Konica Minolta bizhub PRO 1200P User Manual
Page 66
5
Administrator Security Functions
60
bizhub PRO 1200P
Specify unauthorized actions: password authentication
If logs have NG as the result of password authentication (action: 01, 02, 11,
16), items protected by passwords may have been attacked.
- Failed password authentication (NG) log entries specify who made the
operation, and show if unauthorized actions were made when password
authentication failed.
- Even if password authentication succeeded (OK), it shows whether a le-
gitimate user created the action. You need to check carefully when suc-
cessful authentication occurs after series of failures especially during
times other than normal operating hours.
Specify unauthorized actions: actions other than password authentica-
tion under security
All operation results other than password authentication will be indicated as
successful (OK), so determine if there were any unauthorized actions by ID
and action.
- Since you cannot specify what was attacked only with an ID, you need to
see the action and the table on the previous page to determine whether
unauthorized actions were made on a personal box or secure box.
- Check the time, and see if the user who operated the specific subject
made any unauthorized actions.
(Example)
If a document saved in a box was printed using fraudulent authorization, the
following audit log entry will be created.
1. Password authentication for the box:
Action = 11
ID = Box that authentication was made
Result = OK/NG
2. Access to the document in the box:
Action = 13
ID = Box that authentication was made
Check the date and time the above operation occurred, and see if the oper-
ation on the document in the personal box or secure box was made by a le-
gitimate box user.
Actions to take if unauthorized operations are found
- If it’s found that a password has been leaked after analyzing the audit log,
change the password immediately.
- It’s possible that a password may have been tampered with and legiti-
mate users cannot access a box. The administrator must contact the
user to confirm the situation, and if that’s the case, the administrator
must change the password and delete the data saved in the box.
- If you cannot find documents that should be in a box or if you find a doc-
ument with changed content, unauthorized actions may have occurred.
Similar countermeasures are needed.