Security Analyst - Streamline NX Checklist

To ensure Streamline NX is fully secure, Security Analyst retrieves key server security settings from the Streamline NX Core Server and provides a ‘report’ about which settings are enabled and those that are disabled. The list is a guideline for the specific options that can make your Core server more secure.

The Overview screen provides this checklist, but you can also click the Streamline NX menu option to view the details. Options with a green checkmark meet the security recommendation, whereas options with a red do not.

If a particular item on the checklist is simply not relevant to your organization, you can click the eye icon to indicate the item can be overlooked. For example, if you implement local administrators only, you won’t need a visual reminder about having 4 local administrator accounts.

The icon is ‘shaded’ to indicate it is not relevant.

You cannot change these settings within Security Analyst. You must login to the Streamline NX Management Console with appropriate privileges to modify these settings.

State Importance SLNX Details

SSL/TLS enabled

Indicates if SSL/TLS is enabled for settings the connection to access the SLNX Admin Tool from a web browser. This connection type is more secure than alternative protocols or algorithms and reduces vulnerability of the server by ensuring no external system can read the communication.

The following protocols are enabled by default in Streamline NX: TLSv1.2, TLSv1.1, TLSv1.0, SSLv3, and SSLv2Hello. Ricoh recommends using SSLv3 or SSLv2Hello only if specifically required in your environment.

SFTP enabled

Ensures data integrity and security through a secure connection. All data (authentication information, file data, etc.) is transmitted through the single connection.

The Core Server will only accept communication from other devices through a single secure connection.

<n> LDAP Profile SSL disabled

SSL establishes a more secure connection between the directory server and the Core Server.

SSL should be enabled for all LDAP server profiles. The number of LDAP Profiles without SSL enabled are reported. The icon is green when all profiles are compliant.

Screen Lock enabled

Prevents unauthorized users from accessing management tools.

When a timeout value is reached, SLNX Management console automatically logs out the current user and returns to the login screen.

Account lockout threshold set

Allows only a specified number of incorrect password entries before the account is locked.

Prevents a user from entering random password in an attempt to access the Management Console.

<n> local administrators

Local Administrators should not be given Full Administrator privileges to ensure data integrity.

Reports the number of local administrators that are assigned the ‘Full Admin’ role. When the number is ‘0’, the icon is green.

Password requires

  • uppercase enabled

  • numeric enabled

  • special character enabled

Provides an additional layer of security to prevent password theft.

By requiring all three of these settings for Local Administrator accounts, ensures that the password is highly secure.