Preventing unauthorized access
Administrators have the primary task of securing the print server, company data, and network communication against a range of external and internal threats. In addition, they have responsibility to implement and enforce the company’s own security policies.
MyQ helps with this by providing extensive security options for the MyQ Server, comprehensive network encryption, and clear protocol policies.
Secured Access to the MyQ Server
To maximize print server security, restricting user access to the lowest necessary level is recommended. For this reason, access of common users to the MyQ Web Interface is limited only to their profile, reports, and print jobs. Users' access rights can be extended according to their role and responsibilities in the MyQ system (user management, device management, credit recharge, etc.). The only accounts that have full access to the administration of MyQ are accounts with the system administrator role.
User login security to the MyQ Server can be increased by increasing the complexity level of passwords, PIN length, and by setting rules for locking an account in cases of repeated use of wrong credentials.
To detect misuse of the extended access rights, MyQ tracks all changes on the admin level and saves them to MyQ Audit Log together with information about when and by whom the MyQ settings were changed. This is particularly useful when users report problems with PIN or ID card access, or when the system stops working due to changes in the MyQ configuration.
Encrypting the MyQ Database
To prevent unauthorized access to the company's data, the administrator can encrypt the data within the MyQ database. The data encryption feature was implemented in Firebird 3.0 and has been available in MyQ since MyQ 7.6.
Network Communication Security
MyQ security enables the encryption of all user authentication data and the content of print files on the network. This includes all TCP/IP communication between individual components of MyQ as well as all network connections to other services. Applications can be encrypted using either the MyQ default self-signed certificate or the customer's CA signed certificate, which is meant to prevent man-in-the-middle attacks.
MyQ supports and uses the most recent protocols to support user security. Vulnerable protocols and ciphers are disabled by default.
The following communication protocols can be encrypted with MyQ:
Communication among MyQ Servers — HTTPS
Communication between the MyQ Server and a MyQ Terminal — HTTPS
Communication between the MyQ client application and the MyQ Server — HTTPS
Communication between the MyQ Server and AD/eDirectory/OpenLDAP — LDAPS
Communication between the MyQ Server and a mail server — SMTPS
Print from a workstation to the MyQ Server — LPR over SSL
Print from the MyQ Server to a printing device — IPPS or MPPS (MyQ Print Protocol)
Print from users computer to server can also be done using IPPS instead of the standard LPR.