SE Eng

ApeosPort-V C7775 DocuCentre-V C7775

Security Function Supplementary Guide

z
Before Using the Security Function ...................................................................................................... 2
z Settings for the Secure Operation 1
(Initial Settings Procedures Using Control Panel)........................................................................... 7
z Settings for the Secure Operation 2
(Initial Settings Procedures Using CentreWare Internet Services) ........................................13
z
Settings for the Secure Operation 3 (Regular Review by Audit Log) ....................................18
z User Authentication..................................................................................................................................20
z
Appendix........................................................................................................................................................21
Microsoft, Windows, and Internet Explorer are trademarks or registered trademarks of Microsoft
Corporation in the U.S. and other countries.
All product/brand names are trademarks or registered trademarks of the respective holders.
Important
1. This manual is copyrighted with all rights reserved. Under the copyright laws, this manual may not be
copied or modified in whole or part, without the written consent of the publisher.
2. Parts of this manual are subject to change without prior notice.
3. We welcome any comments on ambiguities, errors, omissions, or missing pages.
4. Never attempt any procedure on the machine that is not specifically described in this manual.
Unauthorized operation can cause faults or accidents. Fuji Xerox is not liable for any problems resulting
from unauthorized operation of the equipment.
An export of this product is strictly controlled in accordance with Laws concerning Foreign Exchange and
Foreign Trade of Japan and/or the export control regulations of the United States.
XEROX, the sphere of connectivity design, CentreWare, ApeosWare, and EasyAdmin are trademarks or
registered trademarks of Xerox Corporation in the U.S. or Fuji Xerox Co., Ltd.
Before Using the Security Function
This section describes the security functions and confirmation matters.
Preface
This guide is intended for the manager and system administrator of the organization where
the machine is installed, and describes the setup procedures related to security.
For general users, this guide describes the operations related to security features.
For information on the other features available for the machine, refer to the following
guidance.
Model Guide Manual No.

ApeosPort-V User Guide ME6367E2-1
C7775/C6675/C5575/C4475/C3375/C3373/
Administrator Guide ME6368E2-1
C2275
DocuCentre-V
C7755/C6675/C5575/C4475/C3375/C3373/
C2275
Note The hash values of the PDF files are described in the Security Target disclosed at the FujiXerox
5 AsiaPacific (http://www.fxap.com.sg/product/) and the JISEC (http://www.ipa.go.jp/security/jisec/
jisec_e/) website. Please check that the hash values of your manuals are correct.
The manual number might be changed when the manual content is updated.
The security features of the ApeosPort-V C7775/C6675/C5575/C4475/C3375/C3373/
C2275, DocuCentre-V C7775/C6675/C5575/C4475/C3375/C3373/C2275 are supported by
the following ROM version.
Controller ROM Ver. 1.0.14
Important
The machine has obtained IT security certification for Common Criteria EAL3.
This certifies that the target of evaluation has been evaluated based on the certain evaluation
criteria and methods, and that it conforms to the security assurance requirements.
Note, however, that your ROM and guidance may not be the certified version because they may
have been updated along with machine improvements.
Security Features
ApeosPort-V and DocuCentre-V have the following security features:
z
Hard Disk Data Overwrite
z
Hard Disk Data Encryption
z User Authentication
z
System Administrator's Security Management
z
Customer Engineer Operation Restriction
z Security Audit Log
z
Internal Network Data Protection
z FAX Flow Security
z Self Test
2
Settings for the Secure Operation

For the effective use of the security features, the System Administrator (Machine
Administrator) must follow the instructions below:
For details on the setting procedures, refer to the following sections.
"Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel) " (P.7)
"Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services)" (P.13)
"Settings for the Secure Operation 3 (Regular Review by Audit Log)" (P.18)
z
Passcode Entry for Control Panel Login
Set to [On].
z
System Administrator Passcode
Change the default passcode to another passcode of 9 or more characters.
z Maximum Login Attempts
Set to [5] times.
z
Service Rep. Restricted Operation
Set to [On], and enter a passcode of 9 or more characters.
z
Overwrite Hard Disk
Set to [1 Overwrite] or [3 Overwrites].
z
Data Encryption
Set to [On], and then enter an encryption key of 12 characters.
z
Authentication
Set to [Login to Local Accounts] or [Login to Remote Accounts]. 5
z
Access Control
Set to [Locked] for [Device Access] and [Feature Access].
Set to [Locked (Show Icon)] or [Locked (Hide Icon)] for [Service Access].
z
Private Print
Set to [According to Print Auditron].
z
User Passcode Minimum Length
Set to [9] characters.
z
Store & Send Link
Set to disabled.
z Self Test
Set to [On].
z Software Download
Set to [Disabled].
z
Send E-mail
Set to disabled: DocuCentre-V only.
z Receive E-mail
Set to disabled: DocuCentre-V only.
z LDAP Server
Set the LDAP Server information.
z
Kerberos Server
Set the Kerberos Server information.
z IPP
Set to enabled.
z SSL/TLS
Set to enabled.
3
z IPSec
Set to enabled.
z
SNMP v1/v2c
Set to disabled.
z SNMP v3
Set to enabled.
z S/MIME
Set to enabled.
z
Audit Log
Set to enabled.
Important The security will not be warranted if you do not correctly follow the above setting instructions.
The Fax Flow Security feature requires no special setting by the System Administrator.
When you set Data Encryption [On] again, enter an encryption key of 12 characters.
For Optimal Performance of the Security Features

The manager (of the organization that the machine is used for) needs to follow the
instructions below:
z
The manager needs to assign appropriate people as system and machine administrators,
and manage and train them properly.
5 z
The manager and system administrators need to train users about the TOE operation
and precautions according to the policies of their organization and the product guidance.
z
The machine needs to be placed in a secure or monitored area where the machine is
protected from unmanaged physical access.
z
If the network where the machine is installed is to be connected to external networks,
configure the network properly to block any unauthorized external access.
z
Users and administrators need to set passcode and an encryption key according to the
following rules for the client PC login and the machines setup.
- Do not use an easily guessed character strings passcode.
- A passcode needs to contain both numeric and alphabetic.
z
Administrators need to set the account policy in the remote authentication server as
follows.
- Set password policy to 9 or more characters.
- Set account lockout policy to 5 times.
z For communication of the machine and ApeosWare Device Setup, please use the System
Administrator ID and passcode (excluding users who are given the privileges of system
administrator).
z The users need to set a user ID and a passcode certainly on [Accounting Configuration] of
printer driver.
z
For secure operation, all of the remote trusted IT products that communicate with the
machine shall implement the communication protocol in accordance with industry
standard practice with respect to RFC/other standard compliance (SSL/TLS, IPSec, SNMP
v3, S/MIME) and shall work as advertised.
4
SSL/TLS
For the SSL client (Web browser) and the SSL server that communicate with the machine,
select a data encryption suite from the following.
z SSL_RSA_WITH_RC4_128_SHA
z SSL_RSA_WITH_3DES_EDE_CBC_SHA
z
TLS_RSA_WITH_AES_128_CBC_SHA
z TLS_RSA_WITH_AES_256_CBC_SHA
z TLS_RSA_WITH_AES_128_CBC_SHA256
z
TLS_RSA_WITH_AES_256_CBC_SHA256
(The recommended browser is Microsoft Internet Explorer 6/7/8/9)
S/MIME
For the machine and E-mail clients, select an Encryption Method/Message Digest Algorithm
from the following.
z RC2/128bit, 3Key Triple-DES/168bit, AES/128bit, AES/192bit, AES/256bit
z SHA1, SHA256
IPSec
For the IPSec host that communicates with the machine, select an Encryption Method/
5
Message Digest Algorithm from the following.
z AES(128bit)/SHA1
z
3Key Triple-DES(168bit)/SHA1
SNMP v3
The encryption method of SNMPv3 is DES/56bit or AES 128bit. Set [Message Digest
Algorithm] to [SHA1].
Important
For secure operation, while you are using CentreWare Internet Services, please do not
access other web site, and do not use other applications.
For secure operation, when you change [Authentication Type], or prior to disposing of the
machine, please initialize the hard disk by resetting [Data Encryption] and changing
[encryption key].
For preventing SSL vulnerability, you should set the machine address in the proxy exclusion
list of browser.
By this setting, secure communication will be ensured because the machine and the remote
browser communicate directly without proxy server, and thus you can prevent man-in-the-
middle attack.
Because DocuCentre-V does not have S/MIME function, please do not use the E-mail and
Internet Fax.
5
Confirm the Machine ROM version and the System Clock

Before making initial settings, the System Administrator (Machine Administrator) needs to
check the ROM version of the machine and the system clock of the machine.
How to check by Control Panel
1 Press the <Machine Status> button on the control panel.

2 Select [Software Version] on the [Machine Information] screen.
You can identify the software versions of the components of the machine on the screen.
How to check by Print Report
1 Press the <Machine Status> button on the control panel.

2 Select [Print Reports] on the [Machine Information] screen.
3 Select [Printer Reports] on the touch screen.
4 Select [Configuration Report].
5 Press the <Start> button on the control panel.
You can identify the software versions of the components of the machine by Print Report.
5 How to check the System Clock
1 Press the <Log In/Out> button on the control panel.

2 Enter the system administrators ID with the numeric keypad or the keyboard displayed.
This is the factory default "ID".
3 Select [Enter] on the touch screen.
4 Select [Tools] on the touch screen.
5 Select [System Settings].
6 Select [Common Service Settings].
7 Select [Machine Clock/Timers].
You can check the time and the date of the system clock. If you need to change the time
and the date, refer to the following procedures.
8 Select the required option.
9 Select [Change Settings].
10 Change the required setting.
11 Select [Save].
12 To exit the [Tools] screen, select [Close] twice.
6
Settings for the Secure Operation 1 (Initial Settings Procedures Using Control Panel)
Settings for the Secure Operation 1

(Initial Settings Procedures Using Control Panel)
This section describes the initial settings related to security features, and how to set them
on the machine's control panel.
Use Passcode Entry for Control Panel Login

4 Select [Tools].
5 Select [Authentication/Security Settings].
6 Select [Authentication].
7 Select [Passcode Policy].
8 On the [Passcode Policy] screen, select [Passcode Entry for Control Panel Login].
9 Select [Change Settings]. 5
10 On the [Passcode Entry for Control Panel Login] screen, select [On].
11 Select [Save].
13 Select [Reboot Now] on the confirmation screen.
Authentication for entering the System Administration mode

3 Select [Next] on the touch screen.
4 Enter the system administrators passcode from keyboard.
6 Select [Tools].
Change the System Administrator Passcode
1 Select [Authentication/Security Settings] on the [Tools] screen.

2 Select [System Administrator Settings].
3 Select [System Administrator's Passcode].
4 Select [New Passcode].
7
5 Enter a new passcode of 9 or more characters using the keyboard displayed, and then
select [Save].
6 Select [Retype Passcode].
7 Enter the same passcode using the keyboard displayed, and then select [Save].
8 Select [Save].
9 In the [Do you want to change the System Administrators Passcode?] screen, select [Yes].
Set Maximum Login Attempts

3 Select [Maximum Login Attempts by System Administrator].
4 On the [Maximum Login Attempts] screen, select [Limit Attempts].
5 With [ ] and [ ], set [5].
6 Select [Save].
5 Set Service Rep. Restricted Operation
1 Select [System Settings] on the [Tools] screen.

3 Select [Other Settings].
4 On the [Other Settings] screen, select [Service Rep. Restricted Operation].
6 Select [On].
7 Select [Maintenance Passcode].
8 Select [New Passcode].
9 Enter a new passcode of 9 or more characters using the keyboard displayed, and then
select [Save].
10 Select [Retype Passcode].
12 Select [Save] twice.
13 In the [Do you want to proceed?] screen, select [Yes].
14 In the [Do you still want to proceed?] screen, select [Yes].
15 To exit the [Other Settings] screen, select [Close].
8
Set Overwrite Hard Disk

2 Select [Overwrite Hard Disk].
3 Select [Number of Overwrites].
4 On the [Number of Overwrites] screen, select [1 Overwrite] or [3 Overwrites].
5 Select [Save].
Set Data Encryption

4 On the [Other Settings] screen, select [Data Encryption].
6 Select [On].
7 Select [New Encryption Key]. 5
8 Enter a new encryption key of 12 characters using the keyboard displayed, and then select
[Save].
9 Select [Re-enter the Encryption Key].
11 Select [Save].
12 Select [Yes] to make the change.
13 Select [Yes] to reboot.
Set Authentication

3 Select [Login Type].
4 On the [Login Type] screen, select [Login to Local Accounts] or [Login to Remote Accounts].
5 Select [Save].
When [Login to Remote Accounts] is selected in step 4, proceed to steps 6 to 13.
7 Select [Connectivity & Network Setup].
8 Select [Remote Authentication/Directory Service].
9 Select [Authentication System Setup].
9
10 Select [Authentication System].

12 On the [Authentication System] screen, select [LDAP], [Kerberos(Windows 2000)], or
[Kerberos(Solaris)].
13 Select [Save].
14 To exit the [Remote Authentication/Directory Service] screen, select [Close] twice.
Set Access Control

3 Select [Access Control].
4 Select [Device Access].
5 On the [Device Access] screen, select [Locked].
6 Select [Save].
7 Select [Service Access].
5 8 On the [Service Access] screen, select an item by [Change Settings].
9 Select [Locked (Show Icon)] or [Locked (Hide Icon)].
10 Select [Save].
Perform steps 8 - 10 for each item.
11 Select [Close].
12 Select [Feature Access].
13 On the [Feature Access] screen, select an item by [Change Settings].
14 Select [Locked].
15 Select [Save].
Perform steps 13 - 15 for each item.
16 To exit the [Access Control] screen, select [Close] twice.
Set Private Print

3 Select [Charge/Private Print Settings].
4 On the [Charge/Private Print Settings] screen, select [Receive Control].
6 On the [Receive Control] screen, select [According to Print Auditron].
7 Select [Save as Private Charge Print Job] for [Job Login Success] selection.
10
8 Select [Delete Job] for [Job Login Failure] selection.

9 Select [Delete Job] for [Job without User ID] selection.
10 Select [Save].
11 To exit the [Charge/Private Print Settings] screen, select [Close].
Set User Passcode Minimum Length

This feature is only applicable to Local Authentication mode.

3 Select [Passcode Policy].
4 On the [Passcode Policy] screen, select [Minimum Passcode Length].
6 On the [Minimum Passcode Length] screen, select [Set].
7 With [ ] and [ ], set [9].
8 Select [Save].
5
Set Store & Send Link

3 Select [Screen/Button Settings].
4 Select [Services Home].
6 Select [Store & Send Link].
7 Select [(Not Assigned)].
8 Select [Save] twice.
9 To exit the [Screen/Button Settings] screen, select [Close].
Set Self Test

3 Select [Maintenance].
11
4 Select [Power on Self Test].

5 Select [On].
6 Select [Save].
7 To exit the [Maintenance] screen, select [Close].
Set Software Download

4 Select [Software Download].
6 Select [Disabled].
7 Select [Save].
5 8 To exit the [Other Settings] screen, select [Close].
12
Settings for the Secure Operation 2 (Initial Settings Procedures Using CentreWare Internet Services)

(Initial Settings Procedures Using CentreWare Internet Services)
This section describes the initial settings related to security features, and how to set them
on CentreWare Internet Services.
Preparations for settings on the CentreWare Internet Services

z
Prepare a computer supporting the TCP/IP protocol to use CentreWare Internet Services.
z
CentreWare Internet Services supports the browsers that satisfy "SSL/TLS" (P.5)
conditions.
1 Open your Web browser, enter the TCP/IP address of the machine in the Address or
Location field, and press the <Enter> key.
2 Enter the System Administrator's ID and the passcode if prompted.
3 Display the [Properties] screen by clicking the [Properties] tab.
Set Send/Receive E-mail

In the case of DocuCentre-V, use the following procedure to set [Send Email] and [Receive
5
Email] to disabled.
1 Click [Connectivity] on the [Properties] screen.

2 Click [Port Settings].
3 Uncheck the [Enabled] box for [Send E-mail].
4 Uncheck the [Enabled] box for [Receive E-mail].
5 Click [Apply] .
Set LDAP Server

2 Click [Protocols].
3 Click [LDAP].
4 Select [LDAP Server].
5 On the each menu, set the LDAP Server information.
6 Click [Apply].
Set Kerberos Server
1 Click [Security] on the [Properties] screen.

2 Click [Remote Authentication Servers].
13
3 Select [Kerberos Server].

4 On the each menu, set the Kerberos Server information.
5 Click [Apply].
Note When a Kerberos server is used as a remote authentication server, you can register users who are
given the privileges of system administrator (SA) by setting the System Administrator Access Group
on the LDAP server.
Set IPP

2 Click [Port Settings].
3 Check the [Enabled] box for [IPP].
4 Click [Apply].
Set SSL/TLS

5 2 Click [Machine Digital Certificate Management].
3 Click [Create New Self Signed Certificate].
4 Set the size of the Public Key as necessary.
5 Set Issuer as necessary.
6 Click [Apply].
7 Click [SSL/TLS Settings].
8 Select the [Enabled] check box for [HTTP - SSL / TLS Communication] and [LDAP- SSL / TLS
Communication].
9 Click [Apply].
10 Click [Reboot Machine].
Note For secure operation, you should select [Enabled] check box for [Verify Remote Server Certificate],
and import the CA certificate according to same procedure as "Configuring Machine Certificates"
(P.14).
If SMTP server has SSL/TLS function and if you want to use secure e-mail, configure [SMTP-SSL/TLS
Communication].
Configuring Machine Certificates

2 Click [Machine Digital Certificate Management].
3 Click [Upload Signed Certificate].
4 Enter a file name for the file you want to import, or select the file to be imported by clicking
[Browse].
5 Enter [Password], and enter the [Retype Password].
14
6 Click [Import].
Set IPSec
Before setting [Digital Signature] for [IKE Authentication Method], you need to import an
IPSec certificate according to the same procedure as "Configuring Machine Certificates"
(P.14).

2 Click [IPSec].
3 Enable [Protocol] by placing a check mark in the [Enabled] box.
Choose [Preshared Key] setting (4 - 5) or [Digital Signature] setting (6 -11).
4 Select [Preshared Key] for IKE Authentication Method. This is used to ensure confidentiality
of communications between the machine and a client computer, or the machine and a
server.
5 Enter a Pre-Shared Key in the [Shared Key] and [Verify Shared Key] box.
Please set the IPSec address successively.
6 Click [Certificate Management] in [Security].
7 Select [IPSec] for [Certificate Purpose].
8 Click [Display the list], and check a desirable Certificate. 5
9 Click [Certificate Details].
10 Click [Use this certificate].
11 On the [IPSec] screen, select [Digital Signature] for IKE Authentication Method.
Please set the IPSec address successively.
Set IPSec Address
1 Enter the IP Address in the [Specify Destination IPv4 Address] box on the [IPSec] screen.
2 Enter the IP Address in the [Specify Destination Ipv6 Address] box.
3 Select [Enabled] or [Disabled] from the [Communicate with Non-IPSec Device] drop-down
list.
4 Click [Apply].
Set SNMPv3

2 Click [Protocols].
3 Click [SNMP Configuration].
4 Check the [Enable SNMP v3 Protocol] box.
5 Uncheck the [Enable SNMP v1/v2c Protocols] box.
6 Click [Apply].
15
7 Click [SNMP Configuration].

8 Click [Edit SNMP v3 Properties] and check [Account Enabled] for [Administrator Account].
9 Enter a new Authentication Password (minimum 8 characters).
10 Enter the Confirm Authentication Password.
11 Enter a new Privacy Password (minimum 8 characters).
12 Enter the Confirm Privacy Password.
13 Check [Account Enabled] for [Print Drivers/Remote Clients Account].
14 Click [Apply].
Note Be sure to change Authentication Password and Privacy Password from the default Password.
In using SNMP v3, use the IPSec protocol simultaneously. You need to set the IP address of the
clients for SNMP v3 according to the procedures in "Set IPSec Address" (P.15), and enter the IP
Address in the [Specify Destination IPv4 Address] or [Specify Destination IPv6 Address] box.
Since the machine cannot communicate by SNMP v1/v2c, you need to uncheck [SNMP status
Enabled] for the port setting on the client's printer driver.
Set S/MIME
To use E-mail with this machine, the E-mail function needs to be enabled and configured as
5 described in the Administrator Guide's "8 E-mail Environment Settings".
Before making the S/MIME setting, you need to import an S/MIME certificate according to
the same procedure as "Configuring Machine Certificates" (P.14).
1 Click [Configuration Overview] on the [Properties] screen.

2 Click [Settings] for [E-mail].
3 Click [Configure] for [E-mail Settings], and enter the machine's E-mail address in the [From
Address] box.
4 Click [Apply].
6 Click [Certificate Management].
7 Select [S/MIME] for [Certificate Purpose].
8 Click [Display the list], and check a desirable certificate.
9 Click [Certificate Details].
10 Click [Use this certificate].
11 Click [SSL/TLS Settings].
12 Check the [Enabled] box for [S/MIME Communication].
13 Click [Apply].
15 After the machine is restarted, refresh the browser and click the [Properties] tab.
16 Click [Security].
17 Click [S/MIME Settings].
16
18 Uncheck the [Enabled] check box for [Receive Untrusted E-mail].

19 Select [Always add signature] for [Digital Signature - Outgoing E-mail].
20 Uncheck the [Enabled] check box for [Receive Untrusted Internet Fax].
21 Select [Always add signature] for [Digital Signature - Outgoing Internet Fax].
22 Click [Apply].
17
Settings for the Secure Operation 3 (Regular Review by Audit Log)

(Regular Review by Audit Log)
This section describes the setting procedure and the importing method of the Audit Log
feature using the System Administrator client via CentreWare Internet Services.
The Audit Log is regularly reviewed by the Security Administrator, often with the aid of third
party analyzing tools. The audit log helps to assess attempted security breaches, identify
actual breaches, and prevent future breaches.
The important events of the machine such as device failure, configuration change, and user
operation are traced and recorded based on when and who operated what function.
Auditable events are stored with time stamps into NVRAM. When the number of stored events
reaches 50, the 50 logs on NVRAM are stored into one file ("audit log file") within the internal
HDD. Up to 15,000 events can be stored. When the number of recorded events exceeds 15,000,
the oldest audit log file is overwritten and a new audit event is stored.
There is no deletion function.
Set Audit Log
1 Open your Web browser and enter the TCP/IP address of the machine in the Address or
Location field, press the <Enter> key.
5 2 Supply the Administrator ID and Password, when prompted.
3 Click the [Properties] tab.
4 Click [Security].
5 Click [Audit Log].
6 Check the [Enabled] box for [Audit Log].
7 Click [Apply].
Import the Audit Log File

The following describes methods for importing the Audit Log.
The audit logs are only available to system administrators and can be downloaded via
CentreWare Internet Services for viewing and analyzing them.
The logged data cannot be viewed from the local UI.
In addition, SSL/TLS communication must be enabled in order to access to the logged data.
1 Open your Web browser and enter the TCP/IP address of the machine in the Address or
Location field, press the <Enter> key.
2 Enter the system administrator's ID and Password if prompted.
3 Click the [Properties] tab.
4 Click [Security].
5 Click [Audit Log].
6 Click [Export as text file] for [Export Audit Log].
18
Settings for the Secure Operation 3 (Regular Review by Audit Log)
The following information is recorded in imported audit log data, check it regularly whether
there are not breaches by accessing or attempt.
z
Log ID: Consecutive numbers as an audit log identifier
z Date/Time: The date and time when a event was recorded
z Logged Events: Various acts and processing object storing audit log
z
User Name: The user name that generated an auditable event
z Description: Description on events
z Status: Status or result of event processing
z
Optionally Logged Items: Additional information recorded to audit log
(except common record items)
e.g.: The following audit log is recorded, when someone tried to login by ID(User1), and the
login failed due to an invalid password.
Item Description
Log ID 1
Date 01/01/2014
Time
Logged Events
10:00:00
Login/Logout
5
User Name User1
Description Login
Status Failed (Invalid Password)
Optionally Logged Items -
19
User Authentication
User Authentication
This section describes the operation of user authentication.

Before using, all services and configuring settings, a user must be authenticated with an ID
and a passcode.

2 Enter the "User ID" from keypad.
3 Select [Next] on the touch screen.
4 Enter the "Passcode" from keyboard.
All features on the control panel become available.
Important When another user interrupts and uses the machine by using the interrupt mode, the user needs to
logout before canceling the interrupt mode.
Example:
User A is authenticated g interrupt mode g User B login g job complete
g User B logout g cancel the interrupt mode
Note Before entering the User ID and the password, please select [Registered User] or [System
Administrator] when remote authentication is used
When using [Login to Local Accounts], only the system administrator's ID is pre-registered on the
5 machine. Other user IDs are not registered. For details on how to register User ID, refer to "5 Tools" >
"Authentication / Security Settings" > "Authentication" > "Create / View User Accounts" in the
Administrator Guide.
When using [Login to Remote Accounts], the user information registered on a remote
authentication server is used. The system administrator's ID on the machine is not registered on a
remote authentication server.
20
Appendix
Appendix
List of Operation Procedures
Using Using CentreWare Using ApeosWare

Item Default
Control Panel Internet Services Device Setup
How to check the [System Settings] > - [Settings] > [General -
Clock [Common Service Device Settings] >
Settings] > [Machine [Basic Information] >
Clock/Timers]. [Machine Time
Settings]
Use Passcode [Authentication/ - [Settings] > [General Off
Entry for Control Security Settings] > Device Settings] >
Panel Login [Authentication] > [Access Permissions] >
[Passcode Policy] > [Login Setup/Auditron]
[Passcode Entry for
Control Panel Login]
Change the [Authentication/ [Security] > [System [Settings] > [General -
System Security Settings] > Administrator Settings] Device Settings] >
Administrator [System Administrator [Basic Information] >
Passcode Settings] > [System [Change Administrator
Administrator's Info]
Set Maximum
Passcode].
[Authentication/ [Security] > [System - 5
5
Login Attempts Security Settings] > Administrator Settings]
[Authentication] >
[Maximum Login
Attempts By System
Administrator]
Set Service [System Settings] > [Security] > [Service - Off
Rep.Restricted [Common Service Representative
Operation Settings] > [Other Restricted Operation]
Settings] > [Service
Rep.Restricted
Operation].
Set Overwrite [Authentication/ - - 3
Hard Disk Security Settings] >
[Overwrite Hard Disk]
Set Data [System Settings] > - - Off
Encryption [Common Service
Settings] > [Other
Settings] > [Data
Encryption].
Set [Authentication/ [Security] > [Settings] > [General Off
Authentication Security Settings] > [Authentication Device Settings] >
[Authentication] > Configuration] [Access Permissions] >
[Login Type]. [Login Setup/Auditron]
> [Login Setup/Auditron
mode]
Set Access Control [Authentication/ [Security] > - Off
Security Settings] > [Authentication
[Authentication] > Configuration]
[Access Control]
21
Appendix

Item Default
Set Private Print [Authentication/ - - Off
Security Settings] >
[Authentication] >
[Charge/Private Print
Settings]
Set User Passcode [Authentication/ [Security] > [User - 0
Minimum Length Security Settings] > Details Setup] >
[Authentication] > [Minimum Passcode
[Passcode Policy] > Length]
[Minimum Passcode
Length]
Set Store & Send [System Settings] > - - On
Link [Common Service
Settings] > [Screen/
Button Settings] >
[Services Home]
Set Self Test [System Settings] > - - Off
[Common Service
Settings] >
[Maintenance] > [Power
on Self Test]
5 Set Software [System Settings] > - - On
Download [Common Service
Settings] > [Other
Settings] > [Software
Download]
Send/Receive E- [System Settings] > [Connectivity] > [Port [Settings] > [General Off
mail [Connectivity & Settings] Device Settings] >
Network Setup] > [Port [Basic Information] >
Settings] [Enable Port Settings]
Set LDAP Server [System Settings] > [Connectivity] > - -
[Connectivity & [Protocols] > [LDAP] >
Network Setup] > [LDAP Server]
[Remote
Authentication/
Directory Service] >
[LDAP Server/Directory
Service Settings]
Set Kerberos [System Settings] > [Security] > [Remote - -
Server [Connectivity & Authentication Servers]
Network Setup] > > [Kerberos Server]
[Remote
Authentication/
Directory Service] >
[Kerberos Server
Settings]
Set IPP [System Settings] > [Connectivity] > [Port - Off
[Connectivity & Settings]
Network Setup] > [Port
Settings]
22
Appendix

Item Default
Set SSL/TLS [System Settings] > [Security] > [Machine - Off
[Connectivity & Digital Certificate
Network Setup] > Management] >
[Security Settings] > [Create New SelfSigned
[SSL/TLS Settings] Certificate] > [SSL/TLS
Settings]
Configuring - [Security] > [Machine - -
Machine Digital Certificate
Certificates Management] >
[Upload Signed
Certificate].
Set IPSec [System Settings] > [Security] > [IPSec] - Off
[Connectivity &
Network Setup] >
[Security Settings] >
[IPSec Settings]
Set SNMPv3 - [Connectivity] > - Off
[Protocols] > [SNMP
Configuration]
Set S/MIME [System Settings] > [Security] > [SSL/TLS - Off
[Connectivity &
Network Setup] >
Settings] > [S/MIME
Communication] 5
[Security Settings] > [S/
MIME Settings]
Set Audit Log/ - [Security] > [Audit Log] - Off
Import the Audit
Log File
23
ApeosPort-V C7775/C6675/C5575/C4475/C3375/C3373/C2275
DocuCentre-V C7775/C6675/C5575/C4475/C3375/C3373/C2275
Security Function Supplementary Guide
ME6371E2-2 (Edition 1)
August 2014
Fuji Xerox Co., Ltd. Copyright 2014 by Fuji Xerox Co., Ltd.

SE Eng

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

SE Eng

Caricato da

Copyright:

Formati disponibili

ApeosPort-V C7775 DocuCentre-V C7775

ApeosPort-V C6675 DocuCentre-V C6675

Security Function Supplementary Guide

Before Using the Security Function

This section describes the security functions and confirmation matters.

Model Guide Manual No.

Settings for the Secure Operation

For Optimal Performance of the Security Features

Confirm the Machine ROM version and the System Clock

How to check by Control Panel

1 Press the <Machine Status> button on the control panel.

How to check by Print Report

1 Press the <Machine Status> button on the control panel.

5 How to check the System Clock

1 Press the <Log In/Out> button on the control panel.

Settings for the Secure Operation 1

Use Passcode Entry for Control Panel Login

1 Press the <Log In/Out> button on the control panel.

Authentication for entering the System Administration mode

1 Press the <Log In/Out> button on the control panel.

Change the System Administrator Passcode

1 Select [Authentication/Security Settings] on the [Tools] screen.

Set Maximum Login Attempts

1 Select [Authentication/Security Settings] on the [Tools] screen.

5 Set Service Rep. Restricted Operation

1 Select [System Settings] on the [Tools] screen.

Set Overwrite Hard Disk

1 Select [Authentication/Security Settings] on the [Tools] screen.

Set Data Encryption

1 Select [System Settings] on the [Tools] screen.

1 Select [Authentication/Security Settings] on the [Tools] screen.

10 Select [Authentication System].

Set Access Control

1 Select [Authentication/Security Settings] on the [Tools] screen.

Set Private Print

1 Select [Authentication/Security Settings] on the [Tools] screen.

8 Select [Delete Job] for [Job Login Failure] selection.

Set User Passcode Minimum Length

1 Select [Authentication/Security Settings] on the [Tools] screen.

Set Store & Send Link

1 Select [System Settings] on the [Tools] screen.

Set Self Test

1 Select [System Settings] on the [Tools] screen.

4 Select [Power on Self Test].

Set Software Download

1 Select [System Settings] on the [Tools] screen.

5 8 To exit the [Other Settings] screen, select [Close].

Settings for the Secure Operation 2

Preparations for settings on the CentreWare Internet Services

Set Send/Receive E-mail

1 Click [Connectivity] on the [Properties] screen.

Set LDAP Server

1 Click [Connectivity] on the [Properties] screen.

Set Kerberos Server

1 Click [Security] on the [Properties] screen.

3 Select [Kerberos Server].

1 Click [Connectivity] on the [Properties] screen.

1 Click [Security] on the [Properties] screen.

Configuring Machine Certificates

1 Click [Security] on the [Properties] screen.

1 Click [Security] on the [Properties] screen.

Set IPSec Address

1 Click [Connectivity] on the [Properties] screen.