Xerox Versant 3100 Press Security Manual
  1. Manuals
  2. Brands
  3. Xerox Manuals
  4. Printer
  5. Versant 3100 Press
  6. Security manual

Xerox Versant 3100 Press Security Manual

Entry production color presses
Hide thumbs Also See for Versant 3100 Press:
Table of Contents

Advertisement

Quick Links

®
Xerox

Security Guide

Entry Production Color Presses
Versant®
Versant® 80/180
ColorPress®
2100/3100
Color Digital Press
Production Press
Color Digital Press
Versant 2100 Press,
Versant 80 Press,
Color 800/1000 Press
Versant 3100 Press
Versant 180 Press
Color 800i/1000i Press
Xerox® Application Security Guide and Information Assurance Disclosure

Advertisement

Table of Contents
loading

Related Manuals for Xerox Versant 3100 Press

Summary of Contents for Xerox Versant 3100 Press

  • Page 1: Security Guide

    Entry Production Color Presses Versant® Versant® 80/180 ColorPress® 2100/3100 Color Digital Press Production Press Color Digital Press Versant 2100 Press, Versant 80 Press, Color 800/1000 Press Versant 3100 Press Versant 180 Press Color 800i/1000i Press Xerox® Application Security Guide and Information Assurance Disclosure...
  • Page 2 Xerox® Security Guide for Entry Production Color Class Products © 2019 Xerox Corporation. All rights reserved. Xerox and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR26363 Other company trademarks are also acknowledged.

  • Page 3: Table Of Contents

    Xerox® Security Guide for Entry Production Color Class Products Table of Contents INTRODUCTION ..........................1-3 ..............................1-3 URPOSE ........................... 1-3 ARGET UDIENCE .............................. 1-3 ISCLAIMER ........................... 1-3 HYSICAL OMPONENTS ............................1-4 RCHITECTURE ............................1-4 NTERFACE ..............................1-4 CANNER ............................. 1-4...
  • Page 4 Xerox® Security Guide for Entry Production Color Class Products ® 800/1000/800 /1000 ....................7-35 OLOR RESS APPENDIX B: SECURITY EVENTS ...................... 7-39 ® 80/180 S ..................7-39 EROX ERSANT ECURITY VENTS ® 2100/3100 S .................. 7-41 EROX ERSANT ECURITY VENTS ®...

  • Page 5: Introduction

    The information in this document is accurate to the best knowledge of the authors and is provided without warranty of any kind. In no event shall Xerox be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox has been advised of the possibility of such damages.

  • Page 6: Architecture

    Xerox® Security Guide for Entry Production Color Class Products Main Left Front Door. Main Middle Front Door. Architecture Versant® and ColorPress® products share a common architecture which is depicted below. The following sections describe components in detail. User Scanner Interface...

  • Page 7: Controller

    An external (EXT) is available to connect an external handset. In this configuration, the FAX card acts as a passive relay. Wireless Network Connector Xerox Versant® and ColorPress® products do not offer a wireless connector option. March 2019 Page 1-5...

  • Page 8: March 2019 Page

    NFC functionality requires a software plugin that can be obtained from Xerox sales and support. NFC functionality is supported via optional touch screen user interface or optional dedicated NFC USB dongle.

  • Page 9: User Data Protection

    Xerox® Security Guide for Entry Production Color Class Products User Data Protection Xerox Entry Production Color Presses receive, process, and may optionally store user data from several sources including: local print, scan, fax NO FAX ON VERSANT OR CP1000, or copy jobs or mobile and cloud applications, etc.

  • Page 10: User Data In Transit

    Inbound User Data Print Job Submission In addition to supporting network level encryption including IPSec and WPA, Xerox products also support encryption of print job data at the time of submission. This can be used to securely transmit print jobs over unencrypted connections or to enhance existing network level security controls.
  • Page 11 Xerox Versant® Color Presses support the Xerox App Gallery® which contains several additional applications that extend the capabilities of Xerox products. Discussion of App security is beyond the scope of this document. Xerox Apps utilize the security framework provided by the 3 party vendor.

  • Page 12: Network Security

    Xerox® Security Guide for Entry Production Color Class Products Network Security Xerox products are designed to offer a high degree of security and flexibility in almost any network environment. This section describes several aspects of the product related to network security.

  • Page 13: Network Encryption

    Xerox® Security Guide for Entry Production Color Class Products • POP3 – Client - • SNTP – Client - • NETBIOS – Name Service • NETBIOS – Datagram Service • SNMP • SNMP trap • LDAP – Client - • SLP TCP/UDP •...
  • Page 14 Xerox® Security Guide for Entry Production Color Class Products Wireless 802.11 Wi-Fi Protected Access (WPA) Xerox Versant® and ColorPress® products do not offer a wireless network connector option. Versant® and ColorPress® products support the latest version, TLS 1.2. Versant® 80/180 Press Versant® 2100/3100 Color 800/100 Press®...
  • Page 15 Xerox® Security Guide for Entry Production Color Class Products Public Key Encryption (PKI) A digital certificate is a file that contains data used to verify the identity of the client or server in a network transaction. A certificate also contains a public key used to create and verify digital signatures. To prove identity to another product, a product presents a certificate trusted by the other product.
  • Page 16 Xerox® Security Guide for Entry Production Color Class Products SFTP Supported (Not Applicable) (Not Applicable) Trusted Certificates Public certificates may be imported to the product’s certificate store for validation of trusted external products. The following categories are supported: • Trusted Root CA Certificate -Certificates with authority to sign other certificates. These certificates usually are self-signed certificates that come from another product or service that you want to trust.
  • Page 17 Xerox® Security Guide for Entry Production Color Class Products Certificate Validation ColorPress® and Versant® devices support certificate validation with configurable checks for OSCP and CRL. Validation checks include:  Validation of certificate path  Certificate expiration  Validation of trusted CA ...

  • Page 18: Network Access Control

    Cisco ISE under product families, such as Versant®, enabling Cisco ISE to automatically detect and profile new Xerox® products from the day they are released. Customers who use Cisco ISE find that including Xerox® products in their security policies is simpler and requires minimal effort.

  • Page 19: Contextual Endpoint Connection Management

    Xerox® Security Guide for Entry Production Color Class Products Prevent impersonation (aka spoofing) of a printer/MFP Automatically prevent connection of non-approved print products Smart rules-based policies to govern user interaction with network printing products  Provide simplified implementation of security policies for printers and MFPs by:...
  • Page 20 Xerox® Security Guide for Entry Production Color Class Products IP Whitelist Supported Supported Supported IP Whitelisting (IP Address Filtering) Versant® products support IP Whitelisting only. When enabled all traffic is prohibited regardless of interface (wired/wireless) unless enabled by IP filter rule.

  • Page 21: Device Security: Bios, Firmware, Os, Runtime, And Operational Security Controls

    Xerox® Security Guide for Entry Production Color Class Products Device Security: BIOS, Firmware, OS, Runtime, and Operational security controls Versant® and ColorPress® products have robust security features that are designed to protect the system from a wide range of threats. Below is a summary of some of the key security controls.

  • Page 22: Pre-Boot Security

    Unlike open operating systems such as servers and user workstations in which software may be installed by users, Xerox products are based on embedded systems and the contents are managed by Xerox. The only means of modifying the contents of a device is by applying a firmware update package.

  • Page 23: Operational Security

    The list below describes supported firmware delivery methods and applicable access controls.  Local Firmware Upgrade via USB port: Xerox service technicians can update product firmware using a USB port on the PC UI. This ability is restricted to CSE installation only.

  • Page 24: Configuration & Security Policy Management Solutions

    Xerox® Security Guide for Entry Production Color Class Products Configuration & Security Policy Management Solutions Xerox Device Manager and Xerox CentreWare® Web (available as a free download) centrally manage Xerox Devices. For details please visit Xerox.com or speak with a Xerox representative.

  • Page 25: Identification, Authentication, And Authorization

    The local user database stores user credential information. The printer uses this information for local authentication and authorization, and for Xerox ® Standard Accounting. When you configure local authentication, the printer checks the credentials that a user provides against the information in the user database.
  • Page 26 Xerox® Security Guide for Entry Production Color Class Products Network Authentication When configured for network authentication, user credentials are validated by a remote authentication server. Versant® 80/180 Press Versant® 2100/3100 Color 800/100 Press® Press Versant 80 Press, Versant Versant 2100 Press,...

  • Page 27: Authorization (Role Based Access Controls)

    Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions) can be assigned on a per user or group basis. Please note that Xerox products are designed to be customizable and support various workflows as well as security needs. User permissions include security-related permissions and non-security related workflow permissions (e.g.

  • Page 28: Additional Information & Resources

    Xerox® Security Guide for Entry Production Color Class Products Additional Information & Resources Security @ Xerox® Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see http://www.xerox.com/security. Responses to Known Vulnerabilities Xerox has created a document which details the Xerox Vulnerability Management and Disclosure Policy used in discovery and remediation of vulnerabilities in Xerox software and hardware.

  • Page 29: Appendix A: Product Security Profiles

    Xerox® Security Guide for Entry Production Color Class Products Appendix A: Product Security Profiles This appendix describes specific details of each Versant® and ColorPress® product. March 2019 Page 7-27...

  • Page 30: Versant® 80/180

    Xerox® Security Guide for Entry Production Color Class Products Versant® 80/180 Physical Overview Bypass Tray User Interface Duplex Automatic Document Feeder Offset Catch Tray Dry Ink/Toner Waste Bottle Door Trays 1-3 Front Door Dry Ink/Toner Cover Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface.
  • Page 31 Xerox® Security Guide for Entry Production Color Class Products Controller Non-Volatile Storage SD Card Required Contains User Data (E.g. Print, Scan, Fax) Encryption Support Configurable NIST 800-171 Overwrite Support Contains Configuration Settings Encryption Support Configurable Customer Erasable On Demand Note: Configuration settings may be erased by the reset to factory defaults feature.
  • Page 32 Xerox® Security Guide for Entry Production Color Class Products 512MB SDRAM Temporary SRAM 1Gbit (page storage (64M x memory) erased 16 bit) DIMM: variables when for IISS machine PWBA powered off. Additional Information: All memory listed above contains code for execution and configuration information.

  • Page 33: Versant® 2100/3100

    Xerox® Security Guide for Entry Production Color Class Products Versant® 2100/3100 Physical Overview Oversized High Capacity Feeder Bypass Tray Print Engine Control Panel and Touch Screen Dry Ink/Toner Cover Left Front Door Center Front Door Right Front Door Paper Trays 1, 2, and 3 10.
  • Page 34 Xerox® Security Guide for Entry Production Color Class Products Encryption and Overwrite Encryption AES-256 TPM Chip (Not Currently Supported) Media Sanitization Immediate and On-Demand Image Overwrite. Controller Non-Volatile Storage SD Card Required Contains User Data (E.g. Print, Scan, Fax) Encryption Support...
  • Page 35 Xerox® Security Guide for Entry Production Color Class Products User image data not customer stored. alterable. 512KB Battery- Configuration and SRAM is not backed SRAM control set points. erased when a (ESS PWBA) User image data not main switch is stored.
  • Page 36 Xerox® Security Guide for Entry Production Color Class Products Size Type User How to Volatile Modifiable Clear 64MB SDRAM (MCU Temporary storage SRAM PWBA) of variables erased when machine powered off. 4Gbit DRAM Temporary storage SDRAM (SYSTEM of program and...

  • Page 37: Colorpress® 800/1000/800I/1000I

    Xerox® Security Guide for Entry Production Color Class Products ColorPress® 800/1000/800i/1000I Physical Overview Print Engine Left Side Upper Left Door Upper Right Door Left Front Door Right Front Door Trays 1 and 2 Print Engine Right Side Left Front Door...
  • Page 38 Xerox® Security Guide for Entry Production Color Class Products Controller Non-Volatile Storage SD Card Optional Contains User Data (E.g. Print, Scan, Fax) Encryption Support Configurable NIST 800-171 Overwrite Support Contains Configuration Settings Customer Erasable On Demand Note: Configuration settings may be erased by the reset to factory defaults feature.
  • Page 39 Xerox® Security Guide for Entry Production Color Class Products software is upgraded or reinstalled. 512KB Flash OS, Boot code, Application Content code, cannot be Program constant data. modified in the Contains no field. user or job specific data Battery RAM...
  • Page 40 Xerox® Security Guide for Entry Production Color Class Products PCUI Non-Volatile Memory Size Type User How to Volatile Data Clear 128K EPROM System Diagnostics No BIOS Additional Information: The controller operating system memory manager allocates memory dynamically between OS, running processes, and temporary data which includes jobs in process.

  • Page 41: Appendix B: Security Events

    Xerox® Security Guide for Entry Production Color Class Products Appendix B: Security Events Xerox Versant® 80/180 Security Events Event Description 0x0101 Change of Device Status Normal cold-booting Normal warm-booting Booting due to forced LOG initialization Booting due to forced HDD initialization...
  • Page 42 Xerox® Security Guide for Entry Production Color Class Products 0x0601 Access to Data Stored in Certificate registration Device Certificate deletion Address addition Address deletion Address change Uploading from remote client (Whole address book) Downloading to remote client (Whole address book)

  • Page 43: Xerox Versant® 2100/3100 Security Events

    Xerox® Security Guide for Entry Production Color Class Products Xerox Versant® 2100/3100 Security Events Event Description 0x0101 Change of Device Status Normal cold-booting Normal warm-booting Booting due to forced LOG initialization Booting due to forced HDD initialization Shutdown User operation status...
  • Page 44 Xerox® Security Guide for Entry Production Color Class Products 0x0701 Change/Restoration of Replacement of important parts Device Configuration Detection of HDD replacement Change of ROM version 0x0801 Communication Result Reliability Communication Error March 2019 Page 7-42...

  • Page 45: Colorpress® Security Events

    Xerox® Security Guide for Entry Production Color Class Products ColorPress® Security Events ColorPress utilizes Windows Event Logging which is outside the scope of this document. March 2019 Page 7-43...

This manual is also suitable for:

Versant 180 pressColor 800 pressVersant 2100 pressVersant 80 pressColor 1000i pressColor 1000 press color 800i press

Table of Contents