Key operator security functions (continued) – Konica Minolta 7145 User Manual
Page 37
Key Operator Security Functions (continued)
- 31 -
Specify unauthorized actions: password authentication
If logs have NG as the result of password authentication (action ID: 01, 02, 11, 16, 17),
items protected by passwords may have been attacked.
• Failed password authentication (NG) log entries specify who made the operation, and
show if unauthorized actions were made when password authentication failed.
• Even if password authentication succeeded (OK), it shows whether a legitimate user
created the action ID. You need to check carefully when successful authentication
occurs after series of failures especially during times other than normal operating hours.
Specify unauthorized actions: actions other than password authentication
under security
All operation results other than password authentication will be indicated as successful
(OK), so determine if there were any unauthorized actions by ID and action ID.
• Since you cannot specify what was attacked only with an ID, you need to see the action
ID and the table on the previous page to determine whether unauthorized actions were
made on a user box, confidential printing, or data in a fax confidential inbox.
• Check the time, and see if the user who operated the specific subject made any
unauthorized actions.
(Example)
If a document saved in a box was printed using fraudulent authorization, the following
audit log entry will be created.
1. Password authentication for the box:
Action ID = 11
Box No. = Box that authentication was made
Result = OK/NG
2. Access to the document in the box:
Action ID = 13
Box No. = Box that authentication was made
Check the date and time the above operation occurred, and see if the operation on the
document in the specific box was made by a legitimate box user.
Actions to take if unauthorized operations are found
• If it's found that a password has been leaked after analyzing the audit log, change the
password immediately.
• It's possible that a password may have been tampered with and legitimate users cannot
access a box. The Key Operator must contact the user to confirm the situation, and if
that's the case, the Key Operator must change the password and delete the data saved
in the box.
• If you cannot find documents that should be in a box or if you find a document with
changed content, unauthorized actions may have occurred. Similar countermeasures
are needed.