DOCSLIB.ORG

FFPS Security White Paper and Configuration Guide

FFPS Security White Paper and Configuration Guide

June 2017 Xerox® FreeFlow® Print Server Security White Paper And Configuration Guide Solaris-based Products Version: 1.0 Xerox® iGen®4 / iGen®150 Presses / iGen®8250 Presses Diamond Edition® Presses Xerox® Nuvera® 200/288/314 EA / 200/288/144/120/100 MX / 1XX EA Series Xerox® Color 800i/1000i Presses Xerox® Color 800/1000 Presses Xerox® Versant® 80/2100 Presses Xerox® DocuColor® 8080 Press Xerox® Color C75 / J75 Presses Xerox® Color 560 / 570 Presses Xerox® Impika® Compact Inkjet Press Xerox® CiPress® 325/500 Production Inkjet System Xerox® Rialto® 900 Inkjet Press Xerox® D95/D110/D125/D136 Copier/Printer Xerox® DocuTech® 180/155/128 Highlight Color Systems Xerox® DocuTech® 6180/6135/6115 Monochrome Printers Xerox® DocuPrint® 180/155/135/115/100 MX ©2017 Xerox Corporation. All rights reserved. Xerox®, Xerox and Design®, iGen®, Versant®, ® ® ® ® ® ® ® ® Impika , CiPress , Rialto , DocuColor , Xerox Nuvera , DocuTech , DocuPrint and FreeFlow are trademarks of Xerox Corporation in the United States and/or other Countries. BR #21505 Other company trademarks are also acknowledged. Table of Contents 1.0 FreeFlow® Print Server Security Overview ....................................... 8 2.0 FreeFlow® Print Server Security Patches .......................................... 9 2.1 Security Patch Notifications .................................................................................... 9 2.2 Security Patch Delivery and Install .................................................................... 10 2.2.1 DVD/USB Media Install Method .......................................................................................... 10 2.2.1 FreeFlow® Print Server Update Manager Install Method .......................................... 10 3.0 FreeFlow® Print Server Security Profiles ......................................... 12 3.1 System Supplied Security Profiles ...................................................................... 13 3.2 Security Profile Features and Services Default Settings ........................... 15 3.3 Security Profile Features and Services Descriptions ................................... 17 3.4 Creating Custom Security Profile ........................................................................ 26 3.5 Setting the Current and Default Profiles ......................................................... 27 4.0 Managing User and Group Accounts ............................................. 28 4.1 User Account Structure and Group Association ............................................... 28 4.2 Solaris OS-Level Built-In User Accounts ............................................................... 29 4.3 FreeFlow® Print Server Built-In User Accounts ................................................. 29 4.4 FreeFlow® Print Server Built-In Group Accounts .............................................. 30 4.5 Managing User Accounts ........................................................................................... 30 4.6 FreeFlow® Print Server XRXUSER Service Account .......................................... 31 4.7 FreeFlow® Print Server Automatic User Account Logon .............................. 31 4.8 FreeFlow® Print Server Automatic User Account Logoff.............................. 32 4.9 Managing User Account Lock-out .......................................................................... 32 4.10 Solaris SCM User/Group Management ............................................................. 33 4.11 Customize FreeFlow® Print Server User/Group GUI Access ..................... 33 4.12 Customize User/Group Job Management GUI Access .............................. 35 4.13 Microsoft Access Directory Services (ADS) Users and Groups ............... 38 4.13.1 Configure ADS Domain for FreeFlow® Print Server ............................................... 39 4.13.2 Mapping ADS and FreeFlow® Print Server Groups ................................................. 39 4.13.3 Log into FreeFlow® Print Server GUI as ADS User.................................................. 40 4.13.4 Troubleshoot ADS ................................................................................................................ 40 5.0 Managing Password Security ............................................................. 42 5.1 Changing User Passwords ..................................................................................... 42 5.2 Strong Password Settings ...................................................................................... 42 5.3 User Login Attempts Allowed ............................................................................... 47 5.4 User Password Expiration ....................................................................................... 49 3 5.5 User Password Lock/Unlock ................................................................................... 49 5.6 Administrator Lockout Prevention and Recovery ........................................ 51 5.6.1 Logout Situations................................................................................................................. 51 5.6.2 Avoiding User Account Lock-out ................................................................................... 52 5.7 Password Expiry Mail Notification Feature .................................................... 53 6.0 Managing Print/Network Protocol and Filter Services ............ 58 6.1 Print/Network Protocol <-> Port Mappings ..................................................... 58 6.2 Disable or Restrict Print/Network Protocol Services .................................... 60 6.2.1 SMB Services .......................................................................................................................... 61 6.2.2 File Transfer Protocol (FTP) Services ............................................................................ 63 6.2.3 Hot Folder Services .............................................................................................................. 64 6.2.4 Apache Services .................................................................................................................... 65 6.2.5 Jetty Web Services............................................................................................................... 66 6.2.6 Remote Service (Xerox Debug/Diagnostics) ............................................................. 67 6.2.7 Lpr Gateway Services ......................................................................................................... 67 6.2.8 IPP Gateway Services ......................................................................................................... 67 6.2.9 FreeFlow® Remote Print Server (FFRPS) Services ................................................... 68 6.2.10 Job Forwarding Services .................................................................................................... 69 6.2.11 SNMP Services ....................................................................................................................... 69 6.2.12 Socket Gateway Services .................................................................................................. 73 6.2.13 Remote Procedure Call (RPC) Services ........................................................................ 73 6.2.14 Network File Services (NFS) ............................................................................................. 74 6.2.15 Telnet Services ...................................................................................................................... 75 6.2.16 AppleTalk Gateway Services ........................................................................................... 75 6.2.17 Novell Netware Gateway Services ................................................................................ 76 6.2.18 TotalNet Services ................................................................................................................. 76 6.3 FreeFlow® Print Server Port Management Tool ........................................... 77 6.4 FreeFlow® Print Server IP Filter ............................................................................ 79 6.5 FreeFlow® Remote Print Server (FFRPS) Filter .............................................. 79 6.6 FreeFlow® Print Server RPC Filter ........................................................................ 79 6.7 Solaris OS IP Filter...................................................................................................... 80 7.0 Authentication / Encryption Protocol Security ........................... 83 7.1 Enabling SSL/TLS and Certificate Setup .......................................................... 83 7.2 Creating/Installing SSL Certificate .................................................................... 85 7.3 FreeFlow® Print Server IPSec Protocol Security ............................................ 87 8.0 FreeFlow® Print Server Hard Drive Security .................................. 89 8.1 Hard Drive Removal and Purchase ........................................................................ 89 8.2 Hard Drive Overwrite .................................................................................................... 89 8.3 Hard Drive Disk Purge .................................................................................................. 91 8.4 Hard Drive Removal Kit ............................................................................................... 93 9.0 FreeFlow® Print Server Audit Logging ...........................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    103 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us