Runtime Security; Event Monitoring & Logging; Audit Log; Operational Security - Xerox AltaLink B8045 Security Manual

Xerox® Security Guide for Office Class Products: AltaLink®  VersaLink®

Runtime Security

Each AltaLink® device comes with McAfee Embedded Control built-in and enabled by default. McAfee
Embedded Control is used to protect a variety of endpoints that range from wearable devices to critical
systems controlling electrical generation.
Executable control prevents unauthorized code from executing. Xerox has defined a whitelist of
executable programs; software that is not on the secure whitelist is not allowed to execute.
Memory control monitors memory and running processes. If unauthorized code is injected into a running
process, it is detected and prevented.
When an anomaly is detected it is logged to the device audit log and optional alerts are immediately sent
via email. Events are also reportable through CentreWare® Web or Xerox Device Manager, and
McAfee® ePolicy Orchestrator® (ePO).
Event Monitoring & Logging

Audit Log

The Audit Log feature records security-related events. The Audit Log contains the following information:
Field Description
Index A unique value that identifies the event.
Date The date that the event happened in mm/dd/yy format.
Time The time that the event happened in hh:mm:ss format.
ID The type of event. The number corresponds to a unique description.
Description An abbreviated description of the type of event.
Additional Columns 6–10 list other information about the event, such as:
Details Identity: User Name, Job Name, Computer Name, Printer Name, Folder Name, or
Accounting Account ID display when Network Accounting is enabled.
Completion Status
Image Overwrite Status: The status of overwrites completed on each job. Immediate
Image must be enabled.
AltaLink® products currently support 159 unique security events. VersaLink® products currently support
52 unique events.
A maximum of 15,000 events can be stored on the device. When the number of events exceeds 15,000,
audit log events will be deleted in order of timestamp, and then new events will be recorded. The audit
log be exported at any time by a user with administrative privileges. Note that as a security precaution,
audit log settings and data can only be accessed via HTTPS.

Operational Security

Firmware Restrictions

The list below describes supported firmware delivery methods and applicable access controls.
 Local Firmware Upgrade via USB port:
Xerox service technicians can update product firmware using a USB port and specially configured USB
November 2018 Page 23