Machine manager security functions (continued) – Konica Minolta BIZHUB PRO 1050 User Manual
Page 61
Machine Manager Security Functions (continued)
- 53 -
Specify unauthorized actions: password authentication
If logs have NG as the result of password authentication (action: 01, 02, 11, 16),
items protected by passwords may have been attacked.
• Failed password authentication (NG) log entries specify who made the operation,
and show if unauthorized actions were made when password authentication failed.
• Even if password authentication succeeded (OK), it shows whether a legitimate
user created the action. You need to check carefully when successful
authentication occurs after series of failures especially during times other than
normal operating hours.
Specify unauthorized actions: actions other than password
authentication under security
All operation results other than password authentication will be indicated as
successful (OK), so determine if there were any unauthorized actions by ID and
action.
• Since you cannot specify what was attacked only with an ID, you need to see the
action and the table on the previous page to determine whether unauthorized
actions were made on a personal box or secure box.
• Check the time, and see if the user who operated the specific subject made any
unauthorized actions.
(Example)
If a document saved in a box was printed using fraudulent authorization, the
following audit log entry will be created.
1. Password authentication for the box:
Action = 11
ID = Box that authentication was made
Result = OK/NG
2. Access to the document in the box:
Action = 13
ID = Box that authentication was made
Check the date and time the above operation occurred, and see if the operation on
the document in the personal box or secure box was made by a legitimate box
user.
Actions to take if unauthorized operations are found
• If it's found that a password has been leaked after analyzing the audit log, change
the password immediately.
• It's possible that a password may have been tampered with and legitimate users
cannot access a box. The machine manager must contact the user to confirm the
situation, and if that's the case, the machine manager must change the password
and delete the data saved in the box.
• If you cannot find documents that should be in a box or if you find a document with
c h a n g e d c o n t e n t , u n a u t h o r i z e d a c t i o n s m ay h ave o c c u r r e d . S i m i l a r
countermeasures are needed.