Konica Minolta 920 manual Specify unauthorized actions password authentication

The purpose of analyzing the audit log is to understand the following and im- plement countermeasures:

Whether or not data was accessed or tampered with

Subject of attack

Details of attack

Results of attack

Specify unauthorized actions: password authentication

If logs have NG as the result of password authentication (action: 01, 02, 11, 16), items protected by passwords may have been attacked.

-Failed password authentication (NG) log entries specify who made the operation, and show if unauthorized actions were made when password authentication failed.

-Even if password authentication succeeded (OK), it shows whether a le- gitimate user created the action. You need to check carefully when suc- cessful authentication occurs after series of failures especially during times other than normal operating hours.

Specify unauthorized actions: actions other than password authentica- tion under security

All operation results other than password authentication will be indicated as successful (OK), so determine if there were any unauthorized actions by ID and action.

-Since you cannot specify what was attacked only with an ID, you need to see the action and the table on the previous page to determine whether unauthorized actions were made on a personal box or secure box.

-Check the time, and see if the user who operated the specific subject made any unauthorized actions.

( Example )

If a document saved in a box was printed using fraudulent authorization, the following audit log entry will be created.

1.Password authentication for the box: Action = 11

ID = Box that authentication was made Result = OK/NG

2.Access to the document in the box: Action = 13

ID = Box that authentication was made

Check the date and time the above operation occurred, and see if the oper- ation on the document in the personal box or secure box was made by a le- gitimate box user.