Lexmark Secure by Default FAQS

Overview

Printer firmware (FW6.1 or later) defines a default configuration that is reasonably secure and in compliance with regulations. This article highlights some of the key security related changes by firmware level.

Comparison of Secure Default Settings between Firmware Releases

Admin account in ISW

	FW6.1	FW7	FW8
Admin Account in ISW	Not available	Available by default (opt-in) with option to skip setup (opt-out)	Available by default (opt-in) with option to skip setup (opt-out)

Disk Encryption

	FW6.1	FW7	FW8
Disk encryption	OFF	ON	ON

Default cipher list

Cipher	FW6.1	FW7	FW8
OWASP Cipher String ‘B’	x	x	x
DHE-RSA-AES256-GCM-SHA384	x	x	x
DHE-RSA-AES128-GCM-SHA256	x	x	x
ECDHE-RSA-AES256-GCM-SHA384	x	x	x
ECDHE-RSA-AES128-GCM-SHA256	x	x	x
DHE-RSA-AES256-SHA256	x	x	x
DHE-RSA-AES128-SHA256	x	x	x
ECDHE-RSA-AES256-SHA384	x	x	x
ECDHE-RSA-AES128-SHA256	x	x	x
ECDHE-RSA-AES256-SHA	x	x	x
ECDHE-RSA-AES128-SHA	x	x	x
DHE-RSA-AES256-SHA	x	x	x
DHE-RSA-AES128-SHA	x	x	x
TLS_AES_128_GCM_SHA256			x
TLS_AES_256_GCM_SHA384			x

Restricted ports

Restricted Ports	FW6.1	FW7	FW8
TCP 79 (Finger)	x	x	x
TCP 21 (FTP)		x	x
UDP 69 (TFTP)		x	x
TCP 5001 (IPDS)		x	x
TCP 9600 (IPDS)		x	x
TCP 10000 (Telnet)		x	x

Restricted functions in admin menu

Restricted Functions	FW7 (opt‑in)	FW8 (opt‑in)
Security Menu	x	x
Network / Ports Menu	x	x
Function Configuration Menu	x	x
Option Card Menu	x	x
SE Menu	x	x

Restricted functions in device management

Restricted Functions	FW6.1	FW7 (opt‑in)	FW7 (opt‑out)	FW8 (opt‑in)	FW8 (opt‑out)
Operator Panel Lock	x	x	x	x	x
Import / Export All Settings		x		x
Out of Service Erase				x

Solution

Additional security settings can be adjusted as usual after completing the account setup in the Initial Setup Wizard
in order to customize the device security to the customers preference.

Further information about security setup can be found in the Embedded Web Server
Administrator’s Guide for the product.

LEGACY ID: FA1301