Xerox 701P46740 - Manual

Security Guide 3 Security This section describes the Xerox FreeFlow ® Print Server system- supplied security profiles. It outlines the characteristics of each profile and indicates how each can be customized to create user- defined profiles. The enhanced security features in the Xerox FreeFlow Print...

Security Guide 5 Enable and disable services The following tables provide a list of the services that can be enabled and disabled from the Xerox FreeFlow Print Server “Setup > Security Profiles” menu options. NOTE: Services list may vary, depending on the product. Table 2-2 “System” tab System Se...

1 0 Security Guide User level changes The following user-level changes are made: • all users for at, cron, and batch are disallowed • nuucp account is disabled • listen account is disabled • password entry locked for bin, sys, adm, uucp, nobody, noaccess, nobody4, and anonymous sadmind Distributed s...

Security Guide 11 Solaris file permissions Secure File Permission options can be enabled or disabled through the Xerox FreeFlow Print Server interface. Fix-modes include: • fixmodes-xerox: fix file permissions for all packages to make them more secure. Available under the System tab under the “Secur...

Security Guide 13 Security warning banners Security warning banners are displayed when a user logs in or telnets into the Xerox FreeFlow Print Server. This message explains that only authorized users should be using the system and that any others face the possibility of being monitored by law enforc...

1 4 Security Guide Creating user-defined profiles To create a customized profile, the administrator can copy and edit any security profile according to the needs of the customer environment. This new user profile can be selected, edited, set as current, set as default, or deleted. Setting the curren...

Security Guide 15 between 2-8 characters in length and is case sensitive. • The user name is a string of characters from the set of alphabetic characters (a-z, A-Z), numeric characters (0-9), period (.), underscore (_), and hyphen (-); the first character must be alphabetic and the string must conta...

1 6 Security Guide Creating user accounts The Xerox FreeFlow Print Server user interface enables the Administrator to manage accounts easily by selecting [Setup], [Users & Groups], and the [Users] tab. When the administrator selects the Users tab, a pop-up window appears that enables the adminis...

Security Guide 19 Default Screen/Auto-Logoff Under [Setup/System Preferences/Default Screen], any member of the operator or system administrators group can select which of the Xerox FreeFlow Print Server screens (Job or Print) the UI should return to after a specified amount of time (1-10 minutes) o...

2 0 Security Guide NOTE: Please be aware that Xerox Customer Support Personnel must have access to the new root password for service and support. It is the customer's responsibility to ensure that the root and system administrator passwords are available for them. Strong Passwords The Xerox FreeFlow...

Security Guide 21 function will only apply to failed login attempts via the Xerox FreeFlow Print Server UI and does not apply to the root (su) user. How to Enable/Disable Login Attempts • From the Setup menu select [Users and Groups] • From the Policies drop down menu select [Password] • Enable/Disa...

2 2 Security Guide User Activity on the System When the High security profile is enabled, the Solaris Basic Security Module (BSM) is activated. Date/Time User Login/Logout This information is kept in the authlog and syslog in the /var/log directory. Login/Logout to the Xerox FreeFlow Print Server is...

Security Guide 23 2. Select the ADS tab, and enter in the fully qualified domain name of the ADS domain. 3. Click “Join…” button to join the Xerox FreeFlow Print Server to the ADS domain specified. NOTE: If DNS is not enabled, the “Join...” button will not be available. Map the ADS groups to the Pri...

2 4 Security Guide Specified Connections. Additional subnet mask can also be specified. Refer to online help for detailed descriptions of IP Filtering property tabs such as: General tab, System tab, INIT tab, INETD tab, RPC tab. Remote Workflow Remote Workflow allows for a remote connection to the X...

Security Guide 25 2. Use an existing certificate obtained from a certificate authority (i.e. VeriSign, Thawte, etc.) When SSL is disabled When SSL is disabled (off), other web-based logins provided by the Xerox FreeFlow Print Server may not be secure (encrypted). To guarantee a secure connection wit...

Security Guide 27 Digital Certificates SSL/TLS cannot be enabled unless a digital certificate has been installed on the system, using the Add Certificate button. Installing a digital certificate can only be done by someone with administrator privileges. The administrator selects SSL/TLS from the [Se...

Security Guide 29 NOTE: The IP Filtering (Setup->IP Filter) feature can also help in limiting access to the server. This is the Xerox FreeFlow Print Server's GUI interface to the SunScreen Lite firewall that is part of the Solaris 8 Operating System. This feature allows the user to limit the numb...

3 0 Security Guide Prevent Unauthorized Queue Changes Queue Lock • Queues can be locked and unlocked by the System Administrator. • Properties of a locked queue cannot be changed without first unlocking the queue. • Locked queues can only be deleted by the System Administrator. • Locked queues can b...

Security Guide 31 updated to the newer version. Any security patch that is determined to have a negative impact to Xerox FreeFlow Print Server operation will not be added. Customer Responsibilities The administrator has the primary responsibility for maintaining the security of the network within th...

3 2 Security Guide Virus Scan The Xerox FreeFlow Print Server runs on the Solaris 10 Operating System (OS). This OS makes the Xerox FreeFlow Print Server less susceptible to virus and worms. Online Help for security A great deal of helpful security information can be found in Online Help. Sun's secu...