB port using access control restrictions. Devices also have a rear USB port designed
for card readers and human interface devices, such as a keyboard.
1 From the Embedded Web Server, click Settings > Security > Schedule USB Devices.
2 Select a device action, and then specify when the device performs the action.
3 Click Save.
Notes:
• For each Disable schedule entry, create an Enable schedule entry to reactivate use of the USB host
ports.
• You can create multiple schedules.
Setting login restrictions
To prevent malicious access to a device, restrict the number of invalid login attempts and require a lockout time
before letting users retry logging in.
Many organizations establish login restrictions for information assets such as workstations and servers. Make
sure that device login restrictions also comply with organizational security policies.
1 From the Embedded Web Server, click Settings > Security > Login Restrictions.
2 Set the login restrictions.
• Login failures—Specify the number of times a user can attempt to log in before being locked out.
• Failure time frame—Specify how long a user can attempt to log in before lockout takes place.
• Lockout time—Specify how long the lockout lasts.
• Web Login Timeout—Specify how long a user may be logged in remotely before being logged out
automatically.
3 Click Save.
Configuring confidential printing
Users printing
confidential
or sensitive information may use the
confidential
print option. This option allows
print jobs to remain in the print queue until the user enters a PIN on the printer control panel.
Note: This feature is available only in printer models that allow PIN selection from the control panel.
1 From the Embedded Web Server, click Settings > Security > Confidential Print Setup.
2 Enter an option for the following:
• Range—Specify how many times an invalid PIN can be entered before being locked out.
Managing other access functions 25