Lexmark Secure by Default FAQS
FAQs for Lexmark Secure by Default
Overview
Printer firmware (FW6.1 or later) defines a default configuration that is reasonably secure and in compliance with regulations. This article highlights some of the key security related changes by firmware level.
Comparison of Secure Default Settings between Firmware Releases
Admin account in ISW
FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 | |
|---|---|---|---|---|---|
Admin Account in ISW | Available by default (opt-in) with option to skip setup (opt-out) | Available by default (opt-in) with option to skip setup (opt-out) | Available by default (opt-in) with option to skip setup (opt-out) | Available by default (opt-in) with option to skip setup (opt-out) | Available by default (opt-in) with option to skip setup (opt-out). May vary by country. |
Security Audit Log Enabled
FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 | |
|---|---|---|---|---|---|
Security Audit Log Enabled | x |
Disk Encryption
FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 | |
|---|---|---|---|---|---|
Disk encryption | ON | ON | ON |
Default cipher list
Cipher | FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 |
|---|---|---|---|---|---|
OWASP Cipher String ‘B’ | x | x | x | x | x |
DHE-RSA-AES256-GCM-SHA384 | x | x | x | x | x |
DHE-RSA-AES128-GCM-SHA256 | x | x | x | x | x |
ECDHE-RSA-AES256-GCM-SHA384 | x | x | x | x | x |
ECDHE-RSA-AES128-GCM-SHA256 | x | x | x | x | x |
DHE-RSA-AES256-SHA256 | x | x | x | x | x |
DHE-RSA-AES128-SHA256 | x | x | x | x | x |
ECDHE-RSA-AES256-SHA384 | x | x | x | x | x |
ECDHE-RSA-AES128-SHA256 | x | x | x | x | x |
ECDHE-RSA-AES256-SHA | x | x | x | x | x |
ECDHE-RSA-AES128-SHA | x | x | x | x | x |
DHE-RSA-AES256-SHA | x | x | x | x | x |
DHE-RSA-AES128-SHA | x | x | x | x | x |
TLS_AES_128_GCM_SHA256 | x | x | x | x | |
TLS_AES_256_GCM_SHA384 | x | x | x | x |
Restricted ports
Restricted Ports | FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 |
|---|---|---|---|---|---|
TCP 79 (Finger) | x | x | x | x | x |
TCP 21 (FTP) | x | x | x | x | x |
UDP 69 (TFTP) | x | x | x | x | x |
TCP 5001 (IPDS) | x | x | x | x | x |
TCP 9600 (IPDS) | x | x | x | x | x |
TCP 10000 (Telnet) | x | x | x | x | x |
Restricted functions in admin menu
Restricted Functions | FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 |
|---|---|---|---|---|---|
Security Menu | x | x | x | x | x |
Network or Ports Menu | x | x | x | x | x |
Function Configuration Menu | x | x | x | x | x |
Option Card Menu | x | x | x | x | x |
SE Menu | x | x | x | x | x |
Restricted functions
Restricted Functions | FW7 | FW8 | FW230.424 or earlier | FW24 | FW25 |
|---|---|---|---|---|---|
Operator Panel Lock | x | x | x | x | x |
Import / Export All Settings | x | x | x | x | x |
Out of Service Erase | x | x | x | x | |
Firmware update | x | x | x | x |
Solution
Additional security settings can be adjusted as usual after completing the account setup in the
Initial Setup Wizard
section in order to customize the device security to the user's preference.Further information about security setup can be found in the
Embedded Web Server
Administrator’s Guide for the product.LEGACY ID:
FA1301