Device Security: Bios, Firmware, Os, Runtime, And Operational Security Controls - Xerox AltaLink B8045 Security Manual

Xerox® Security Guide for Office Class Products: AltaLink®  VersaLink®
5 Device Security: BIOS, Firmware, OS, Runtime, and
Operational security controls
AltaLink® and VersaLink® products have robust security features that are designed to protect the system
from a wide range of threats. Below is a summary of some of the key security controls.
Pre-Boot BIOS Protection
BIOS

The BIOS is inaccessible and cannot be cleared or reset.

The BIOS can only be modified by a firmware update, which is digitally signed.

BIOS will fail secure, locking the system if integrity is compromised.
Embedded Encryption

Configuration Settings (including security settings) and User Data are encrypted by AES.

Each device is encrypted using its own unique key.
Boot Process Integrity
Firmware Integrity & Verification

Firmware is digitally signed.

Firmware is verified against a whitelist using cryptographic hashing.
Runtime Intrusion Prevention & Detection
Runtime Executable Control

McAfee Embedded Control prevents unauthorized software from executing. This prevents
worms, viruses, spyware, and other malware that install themselves from executing
illegitimately.
Runtime Intrusion Detection – Memory Control

McAfee Embedded Control ensures that running processes are protected from malicious
attempts to hijack them. Unauthorized code injected into a running process is detected and
prevented.
Event Monitoring & Logging

The Audit Log feature records security-related events.
Continuous Operational Security
Firmware and Diagnostic Security Controls

Firmware installation controls limit who can install firmware and from where.

Customer defined service technician (CSE) restrictions add an additional layer of protection to
prevent unauthorized access and/or modification of AltaLink® and VersaLink® products.

Continuous logging
November 2018 Page 21