Xerox 701P40211 Network parameters secured Executable stacks disabled, Remote CDE login disabled

Page 33

System Guide

Security and Network Setup

Network parameters secured

Sun's nddconfig security tool is run. For additional information, view Sun's document, Solaris Operating Environment Network Settings for Security, at http://www.sun.com/solutions/blueprints/ 1200/network-updt1.pdf.

Executable stacks disabled

The system stack is made non-executable. This is done so security exploitation programs cannot take advantage of the Solaris OE kernel executable system stack and thereby attack the system

NFS port monitor restricted

The NFS server normally accepts requests from any port number. The NFS Server is altered to process only those requests from privileged ports. Note that with the high security setting, NFS is disabled; however if the service is re-enabled manually the port restriction will still apply.

Remote CDE login disabled

The Remote CDE login is disabled.

DocuSP router capabilities disabled

The DocuSP router capabilities is disabled (empty /etc/notrouter file created).

Security warning banners

Security warning banners are displayed when a user logs in or telnets into the DocuSP server. This message explains that only authorized users should be using the system and that any others face the possibility of being monitored by law enforcement officials.

NOTE: DRW (DocuSP Remote Workflow) is not impacted by security settings.

Common Controller

4-9

Image 33

Contents Xerox Document Services Platform Series USA Table of Contents Table of Contents Printing FinishingFonts Accounting and Billing TroubleshootingHints and Tips Table of Contents Table of Contents System Guide Viii Contents IntroductionAbout this guide Customer Support ConventionsInternet Services Http Gateway Configuration Gateway ConfigurationIPP Gateway Configuration Type cd /opt/XRXnps/XRXippGateway Administrator must enable Snmp in License Manager Simple Network Management Protocol Snmp ConfigurationSnmpdebuglog Configuration variablesSnmp MIB Support Printer and job messagesGateway Configuration System Guide Type cd /opt/XRXnps/XRXnwqsgw/bin NDS SetupGateway Configuration System Guide Common Controller Backup Backup and RestoreRestore Backing up a System Restoring a System Type restoreAccess and Security Security and Network SetupChanging the logon level Overview of SecurityUser Password changes Roles and responsibilitiesXerox responsibility DocuSP 3.7 security changes Security SetupUsing the High security setting Security and Network Setup System Guide User level User and File-level changesSolaris file permissions secured Multicast routing disabledOS and host information hidden Sendmail daemon securedRemote CDE login disabled Network parameters secured Executable stacks disabledDocuSP router capabilities disabled NFS port monitor restrictedDigiPath and Decomposition Services Configure-xdss scriptXdss script components Disabling LP Anonymous PrintingDisable-security and enable-security scripts Remote shell internet serviceEnable-ftp and disable-ftp scripts User Account ManagementPrint command line client from remote systems Other security tips Configure for xrxusrDocument and backup Sample of inetd.conf fileOnline help for security # Syntax for TLI-based Internet services # only on machines acting as boot servers Orstream or dgram #rexd/1 tli rpc/tcp wait root /usr/sbin/ rpc.rexd rpc.rexd How Do I? Answer Quick referenceHow Do I? Answer Controller settings for limited Fifo scheduling/printing PrintingFirst In/First Out Fifo Printing ‘Enabling Fifo Job Scheduling’ Enable/Disable Fifo Job Scheduling‘No Change Made’ Enabled DisabledAscii and PCL Printing Utility Impact on DocuSP printersSetpclcontrol Utility Set lp/lprcopycount utility # ./setVPSoption -2NONVPS Socket Gateway Configuration Utility setVPSoptionTiff files Tiff orientationPerformance considerations Supported Tiff tags Resolution UnitsCompression T4 OptionY Resolution Micr EnablementStrip Byte Counts and Strip Offsets Tile Width, Tile Length, Tile Offsets, Tile Byte CountsPaper Trays Using VippPrinting hints Printing System Guide Common Controller Finishing Subset FinishingDocuTech Subset Offset Page Level Jog Creating jobs to use subset finishingPCL Offset/Separator/Subset Finishing command PCL Paper Source Command Mixed StackingLarge Capacity ESC&15H Envelope Feed ESC&16H Additional finishing information Finishing System Guide Common Controller How to choose fonts FontsFonts Font download option Resident FontsPostScript Resident Fonts System GuideFonts FontsSystem Guide PCL resident fonts PCL 5e resident bitmap fonts Non Resident FontsDownloaded fonts Optional or soft fonts Font substitutionPostScript fonts PCL 5e fonts Accounting Accounting and BillingAuto exporting accounting log Accounting exported valuesAccounting file fields System Guide Accounting and Billing Bytes Read SecondsProcessed SkippedAccounting and Billing System Guide Pages Printed Sheets PrintedAccounting and Billing System Guide Billable Events BillingMarket Region Billing Meters for Region Billing MetersTroubleshooting Calling for serviceDeclared faults Undeclared faults Printer faultJob fault Client problems Windows problemsMacintosh problems GUI problems DigiPath problemsFont problems Print Quality problemsInoperable system problems Job flow problemsAt the # prompt, typesync sync halt and press Enter System Guide Troubleshooting Job Integrity problems PDL problemsPostScript problems Tiff problems Restore password Restart DocuSP software without rebooting Productivity and performance problemsProblems when saving a job Alljobslog Printing system logsSystemlog StatuslogPrinting the system logs Epexceptionlog and epprimarylogRebooting and restarting Printing the accounting logType sync sync halt Opt/XRXnps/bin/XJDC -option,option... filename Loading XJDC/UnixXjdc Hints and Tips Configuring XJDC/UnixBASIC.JSL Output filesTroubleshooting System Guide General Hints and TipsGeneral Comments Color SystemsTime used to generate the PDL Time used to transfer PDLJob submission hints Number of images Time required to print PDLEthernet GatewaysJob submission order Job RIP HintsVariable data Image Quality Skipped Pitches Job Printing HintsPerform a Trace PCI Channel Interface PWB Trace Capture ProcedureExport the trace file to floppy Numerics IndexIndex System Guide INDEX-3 Index INDEX-4 System Guide