Konica Minolta bizhub PRO 920 User Manual

Administrator Security Functions

6

bizhub PRO 920

61

The purpose of analyzing the audit log is to understand the following and im-
plement countermeasures:

Whether or not data was accessed or tampered with
Subject of attack
Details of attack
Results of attack

Specify unauthorized actions: password authentication

If logs have NG as the result of password authentication (action: 01, 02, 11,
16), items protected by passwords may have been attacked.
-

Failed password authentication (NG) log entries specify who made the
operation, and show if unauthorized actions were made when password
authentication failed.

-

Even if password authentication succeeded (OK), it shows whether a le-
gitimate user created the action. You need to check carefully when suc-
cessful authentication occurs after series of failures especially during
times other than normal operating hours.

Specify unauthorized actions: actions other than password authentica-
tion under security

All operation results other than password authentication will be indicated as
successful (OK), so determine if there were any unauthorized actions by ID
and action.
-

Since you cannot specify what was attacked only with an ID, you need to
see the action and the table on the previous page to determine whether
unauthorized actions were made on a personal box or secure box.

-

Check the time, and see if the user who operated the specific subject
made any unauthorized actions.

( Example )
If a document saved in a box was printed using fraudulent authorization, the
following audit log entry will be created.

1. Password authentication for the box:

Action = 11
ID = Box that authentication was made
Result = OK/NG

2. Access to the document in the box:

Action = 13
ID = Box that authentication was made

Check the date and time the above operation occurred, and see if the oper-
ation on the document in the personal box or secure box was made by a le-
gitimate box user.