Disable or Protect 'Public User' web account

**oldschool** · 02-08-2013, 10:12 PM

Re: Disable or Protect 'Public User' web account

I've done a lot of IT work in my day and I understand privacy concerns. When it boils down to it I was the one in charge of security. Any IT professional knows that you can block a website only for PCs within a range of IP addresses. Most routers have this built in and you just need to input the address/IPs you want blocked. Just be sure the admin user's PC's IP address is not blocked. There are other ways to block a website from certain users. Most companies already have this type of system in place.

No matter how small the change; getting custom firmware is not a quick or easy solution.

If you truly care about security than you should already be using secure printing. Set it up in the driver by default and they'll have to enter a set username and password for that PC when they pick up their print job. Otherwise print jobs are just laying on the copier to be seen or taken by anyone before the person that printed it shows up!

**kingarthur** · 02-11-2013, 09:53 AM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I'm pretty sure custom firmware will be the route we are going to take.
I imagine it shouldn't be too big of a cost to simply remove the ability for the user to login.
Seems the easiest way would be to just make a check if it's not the admin user logging it, just fail the login.
Though, I'm not a programmer.

Still, I'm pretty sure if there's no way to block those sections or disable the login, that will be the route we attempt to take.

Secure printing isn't a good option in this case as many of the people doing the confidential printing aren't computer savvy. They just use basic functions.

If..as you say the "people doing the confidential printing aren't computer savvy"...then why the need for so much security...

**AndrewPO** · 02-11-2013, 03:25 PM

Re: Disable or Protect 'Public User' web account

Originally posted by oldschool

I've done a lot of IT work in my day and I understand privacy concerns. When it boils down to it I was the one in charge of security. Any IT professional knows that you can block a website only for PCs within a range of IP addresses. Most routers have this built in and you just need to input the address/IPs you want blocked. Just be sure the admin user's PC's IP address is not blocked. There are other ways to block a website from certain users. Most companies already have this type of system in place.

This is really not an option in our case. There are plenty of people on VMs which need access.

Originally posted by kingarthur

If..as you say the "people doing the confidential printing aren't computer savvy"...then why the need for so much security...

I said many. There are still those that are.
To be blunt, this is the only device on our network that hasn't been secured.

**emujo** · 02-11-2013, 11:32 PM

Re: Disable or Protect 'Public User' web account

If you're willing to experimant, try turning on account track...when enabled, any user accessing the web page will need to log in with their code to get to the user page...I haven't tried it on any of our MFPs, but it might block any info pertaining to other users...might only see your own jobs/print records...Emujo

**kronical** · 02-11-2013, 11:47 PM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I keep saying it, let me put it in a list this time
Here is what SHOULD NOT be accessible to any sort of public login

Listing of current jobs
Listing of past jobs
Name of user who sent jobs
Name of file for sent jobs
Ability to delete jobs
Ability to change priority on jobs

This isn't paranoia. The options are there. We can't restrict it from our network or we disable the admin login as well. Therefore anyone on our network can do anything on that list. It's a security risk, plain and simple.

Setting that aside for a moment, I asked a technical question, I'd rather not have to explain every possible motivation for what I need to do.

Let me ask you this,

What makes you think this access is in any way different than what users can access on the machine itself?
You really are being overly paranoid.
Maybe your company should have looked into this beforehand?
Maybe your company shouldn't have been so cheap and paid the massive amount of extra money for the remote administration package (which, btw, would allow you to turn off the web interface for both sides, and manage the equipment from the package)
Or maybe you should be using 3rd party security solutions such as Equitrack.

Point being, you get what you pay for. You didn't want to pay for the extra security features, then don't bitch about not having them.

**kronical** · 02-11-2013, 11:49 PM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I'm guessing you don't work somewhere where confidential documents need to be printed, well I do.
Security is a major concern, and so is not having to go to the printer and back just to add an address to the address book.

Seriously?!? We techs deal with ALL INDUSTRIES. Confidential documents included. Even GOVERNMENT offices. None of them seems to have this problem.

**kronical** · 02-11-2013, 11:51 PM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I'm pretty sure custom firmware will be the route we are going to take.
I imagine it shouldn't be too big of a cost to simply remove the ability for the user to login.
Seems the easiest way would be to just make a check if it's not the admin user logging it, just fail the login.
Though, I'm not a programmer.

Still, I'm pretty sure if there's no way to block those sections or disable the login, that will be the route we attempt to take.

Secure printing isn't a good option in this case as many of the people doing the confidential printing aren't computer savvy. They just use basic functions.

Really?! So the brain surgeon that requires an electronic scope to probe your brain during surgery can just "not use it" because he's not tech-savvy? Reeally?!
How about, "learn how to do it or find another job"

God Damn IT people are so useless.

**kronical** · 02-12-2013, 12:00 AM

Re: Disable or Protect 'Public User' web account

Originally posted by blackcat4866

I've just found that some IT personnel can be control freaks. They want me to do the setup, but will not provide administrative rights or logins. I know a specific IT guy who doesn't even want me looking at his screen, and never ever touch a keyboard.

The funny thing about the security functions are that when they're working properly they're never convenient or simple. If it was it wouldn't be security.

Couldn't you block that specific IP address for the browser?

Have you taken into account that 99.9% of the individuals in your office have no idea that there even is a web interface, let alone how to get to it? Even when I attempt to train individuals how to use it, within a week they cannot remember a thing.

In my humble opinion the username does not tell you anything particularly interesting. So what if so-and-so printed or scanned a document? Nobody can see the document. Is the time that crucial? or # of MB?

I too think your paranoid. =^..^=

Oh Blackcat, you hit the nail on the head.
The users aren't tech savvy enough to use secure print (which takes 2 clicks extra from where they already are, and that's pending that IT DIDN'T pre-program the print driver with the users information), but they are savvy enough to know how to get into the web interface, which requires them to know the exact IP address of the machine... that makes alot of sense.
And very true, it only contains a log of who printed and how many pages. Not what was on each page.

That being said, I was able to find some information for you that may prove helpful
Paranoia Support Group - DailyStrength

**kronical** · 02-12-2013, 12:03 AM

Re: Disable or Protect 'Public User' web account

Originally posted by emujo

If you're willing to experimant, try turning on account track...when enabled, any user accessing the web page will need to log in with their code to get to the user page...I haven't tried it on any of our MFPs, but it might block any info pertaining to other users...might only see your own jobs/print records...Emujo

No this won't help, as all information is available once logged in. The accounts will be designated as public users.

**B0265** · 02-12-2013, 09:30 AM

Re: Disable or Protect 'Public User' web account

Depending on the model you could try this:
Press the Utility/Counter key > Administrator Settings > Security Settings > Security Details > Hide Personal Information.
This setting hides the file names in the job list.

**AndrewPO** · 02-12-2013, 03:39 PM

Re: Disable or Protect 'Public User' web account

Originally posted by B0265

Depending on the model you could try this:
Press the Utility/Counter key > Administrator Settings > Security Settings > Security Details > Hide Personal Information.
This setting hides the file names in the job list.

This is definitely a step in the right direction for us. Ours had that option and we have it enabled now.
Thank you.

**dallas** · 02-12-2013, 06:59 PM

Re: Disable or Protect 'Public User' web account

... and that is the reason why there are user manuals.
If I knew just someone who reads me from it.

**AndrewPO** · 02-12-2013, 07:01 PM

Re: Disable or Protect 'Public User' web account

Originally posted by dallas

... and that is the reason why there are user manuals.
If I knew just someone who reads me from it.

I don't get the manual. My boss does.

**kingarthur** · 02-13-2013, 01:31 PM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I don't get the manual. My boss does.

Is that for security reasons.......

**Darren King** · 02-13-2013, 01:46 PM

Re: Disable or Protect 'Public User' web account

Originally posted by AndrewPO

I don't get the manual. My boss does.

Seems to be an office full of paranoia. lol.

Disable or Protect 'Public User' web account

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment