Table of items saved in audit log – Konica Minolta bizhub PRESS C1100 User Manual
Page 39
bizhub PRESS C1100/C1085
2-29
2.3
Administrator Security Functions
2
Table of items saved in audit log
*1
: Audit log ID is saved as user ID when user authentication is successfully made, or when password incon-
formity occurs with a registered user name.
*2
: Audit log ID is saved as unregistered user ID when authentication failure occurs with an unregistered user
name.
The purpose of analyzing the audit log is to understand the following and implement countermeasures:
-
Whether or not data was accessed or tampered with
-
Subject of attack
-
Details of attack
-
Result of attack
For specific analysis methods, refer to the following description.
Specifying unauthorized actions: password authentication
If logs have NG as the result of password authentication (action: 01, 02, 11), items protected by passwords
may have been attacked.
-
Failed password authentication (NG) log entries specify who made the operation, and show if unauthor-
ized actions were made when password authentication failed.
-
Even if password authentication succeeded (OK), you may need to check whether a legitimate user cre-
ated the action. Careful check is recommended especially when successful authentication occurs after
series of failures, or for those made during times other than normal operating hours.
No.
Operation
Audit ID
Stored ac-
tion
Result
1
CE authentication
CE ID
01
OK/NG
2
Administrator authentication
Administrator ID
02
OK/NG
3
Set/Change Enhanced Security mode
Administrator ID
03
OK
4
Print audit log/Output all to USB mem-
ory
CE ID/Administrator ID
04
OK
5
Change/Register CE password
CE ID
05
OK
6
Change/Register administrator pass-
word
CE ID/Administrator ID
06
OK
7
Create user by administrator
User ID
07
OK
8
Change/Register user password by ad-
ministrator
User ID
08
OK
9
Delete user by administrator
User ID
09
OK
10
Change user attribute by administrator
User ID
10
OK
11
Password authentication for user
User ID
*1
/Unregistered
user ID
*2
11
OK/NG
12
Change attributes of user by user (user
password, etc.)
User ID
12
OK
13
(not used)
14
(not used)
15
Access to stored job
(Printing hold/HDD store job, recalling
HDD store job to hold job, storing hold
job on HDD)
User ID
15
OK
16
Delete store job
User ID
16
OK
17
(not used)
18
(not used)
19
Change HDD lock password
Administrator ID
19
OK
20
Date/Time setting
User ID
20
OK