Xerox Color 550 Supplementary Manual

Other manuals for Color 550: User Manual, User Manual, User Manual, Specification Sheet, Specifications

Page of 64

Download

Print this page

Bookmark us

Xerox Color 550/560 Printer

Security Function Supplementary

Guide

Version 1.0, April 2011

1 2 3 4 5 6 7 Next › »

Summary of Color 550

Page 1
Xerox color 550/560 printer security function supplementary guide version 1.0, april 2011.
Page 2
2 table of contents before using the security function .................................................................. 5 preface ........................................................................................................................................................ 5 security feat...
Page 3
3 set ipsec address................................................................................................................................ 22 set snmpv3 .............................................................................................................................................
Page 4
4 change user passcode by system administrator (using centreware internet services ) 51 problem solving ....................................................................................................... 52 fault clearance procedure ..................................................................
Page 5
5 before using the security function this section describes the certified security functions and the items to be confirmed. Preface this guide is intended for the manager and system administrator of the organization where the machine is installed, and describes the setup procedures related to securi...
Page 6
6 security features xerox color 550/560 printer has the following security features: • hard disk data overwrite • hard disk data encryption • user authentication • system administrator’s security management • customer engineer operation restriction • security audit log • internal network data protec...
Page 7
7 • software download set to [disabled] • smb set to [disabled] for [netbeui] • webdav set to [disabled] • receive e-mail default [disabled] • ipp default [enabled] • ssl/tls set to [enabled] • ipsec set to [enabled] • snmp v1/v2c set to [disabled] • snmpv3 set to [enabled] • s/mime set to [enabled]...
Page 8
8 the recording area stores the following data. • spooled print data • print data including the secure print and sample print • forms for the form overlay feature • folder and job flow sheet settings (folder name, passcode, etc. ) • files in folder • address book data important: be sure to save all ...
Page 9
9 use of the overwrite hard disk in order to protect data stored on the hard disk from unauthorized retrieval, you can set the overwrite conditions to apply to data stored on the hard disk. You can select the number of overwrite passes from one time or three times. When [1 overwrite] is selected, “0...
Page 10
10 for optimal performance of the security features the manager (of the organization that the machine is used for) needs to follow the instructions below: • assign appropriate persons as system and machine administrators, and manage and train them properly. • the manager and system administrators ha...
Page 11
11 3.) ipsec set the ipsec host that communicates with the machine as following encryption method/message digest algorithm. ・aes (128bit )/sha1 ・3key triple-des (168bit )/sha1 4.) snmpv3 the encryption method of snmpv3 is des fixed. Set [message digest algorithm] to [sha1]. Important: • for secure o...
Page 12
12 how to check the system clock 1. Press the button on the control panel. 2. Enter the system administrator’s login id and passcode if prompted (default admin, 1111 ). 3. Select [enter] on the touch screen. 4. Press the button on the control panel. 5. Select [tools] on the touch screen. 6. Select [...
Page 13
13 initial settings procedures using control panel this section describes the initial settings related to security features, and how to set them on the machine’s control panel. Authentication for entering the system administration mode 1. Press the button on the control panel. 2. Enter "admin" with ...
Page 14
14 7. Enter the same passcode, and then select [save]. 8. Select [save]. 9. A confirmation window appears. Select [yes] to confirm your entry. Set maximum login attempts 1. Select [authentication/security settings] on the [tools] screen. 2. Select [authentication]. 3. Select [maximum login attempts ...
Page 15
15 1. Select [authentication/security settings] on the [tools] screen.. 2. Select [overwrite hard disk]. 3. Select [scheduled image overwrite]. 4. On the [scheduled image overwrite] screen, select [daily] or [weekly] or [monthly]. 5. Set [day], [hour], [minutes], 6. Select [save]. Set data encryptio...
Page 16
16 1. Select [authentication/security settings] on the [tools] screen. 2. Select [authentication]. 3. Select [access control]. 4. Select [device access]. 5. On the [device access] screen, select [locked] for [all services pathway]. 6. Select [save]. 7. Select [service access]. 8. On the [service acc...
Page 17
17 set user passcode minimum length note: this feature is only available in local authentication mode. 1. Select [authentication/security settings] on the [tools] screen. 2. Select [authentication]. 3. Select [passcode policy]. 4. On the [passcode policy] screen, select [minimum passcode length]. 5....
Page 18
18 2. Select [common service settings]. 3. Select [reports]. 4. Select [print reports button]. 5. Select [disabled]. 6. Select [save]. 7. To exit the [reports] screen, select [close]. Set self test 1. Select [system settings] on the [tools] screen.. 2. Select [common service settings]. 3. Select [ma...
Page 19
19 initial settings procedures using centreware internet services this section describes the initial settings related to security features, and how to set them on centreware internet services. Preparations for settings on the centreware internet services prepare a computer supporting the tcp/ip prot...
Page 20
20 3. Uncheck the [recieve e-mail] box. 4. Click the [apply] . Set ipp 1. Click [connectivity] on the [properties] screen. 2. Click [port setting]. 3. Check the [enabled] box for [ipp]. 4. Click the [apply] . Set ldap server 1. Click [connectivity] folder on the [properties] screen. 2. Click [protoc...
Page 21
21 4. Set the size of the public key as necessary. 5. Set issuer as necessary. 6. Click the [apply] . 7. Click [ssl/tls settings]. 8. Select [enabled] check box for [http - ssl / tls communication] and [ldap- ssl / tls communication]. 9. Click the [apply] . 10. Click the [reboot machine] . Note: for...
Page 22
22 set ipsec address 1. Enter the ip address in the [specify destination ipv4 address] box on the [ipsec] screen. 2. Enter the ip address in the [specify destination ipv6 address] box. 3. Select [enabled] or [disabled] from the [communicate with non-ipsec device] dropdown list. 4. Click the [apply] ...
Page 23
23 set s/mime note: to use e-mail with this machine, e-mail function has to be enabled and configured as stated in the system administrator guide’s "scan to e-mail". Before s/mime setting, you will have to import an s/mime certificate according to same procedure as "configuring machine certificates"...
Page 24
24 3. Select [administrators only] for [job deletion]. 4. Click the [apply] . 5. Click the [reboot machine] . Important: allows the user to pause an active copy, print, scan or embedded fax job while it is being processed by the machine. But only system administrators can cancel the paused job. For ...
Page 25
25 regular review by audit log this section describes the setting and importing method for the audit log from the system administrator client via centreware internet services. The audit log, regularly reviewed by the security administrator, often with the aid of third party analyzing tools, helps to...
Page 26
26 2. Supply the administrator id and password, when prompted. 3. Click the [properties] tab. 4. Click [audit log]. 5. Click [export as text file]..
Page 27
27 self testing this section describes the self test function and its setting procedure from the control panel. The machine can execute a self test function to verify the integrity of executable code and setting data. The machine verifies the area of nvram and seeprom including setting data at initi...
Page 28
28 authentication for the secure operation the machine has a unique authentication feature that restricts the ability to use functions. This section contains information for system administrators and general users on the features used to change the settings and on the setting procedures. Overview of...
Page 29
29 authenticated users (with system administrator privileges ) these are users who are assigned the system administrator privileges. When a restricted service is used, this type of user must enter a user id on the authentication screen. This type of user has the same privileges as the machine admini...
Page 30
30 functions controlled by authentication the following explains the functions that are restricted by the authentication feature. Restriction depends on which of the following two ways the machine is used. • local access • remote access for more information on the restrictions to folder and job flow...
Page 31
31 • retrieve file from folder service access control per user • service access and print & copy quota control can be set per user. The system administrator sets copy & quota limitation per user via the control panel and cwis. When print or copy volume exceed the registered number, the user can not ...
Page 32
32 authentication for folder the following explains the restrictions for job flow sheets and folder when the authentication feature is enabled. Note: when a user account is deleted, the folder and job flow sheets associated with the account are also deleted. Any files stored in the folder will also ...
Page 33
33 operations available for folder. The following table shows the relationship with the folder for each user type when the authentication feature is enabled. Folder operation system administrator and authenticated users shared by machine administrator personal (owner ) personal (other ) create x o x...
Page 34
34 note: when job flow sheets not available for operation, depending on changes made to the authentication status, are linked to a folder, you can still use them except for changing/copying them. If you release the link, the job flow sheet will no longer be displayed and will be disabled..
Page 35
35 operation using control panel this section contains information on the operation of using control panel to use security features for system administrator and authenticated users. User authentication before the use of all services and settings, a user must be authenticated with an id and passcode....
Page 36
36 3. Press [create/delete]. 4. When a new user account is to be created, a keyboard screen is displayed. Enter a user id, and then select [save]. 5. Configure the required settings. 6. Select [close]. User id allows you to enter a user id using the screen keyboard. You can enter up to 32 alphanumer...
Page 37
37 user role allows you to select the privileges to give to the user. Select from [user], [system administrator]. Note: the [user role] button appears when you have enabled [local accounts] in [authentication/security settings]. Reset total impressions deletes all data tracked for the selected accou...
Page 38
38 2. Touch the desired job, then press the delete from the pop up menu. 3. A confirmation window appears. Select [delete job] to cancel the job completely. Deleting the sending job(scan, fax) and receiving job(fax). 1. On the control panel, press [job status] button. The active jobs tab displays. 2...
Page 39
39 folder / stored file settings this section describes the features that allow a system administrator to configure various settings for folder created for saving confidential incoming fax files or scanned files. Folder service settings this feature allows you to specify whether to discard files onc...
Page 40
40 expiration date for files in folder specifies whether to delete files from folder when the specified period of time elapses. Enter the number of days to store files in the range from 1 to 14 days, and enter the time files are to be deleted using the scroll buttons or the numeric keypad. Stored jo...
Page 41
41 9. Select [close]. Note: by selecting [delete folder], you can delete all files in the folder and all job flow sheets created through the folder. Folder name specifies the folder name. Enter a name (up to 20 characters ) to be assigned to the folder. Delete files after retrieval specifies whether...
Page 42
42 select all selects all the files in the folder, so that you can print or delete them all at once. Print prints the selected file (s ). Delete deletes the selected file (s )..
Page 43
43 private charge print the private charge print feature temporarily stores files per user id, until a user logs in and manually prints them from the machine’s control panel. This feature only displays files of a logged-in user, and thus provides security and privacy to files stored in the machine. ...
Page 44
44 operation using centreware internet services this section contains information on the operation of using centreware internet services, to use security features for system administrator and authenticated users. The centreware internet services program uses the embedded web user interface which ena...
Page 45
45 accessing centreware internet services follow the steps below to access centreware internet services. At a client workstation on the network, launch an internet browser. In the url field, enter “http://” followed by the ip address or internet address of the machine. Then press the key on the keyb...
Page 46
46 print this page allows you to specify printing and paper parameters, enter accounting information, and select the delivery method for your print job. Follow the steps below to select the features available on the [print] tab. 1. Click [print] on the main panel of the home page. 2. The [job submis...
Page 47
47 scan (folder operation) this page allows you to configure folder. Follow the steps below to select the features available on the [scan] tab. 1. Click [scan] on the main panel of the home page. 2. Select the folder hot link. 3. The [folder] page is displayed. Folder icons clicking the icon of a re...
Page 48
48 create displays the [folder setup] page for the selected folder. Folder: list of files the following table shows the setting items available on the [folder: list of files] page. Folder number displays the folder number of the selected folder. Folder name displays the name of the selected folder. ...
Page 49
49 delete files after print or retrieve allows you to set whether to automatically delete files after they are printed . Note: retrieved files are not deleted . Delete expired files allows you to set whether to automatically delete files when they reach the specified expiration dates. Number of file...
Page 50
50 printing job deletion this page allows only system administrators to delete the active print jobs. 1. Click [jobs] tab on the main panel of the home page. 2. Select the desired job on the [active jobs] screen. 3. Click the [delete] button. 4. A confirmation window appears. Select [ok] to cancel t...
Page 51
51 change user passcode by system administrator (using centreware internet services ) note: this feature is only applicable to local authentication mode. 1. Open your web browser and enter the tcp/ip address of the machine in the address or location field press the key. 2. Enter system administrator...
Page 52
52 problem solving this section describes solutions to problems that you may come across while using the machine and centreware internet services. The machine has certain built-in diagnostic capabilities to help identify problems and faults, and displays error messages on the control panel and web b...
Page 53
53 fault codes this section explains error codes. If an error caused printing to end abnormally, or a malfunction occurred in the machine, then an error message code (***-*** ) is displayed. For faxing, an error code is also displayed on [activity reports] and [transmission report - job undelivered]...
Page 54
54 016-503 [cause] unable to resolve the smtp server name when sending email. [remedy] check on the centreware internet services if the smtp server settings are correct. Also, check the dns server settings. 016-504 [cause] unable to resolve the pop3 server name when sending email. [remedy] check on ...
Page 55
55 016-534 [cause] kerberos server authentication protocol error [remedy] the domain set on the machine does not exist on the kerberos server, or the kerberos server address set on the machine is invalid for connection. Check whether the domain name and the server address have been correctly set on ...
Page 56
56 016-583 [cause] the machine failed to transfer data using [ftp] of the [scan to pc] feature because lock folder creation was not successful on the ftp server after connection. [remedy] take one of the following actions: if any lock directory (.Lck ) exists in the forwarding destination, delete it...
Page 57
57 016-704 [cause] the folder is full, and hard disk capacity is insufficient. [remedy] delete unnecessary files from the folder, and save the file. 016-705 [cause] secure print documents cannot be registered because of hard disk malfunction. [remedy]contact the customer support center. Refer to sec...
Page 58
58 016-781 [cause] unable to connect to the smtp server. Unable to establish a connection between the machine and the server. Although the connection between the machine and the server has been established, ascii characters are not used for the host name specified on the machine. [remedy] take one o...
Page 59
59 018-547 [cause] the machine failed to transfer data using smb of the scan to pc service because the number of users logging into the smb server exceeded the limit when logging in to the smb server. [remedy] take one of the following measures: confirm how many users can access the shared folder. C...
Page 60
60 027-707 [cause] the s/mime certificate associated with the machine’s email address has expired. [remedy] ask the sender to issue a new s/mime certificate and import the certificate to the machine. 027-708 [cause] the s/mime certificate associated with the machine’s email address is not reliable. ...
Page 61
61 security @ xerox for the latest information on security and operation concerning your device, see the xerox security information website located at www.Xerox.Com/security..
Page 62
62 appendix list of operation procedures item using control panel using centreware internet services default check the clock [system settings] > [common service settings] > [machine clock/timers]. - - use passcode entry from control panel [authentication/security] > [authentication] > [passcode poli...
Page 63
63 set auto clear [system settings] > [common service settings] > [machine clock/timers] > [auto clear] - on set report print [system settings] > [common service settings] > [reports] > [print reports] - on set self test [system settings] > [common service settings] > [maintenance] > [power on self ...
Page 64
64 general user folder service setting [system settings] > [folder service setting] - - stored file setting [system settings] > [stored file setting ] - - create folder [setup menu] > [create folder] scan tab > [folder] > [create] - change user passcode by system administrator [authentication/securi...