xerox freeflow print server managing user and group accounts ... 3. security inventory service tool...

Download Xerox FreeFlow Print Server Managing User and Group Accounts ... 3. Security Inventory Service Tool 4. ... The Xerox FreeFlow Print Server is an application software package tightly

Post on 05-Mar-2018

276 views

Category:

Documents

12 download

Embed Size (px)

TRANSCRIPT

  • June 2017

    Xerox FreeFlow Print Server Security White Paper And Configuration Guide

    Solaris-based Products

    Version: 1.0 Xerox iGen4 / iGen150 Presses / iGen8250 Presses Diamond Edition Presses Xerox Nuvera 200/288/314 EA / 200/288/144/120/100 MX / 1XX EA Series Xerox Color 800i/1000i Presses Xerox Color 800/1000 Presses Xerox Versant 80/2100 Presses Xerox DocuColor 8080 Press Xerox Color C75 / J75 Presses Xerox Color 560 / 570 Presses Xerox Impika Compact Inkjet Press Xerox CiPress 325/500 Production Inkjet System Xerox Rialto 900 Inkjet Press Xerox D95/D110/D125/D136 Copier/Printer Xerox DocuTech 180/155/128 Highlight Color Systems Xerox DocuTech 6180/6135/6115 Monochrome Printers Xerox DocuPrint 180/155/135/115/100 MX

  • 2017 Xerox Corporation. All rights reserved. Xerox, Xerox and Design, iGen, Versant, Impika, CiPress, Rialto, DocuColor, Xerox Nuvera, DocuTech, DocuPrint and FreeFlow are trademarks of Xerox Corporation in the United States and/or other Countries. BR #21505 Other company trademarks are also acknowledged.

  • 3

    Table of Contents 1.0 FreeFlow Print Server Security Overview ....................................... 8 2.0 FreeFlow Print Server Security Patches .......................................... 9

    2.1 Security Patch Notifications .................................................................................... 9 2.2 Security Patch Delivery and Install .................................................................... 10

    2.2.1 DVD/USB Media Install Method .......................................................................................... 10 2.2.1 FreeFlow Print Server Update Manager Install Method .......................................... 10

    3.0 FreeFlow Print Server Security Profiles ......................................... 12 3.1 System Supplied Security Profiles ...................................................................... 13 3.2 Security Profile Features and Services Default Settings ........................... 15 3.3 Security Profile Features and Services Descriptions ................................... 17 3.4 Creating Custom Security Profile ........................................................................ 26 3.5 Setting the Current and Default Profiles ......................................................... 27

    4.0 Managing User and Group Accounts ............................................. 28 4.1 User Account Structure and Group Association ............................................... 28 4.2 Solaris OS-Level Built-In User Accounts ............................................................... 29 4.3 FreeFlow Print Server Built-In User Accounts ................................................. 29 4.4 FreeFlow Print Server Built-In Group Accounts .............................................. 30 4.5 Managing User Accounts ........................................................................................... 30 4.6 FreeFlow Print Server XRXUSER Service Account .......................................... 31 4.7 FreeFlow Print Server Automatic User Account Logon .............................. 31 4.8 FreeFlow Print Server Automatic User Account Logoff.............................. 32 4.9 Managing User Account Lock-out .......................................................................... 32 4.10 Solaris SCM User/Group Management ............................................................. 33 4.11 Customize FreeFlow Print Server User/Group GUI Access ..................... 33 4.12 Customize User/Group Job Management GUI Access .............................. 35 4.13 Microsoft Access Directory Services (ADS) Users and Groups ............... 38

    4.13.1 Configure ADS Domain for FreeFlow Print Server ............................................... 39 4.13.2 Mapping ADS and FreeFlow Print Server Groups ................................................. 39 4.13.3 Log into FreeFlow Print Server GUI as ADS User.................................................. 40 4.13.4 Troubleshoot ADS ................................................................................................................ 40

    5.0 Managing Password Security ............................................................. 42 5.1 Changing User Passwords ..................................................................................... 42 5.2 Strong Password Settings ...................................................................................... 42 5.3 User Login Attempts Allowed ............................................................................... 47 5.4 User Password Expiration ....................................................................................... 49

  • 5.5 User Password Lock/Unlock ................................................................................... 49 5.6 Administrator Lockout Prevention and Recovery ........................................ 51

    5.6.1 Logout Situations................................................................................................................. 51 5.6.2 Avoiding User Account Lock-out ................................................................................... 52

    5.7 Password Expiry Mail Notification Feature .................................................... 53 6.0 Managing Print/Network Protocol and Filter Services ............ 58

    6.1 Print/Network Protocol Port Mappings ..................................................... 58 6.2 Disable or Restrict Print/Network Protocol Services .................................... 60

    6.2.1 SMB Services .......................................................................................................................... 61 6.2.2 File Transfer Protocol (FTP) Services ............................................................................ 63 6.2.3 Hot Folder Services .............................................................................................................. 64 6.2.4 Apache Services .................................................................................................................... 65 6.2.5 Jetty Web Services............................................................................................................... 66 6.2.6 Remote Service (Xerox Debug/Diagnostics) ............................................................. 67 6.2.7 Lpr Gateway Services ......................................................................................................... 67 6.2.8 IPP Gateway Services ......................................................................................................... 67 6.2.9 FreeFlow Remote Print Server (FFRPS) Services ................................................... 68 6.2.10 Job Forwarding Services .................................................................................................... 69 6.2.11 SNMP Services ....................................................................................................................... 69 6.2.12 Socket Gateway Services .................................................................................................. 73 6.2.13 Remote Procedure Call (RPC) Services ........................................................................ 73 6.2.14 Network File Services (NFS) ............................................................................................. 74 6.2.15 Telnet Services ...................................................................................................................... 75 6.2.16 AppleTalk Gateway Services ........................................................................................... 75 6.2.17 Novell Netware Gateway Services ................................................................................ 76 6.2.18 TotalNet Services ................................................................................................................. 76

    6.3 FreeFlow Print Server Port Management Tool ........................................... 77 6.4 FreeFlow Print Server IP Filter ............................................................................ 79 6.5 FreeFlow Remote Print Server (FFRPS) Filter .............................................. 79 6.6 FreeFlow Print Server RPC Filter ........................................................................ 79 6.7 Solaris OS IP Filter...................................................................................................... 80

    7.0 Authentication / Encryption Protocol Security ........................... 83 7.1 Enabling SSL/TLS and Certificate Setup .......................................................... 83 7.2 Creating/Installing SSL Certificate .................................................................... 85 7.3 FreeFlow Print Server IPSec Protocol Security ............................................ 87

    8.0 FreeFlow Print Server Hard Drive Security .................................. 89 8.1 Hard Drive Removal and Purchase ........................................................................ 89 8.2 Hard Drive Overwrite .................................................................................................... 89 8.3 Hard Drive Disk Purge .................................................................................................. 91 8.4 Hard Drive Removal Kit ............................................................................................... 93

    9.0 FreeFlow Print Server Audit Logging ............................................ 94

  • FreeFlow Print Server Security White Paper and Configuration Guide

    5

    9.1 Solaris Basic Security Module (BSM) ................................................................. 96 9.1.1 Enabling BSM Logging ....................................

Recommended

View more >