Xerox WORKCENTRE 7755 Information Manual page 15

XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper
The embedded web pages communicate to the machine through a set of unique APIs and do not have direct access to
machine information:
Network
The HTTP port can only access the HTTP server residing in the Network Controller. The embedded HTTP server is Apache.
The purpose of the HTTP server is to:
•
Give users information of the status of the device;
•
View the job queue within the device and delete jobs;
•
Allow users to download print ready files and program Scan to File Job Templates;
•
Allow remote administration of the device. Many settings that are on the Local UI are replicated in the
device's web pages. Users may view the properties of the device but not change them without logging into
the machine with administrator privileges.
The HTTP server can only host the web pages resident on the hard disk of the device. It does not and cannot act as a proxy
server to get outside of the network the device resides on. Hence the server cannot access any networks (or web servers)
outside of the customer firewall.
When the device is configured with an IP address, it is as secure as any device inside the firewall. The web pages are
accessible only to authorized users of the network inside the firewall.
This service (and port) may be disabled in User Tools via the Local User Interface or via the TCP/IP page in the Properties
tab on the WebU. Please note that when this is disabled, IPP Port 631 is also disabled.
HTTP may be secured by enabling Secure Sockets Layer.
2.8.2.4.1. Proxy Server
The device can be configured to communicate through a proxy server. Features that can make use of a proxy server include
the Automatic Meter Read feature, scanning to a remote repository, or retrieving scan templates from a remote template
pool.
2.8.2.5. Port 88, Kerberos
This port is only open when the device is communicating with the Kerberos server to authenticate a user, and is only used
only to authenticate users in conjunction with the Network Scanning feature. To disable this port, authentication must be
disabled, and this is accomplished via the Local User Interface.
This version of software has Kerberos 5.1.1 with DES (Data Encryption Standard) and 64-bit encryption. The Kerberos code is
limited to user authentication, and is used to authenticate a user with a given Kerberos server as a valid user on the network.
Please note that the Kerberos server (a 3
Kerberos software has completed its task. This code will not and cannot be used to encrypt or decrypt documents or other
information.
This feature is based on the Kerberos program from the Massachusetts Institute of Technology (MIT). The Kerberos network
authentication protocol is publicly available on the Internet as freeware at http://web.mit.edu/kerberos/www/. Xerox has
determined that there are no export restrictions on this version of the software. However, there are a few deviations our
version of Kerberos takes from the standard Kerberos implementation from MIT. These deviations are:
1) The device does not keep a user's initial authentication and key after the user has been authenticated. In a standard
Kerberos implementation, once a user is authenticated, the device holds onto the authentication for a programmed
Ver. 1.01, April 2010
Network Controller
request
http
server
response
rd
party device) needs to be set up for each user. Once the user is authenticated, the
15
I
n
t
e
request
r
machine
n
information
a
l
response
A
P
I
Page 15 of 40