Lexmark 854e MFP Disabling ports and protocols, Using 802.1x Authentication, Printing Lockout

Disabling ports and protocols

TCP and UDP ports can be configured to one of three modes or values:

•Disabled - Never allows network connections to this port

•Secure and unsecure - Allows the port to remain open, even in Secure mode

•Unsecured only - Allows the port to only open when the MFP ss not in Secure mode

Using 802.1x Authentication

•802.1x port authentication allows the MFP to join networks that require authentication before allowing access.

•802.1x port authentication can be used with the WPA (Wi-Fi Protected Access) feature of an optional internal wireless print server to provide WPA-Enterprise security support.

•Support for 802.1x requires the establishment of credentials for the MFP.

•The MFP must be known to the Authentication Server (AS). The AS will allow network access to devices presenting a valid set of credentials which typically involves a name/password combination and possibly a certificate. The AS will allow network access to MFPs presenting a valid set of credentials.

•The credentials can be managed by using the Embedded Web Server of the MFP.

Locking the Operator Panel Menus

•Operator Panel Menu Lockout allows creation of a PIN number and choice of specific menus to lock.

•Each time a locked menu is selected, the user is prompted to enter the correct PIN at the operator panel. The PIN does not affect any access through the EWS.

Printing Lockout

•Printing Lockout allows locking or unlocking of an MFP using an assigned PIN. When locked, every job the MFP receives will buffer to the hard disk.

•A user can print jobs only by entering the correct PIN on the operator panel.

•A PIN can be assigned through the Web page of the MFP.

Note: Back channel data will be processed while the MFP is locked. Reports such as user or event logs can be retrieved from a locked MFP.

Confidential Print Setup

•Confidential Print Setup allows the designation of a maximum number of PIN entry attempts and allows setting an expiration time for print jobs.

•When a user exceeds a specific number of PIN entry attempts, all of the user’s print jobs are deleted. When a user has not printed their jobs within a designated time period, the print jobs are deleted.

Encrypting the Hard Disk

•Disk encryption provides protection of sensitive data stored on internal hard disk drives in the advent of unauthorized access to the hardware.

•When enabled, disk encryption uses 128 bit AES encryption to encrypt all data stored on the drive. This feature is disabled by default and enabled through the Power On Configuration menu.

•When enabled or disabled, the entire drive is formatted, destroying any references to data that may have been stored previously.

Hard Disk Wiping

•Hard disk wiping performs a multi-pass overwrite of all sectors on the hard disk, mitigating the potential exposure risks sensitive information.

•This feature is performed as needed and is accessed through the Power On Configuration menu.

Using the Restricted Server List Function

•The Restricted Server list lets a system support person restrict which hosts are allowed to communicate with the MFP over the network to prevent other hosts from managing and printing to the MFP.

Note: The Restricted Server List only restricts TCP traffic; it does not affect UDP traffic. The Restricted Server List supports up to ten host addresses or ten network addresses.

Digitally Signed Firmware Update Files

•Upgraded firmware files from Lexmark are now signed with a digital signature, which verifies the source and authenticity of the updated code.

•This prevents a malicious user from creating and uploading to the MFP custom code that could intercept and expose potential confidential data.

Workflow Integration with Document Distributor and the Lexmark X854e MFP

•Interactive e-routing from touch screen to intelligently move workflow documents over the