Fiery Security White Paper Fiery FS100 and FS100 Pro, Version 2.6.
Fiery Security White Paper Table of Contents 1 Document Overview............................................................................... 3 1.1 Electronics For Imaging (EFI) Security Philosophy............................... 3 1.2 Configure the Security Feature Via Fiery Configure............................. 3 2 Hardware and Physical Security............................................................. 4 2.1 Volatile Memory..............................................................................
1 Document Overview This document gives end users an overview of the Fiery® server’s architecture and functional aspects as they relate to device security in Fiery FS100 Pro/FS100. Fiery server is available in two options, an embedded server option and a stand-alone server option. This document refers to the embedded server option as integrated Fiery server and refers to both options as Fiery server. It covers hardware, network security, access control, operating system and data security.
2 Hardware and Physical Security 2.1 Volatile Memory 2.2.5 Physical Ports The Fiery server can be connected through the following The Fiery server uses volatile RAM for the CPU’s local memory external ports: and for the operating system, Fiery system software and image data’s working memory. Data that is written to RAM is held while Fiery Ports Function Access Access Control the power is on. When the power is turned off, all data is deleted. 2.
3 Network Security Standard network security features on the Fiery server include the ability to permit only authorized users and groups to access and print to the output device, limiting device communications to designated IP addresses, and controlling the availability of individual network protocols and ports as desired. Other TCP ports, except those specified by the engine manufacturers, are disabled. Any service dependent on a disabled port cannot be accessed remotely. 3.
3.3.3 Certificate Management 3.6 Email Security Certificates are used by the network clients to authenticate themselves in network activities that perform identity verifications. The certification method is supported by SSL/ TLS that implements authentication through the exchange of certificates based on public/private keys according to the X509 standard. The Fiery server supports the POP and SMTP protocols.
4 Access Control 4.1 User Authentication 4.2 Fiery Software Authentication The Fiery server user authentication feature allows the Fiery server to: The Fiery server defines Administrator, Operator, and Guest users with different privileges. These users are specific to the Fiery software and are not related to Windows-defined users or roles. It is recommended that administrators require passwords to access the Fiery server.
5 Operating System Environment 5.1 Start-up Procedures 5.3.2 SMS Tools The operating system and Fiery system software are loaded from the local HDD during startup. EFI has its own dedicated system update tool for its Windowsbased systems. This tool handles the retrieval of all applicable MS security patches and Fiery software updates. The Fiery server does not support any third-party SMS tools for retrieving and pushing updates to the Fiery server.
6 Data Security 6.1 Encryption of Critical Information Encryption of critical information in the Fiery server ensures that all passwords and related configuration information are secure when stored in the Fiery server. NIST 2010 compliant cryptographic algorithms are used. 6.
6.2.6 System Memory Processing of some files may write some job data to the operating system memory. In some cases, this memory may be cached on the HDD and is not specifically overwritten. job, when the job is carried out, characteristics of the job in terms of paper used, color, etc. The job log can be used to inspect the job activity of the Fiery server. A user with Operator access can view, export or print the job log from Fiery Command WorkStation. A user with 6.
7 Conclusion EFI offers a robust set of standard features and options on the Fiery server to help our customers meet their needs for a comprehensive and customizable security solution for any environment. EFI is committed to ensuring our customers’ businesses run at top efficiency and effectively protect the Fiery server deployed against vulnerabilities from either malicious or unintentional use.
