Remedy for unauthorized operations – Konica Minolta bizhub PRESS C8000e User Manual

bizhub PRESS C8000

2-36

2.4

Administrator Security Functions

2

*1

: Audit log ID will be saved as user ID when user authentication is successfully made, or when password

inconformity occurs with a registered user name.

*2

: Audit log ID will be saved as unregistered user ID when authentication failure occurs with an unregistered

user name.

The purpose of analyzing the audit log is to understand the following and implement countermeasures:
-

Whether or not data was accessed or tampered with

-

Subject of attack

-

Details of attack

-

Result of attack

For specific analysis methods, see the following description.

Specifying unauthorized actions: password authentication

If logs have NG as the result of password authentication (action: 01, 02, 11), items protected by passwords
may have been attacked.
-

Failed password authentication (NG) log entries specify who made the operation, and show if unauthor-
ized actions were made when password authentication failed.

-

Even if password authentication succeeded (OK), you may need to check whether a legitimate user cre-
ated the action. Careful check is recommended especially when successful authentication occurs after
series of failures, or for those made during times other than normal operating hours.

Specifying unauthorized actions: actions other than password authentica-
tion

Since all operation results other than password authentication are indicated as successful (OK), use ID and
action to determine if any unauthorized actions were made.

Check the time of operation, and see if the user who operated the specific subject made any unauthorized
actions.

Remedy for unauthorized operations

If you find that a password has leaked out after analyzing the audit log, change the password immediately.

4

Print audit log/output all to USB

CE ID/Administrator ID

04

OK

5

Change/Register CE password

CE ID

05

OK

6

Change/Register administrator pass-
word

CE ID/Administrator ID

06

OK

7

Create user by administrator

User ID

07

OK

8

Change/register user password by ad-
ministrator

User ID

08

OK

9

Delete user by administrator

User ID

09

OK

10

Change attributes of user by adminis-
trator

User ID

10

OK

11

Password authentication for user

User ID

*1

/Unregistered

user ID

*2

11

OK/NG

12

Change attributes of user by user (user
password, etc.)

User ID

12

OK

13

Change HDD lock password

Administrator ID

19

OK

14

(not used)

15

Access to stored job
(Printing hold/HDD store job, recalling
HDD store job to hold job, storing hold
job on HDD)

User ID

15

OK

16

Delete stored job

User ID

16

OK

No.

Operation

Audit ID

Stored ac-
tion

Result