Xerox D Series Security Manual
  1. Manuals
  2. Brands
  3. Xerox Manuals
  4. Printer
  5. D Series
  6. Security manual

Xerox D Series Security Manual

Light production mono class
Hide thumbs
Table of Contents

Advertisement

Quick Links

®
Xerox
Security Guide
Light Production Mono Class
Copier/Printers
Legacy
Legacy
D-Series®
Printers
Copier/Printers
Copier/Printers
4110, 4112/4127,
4110, 4112/4127,
D95/D110/D125/D136
4590 Enterprise
4590 Copier/Printer
Copier/Printer
Printing System
Xerox® Application Security Guide and Information Assurance Disclosure

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the D Series and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Xerox D Series

Summary of Contents for Xerox D Series

  • Page 1 ® Xerox Security Guide Light Production Mono Class Copier/Printers Legacy Legacy D-Series® Printers Copier/Printers Copier/Printers 4110, 4112/4127, 4110, 4112/4127, D95/D110/D125/D136 4590 Enterprise 4590 Copier/Printer Copier/Printer Printing System Xerox® Application Security Guide and Information Assurance Disclosure...
  • Page 2 Xerox® Security Guide for Light Production Mono Class Products © 2019 Xerox Corporation. All rights reserved. Xerox and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. BR26363 Other company trademarks are also acknowledged.

  • Page 3: Table Of Contents

    Xerox® Security Guide for Light Production Mono Class Products Table of Contents INTRODUCTION ........................... 3 ..............................3 URPOSE ............................3 ARGET UDIENCE ..............................3 ISCLAIMER ..........................4 HYSICAL OMPONENTS ............................4 RCHITECTURE ............................5 NTERFACE ..............................5 CANNER ............................6...
  • Page 4 Xerox® Security Guide for Light Production Mono Class Products APPENDIX B: SECURITY EVENTS ......................51 ® S ......................51 EROX EGACY ECURITY VENTS ® S ........................67 ERIES ECURITY VENTS...

  • Page 5: Introduction

    The information in this document is accurate to the best knowledge of the authors and is provided without warranty of any kind. In no event shall Xerox be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox has been advised of the possibility of such damages.

  • Page 6: Physical Components

    Xerox® Security Guide for Light Production Mono Class Products Physical Components Xerox Legacy (4110/4112/4127) and D-Series® Copier/Printer products consist of an input document handler and scanner, marking engine, controller, and user interface. Printer products do not have an input document handler or scanner. A typical configuration is depicted below. Please note that options including finishers, paper trays, document handers, etc.

  • Page 7: User Interface

    Xerox® Security Guide for Light Production Mono Class Products User Scanner Interface Device External Controller Storage Interfaces Marking Optional Engine Interfaces User Interface The user interface detects soft and hard button actuations and provides text and graphical prompts to the user.

  • Page 8: Marking Engine

    Xerox® Security Guide for Light Production Mono Class Products Marking Engine The Marking Engine performs copy/print paper feeding and transport, image marking, fusing, and document finishing. The marking engine is comprised of paper supply trays and feeders, paper transport, LED scanner, xerographic, and paper output and finishing. The marking engine is only accessible to the Controller via inter-chip communication with no other access and does not store user data.
  • Page 9 Xerox® Security Guide for Light Production Mono Class Products Controller This device contains numerous types of data including user data: Hard disk 1) Data of the documents scanned in upon copying. 2) Data of spooled documents in PDL format from the network.

  • Page 10: Optional Equipment

    NFC functionality requires a software plugin that can be obtained from Xerox sales and support. NFC functionality is supported via optional touch screen user interface or optional dedicated NFC USB dongle.

  • Page 11: User Data Protection

    Xerox products protect user data being processed by employing strong encryption. When the data is no longer needed, the Image Overwrite (IIO) feature automatically erases and overwrites the data on magnetic media, rendering it unrecoverable.

  • Page 12: User Data In Transit

    Inbound User Data Print Job Submission In addition to supporting network level encryption including IPSec and WPA Xerox products also support encryption of print job data at the time of submission. This can be used to securely transmit print jobs over unencrypted connections or to enhance existing network level security controls.
  • Page 13 Add on Apps- Cloud, Google, DropBox, and others The Xerox App Gallery® contains several additional applications that extend the capabilities of Xerox products. Discussion of App security is beyond the scope of this document. Xerox Apps utilize the security framework provided by the 3 party vendor.

  • Page 14: Network Security

    Xerox® Security Guide for Light Production Mono Class Products 3 Network Security Xerox products are designed to offer a high degree of security and flexibility in almost any network environment. This section describes several aspects of the product related to network security.
  • Page 15 Xerox® Security Guide for Light Production Mono Class Products • HTTP(WSD) • HTTP(WebDAV) • HTTP(IPP added port) • Kerberos – Client • POP3 – Client • SNTP – Client • NETBIOS – Name Service • NETBIOS – Datagram Service • NETBIOS •...
  • Page 16 Xerox® Security Guide for Light Production Mono Class Products for the controller side is unknown. Also, the port is not open on the controller all the time but will open only at time of accessing the remote server. Ports 20, 21: FTP There are cases where this port is used as an FTP client feature or as an FTP server feature.
  • Page 17 Xerox® Security Guide for Light Production Mono Class Products A read/write of partial system setting information is possible through the unique protocols on the HTTP port. The HTTP server can only host the web pages in the device, but cannot substitute for the proxy server.
  • Page 18 Xerox® Security Guide for Light Production Mono Class Products In the product, tickets are stored only in a memory, and are deleted automatically by a user log-off or an automatic log-off due to time-out. When power is turned off during log-on, the tickets will be deleted.
  • Page 19 Xerox® Security Guide for Light Production Mono Class Products Port 443: HTTPS This port operates as a secure channel for HTTP server, and supports TLSv1.1 and TLSv1.2. When SSL/TLS is enabled, HTTP connections to CentreWare Internet Services are redirected to HTTPS.
  • Page 20 Xerox® Security Guide for Light Production Mono Class Products Ports 546, 547: DHCPv6 These ports are used for DHCPv6. When querying the IPv6 DNS server address, the product accesses port 547 of DHCPv6 server and receives the result from DHCPv6 server at port 546.

  • Page 21: Network Encryption

    Xerox® Security Guide for Light Production Mono Class Products Port 15000: Loopback Port This port is the loopback port for the control of the common server that operates the SMTP server, and is activated when SMTP receive is enabled. A system administrator can disable this loopback port by disabling SMTP receive via Local User Interface or from CentreWare Internet Services.
  • Page 22 Xerox® Security Guide for Light Production Mono Class Products Wireless 802.11 Wi-Fi Protected Access (WPA) Xerox Legacy (4110/4112/4127) and D-Series® Copier/Printer products do not offer a wireless network connector option. Xerox Legacy (4110/4112/4127) and D-Series® Copier/Printer products support TLS 1.2.
  • Page 23 Xerox® Security Guide for Light Production Mono Class Products Public Key Encryption (PKI) A digital certificate is a file that contains data used to verify the identity of the client or server in a network transaction. A certificate also contains a public key used to create and verify digital signatures. To prove identity to another product, a product presents a certificate trusted by the other product.
  • Page 24 Xerox® Security Guide for Light Production Mono Class Products Trusted Certificates Public certificates may be imported to the product’s certificate store for validation of trusted external products. The following categories are supported: • A Trusted Root CA Certificate is a certificate with authority to sign other certificates. These certificates usually are self-signed certificates that come from another product or service that you want to trust.
  • Page 25 Xerox® Security Guide for Light Production Mono Class Products Certificate Validation Xerox Legacy and D-Series® Copier/Printer support certificate validation with configurable checks for OSCP and CRL. Validation checks include:  Validation of certificate path  Certificate expiration  Validation of trusted CA ...

  • Page 26: Network Access Control

    It also provides control over what users can access your network and where they can go. Cisco's ISE includes over 200 Xerox product profiles that are ready for security policy enablement. This allows ISE to automatically detect Xerox products in your network. Xerox products are organized in Cisco ISE under product families, such as D-Series®...

  • Page 27: Contextual Endpoint Connection Management

    Xerox® Security Guide for Light Production Mono Class Products Prevent impersonation (aka spoofing) of a printer/MFP Automatically prevent connection of non-approved print products Smart rules-based policies to govern user interaction with network printing products  Provide simplified implementation of security policies for printers and MFPs by:...
  • Page 28 Xerox® Security Guide for Light Production Mono Class Products Endpoint Firewall Options Legacy Printers Legacy Copier/Printers D-Series® Copier/Printers 4110, 4112/4127, 4590 4110, 4112/4127, 4590 D95/D110/D125/D136 Firewall Stateful Packet Filter IP Whitelisting IP Whitelisting Stateful Firewall Not Supported Not Supported Not Supported...

  • Page 29: Device Security: Bios, Firmware, Os, Runtime, And Operational Security Controls

    Xerox® Security Guide for Light Production Mono Class Products 4 Device Security: BIOS, Firmware, OS, Runtime, and Operational security controls Legacy (4110/4112/4127) and D-Series® products have robust security features that are designed to protect the system from a wide range of threats. Below is a summary of some of the key The Marking Engines for the product contains the -iTRON 4.0 operating system.

  • Page 30: Pre-Boot Security

    Unlike open operating systems such as servers and user workstations in which software may be installed by users, Xerox products are based on embedded systems and the contents are managed by Xerox. The only means of modifying the contents of a device is by applying a firmware update package.

  • Page 31: Event Monitoring & Logging

     Network Firmware Update: Product system administrators can update product firmware using the Embedded Web Server. The ability to apply a firmware update is restricted to roles with system administrator or Xerox service permissions. Firmware updates can be disabled by a system administrator.

  • Page 32: Backup & Restore (Cloning)

    The CSE (Customer Service Engineer) Access Restriction allows customers to create an additional password that is independent of existing administrator passwords. This password must be supplied to allow service of the product. This password is not accessible to Xerox support and cannot be reset by Xerox service personnel.

  • Page 33: Configuration & Security Policy Management Solutions

    Xerox® Security Guide for Light Production Mono Class Products 5 Configuration & Security Policy Management Solutions Xerox Device Manager and Xerox CentreWare® Web (available as a free download) centrally manage Xerox Devices.

  • Page 34: Identification, Authentication, And Authorization

    The local user database stores user credential information. The printer uses this information for local authentication and authorization, and for Xerox ® Standard Accounting. When you configure local authentication, the printer checks the credentials that a user provides against the information in the user database.
  • Page 35 Xerox® Security Guide for Light Production Mono Class Products Network Authentication When configured for network authentication, user credentials are validated by a remote authentication server. Legacy Printers Legacy Copier/Printers D-Series® Copier/Printers 4110, 4112/4127, 4590 4110, 4112/4127, 4590 D95/D110/D125/D136 Network Authentication Providers...
  • Page 36  YSoft SafeQ: https://www.ysoft.com/en Contact your Xerox sales representative for details and other options. Simple Authentication (non-secure) Simple authentication is mentioned here for completeness. It is intended for environments where authentication is not required. It is used for customization only. When in this mode, users are not...

  • Page 37: Authorization (Role Based Access Controls)

    Control Lists) are stored in the local user database. Authorization privileges (referred to as permissions) can be assigned on a per user or group basis. Please note that Xerox products are designed to be customizable and support various workflows as well as security needs. User permissions include security-related permissions and non-security related workflow permissions (e.g.
  • Page 38 Xerox® Security Guide for Light Production Mono Class Products 2) LDAP authentication 3) SMB authentication Description of each authentication function follows. Kerberos authentication can avoid password interception and replay attack by using Kerberos protocol. The authentication steps using Kerberos are: a.
  • Page 39 Xerox® Security Guide for Light Production Mono Class Products The following modes are supported as the authentication methods in LDAP authentication. Since authentication on LDAP server is executed through Simple Bind using plain text, there is a risk of interception of User ID and password on network when LDAP protocol (port 389) is used. When LDAP server supports LDAPS protocol that uses secure channel using TLS, interception of User ID and password on network can be avoided by using LDAPS.

  • Page 40: Additional Information & Resources

    Xerox® Security Guide for Light Production Mono Class Products 7 Additional Information & Resources Security @ Xerox® Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see http://www.xerox.com/security. Responses to Known Vulnerabilities Xerox has created a document which details the Xerox Vulnerability Management and Disclosure Policy used in discovery and remediation of vulnerabilities in Xerox software and hardware.

  • Page 41: Appendix A: Product Security Profiles

    Xerox® Security Guide for Light Production Mono Class Products Appendix A: Product Security Profiles This appendix describes specific details of each Legacy (4110/4112/4127) and D-Series® Copier/Printer product.

  • Page 42: Legacy® 4110, 4112/4127, 4590 Eps Printers

    Xerox® Security Guide for Light Production Mono Class Products Legacy® 4110, 4112/4127, 4590 EPS Printers Physical Overview Bypass Tray User Interface Duplex Automatic Document Feeder (Not Included) Offset Catch Tray Dry Ink/Toner Waste Bottle Door Trays 1-3 Front Door Dry Ink/Toner Cover...
  • Page 43 Xerox® Security Guide for Light Production Mono Class Products Controller Non-Volatile Storage SD Card Required Contains User Data (E.g. Print, Scan, Fax) Encryption Support Configurable NIST 800-171 Overwrite Support Contains Configuration Settings Encryption Support Configurable Customer Erasable On Demand Note: Configuration settings may be erased by the reset to factory defaults feature.
  • Page 44 Xerox® Security Guide for Light Production Mono Class Products 512MB SDRAM Temporary SRAM 1Gbit (page storage (64M x memory) erased 16 bit) DIMM: variables when for IISS machine PWBA powered off. Additional Information: All memory listed above contains code for execution and configuration information.

  • Page 45: Legacy® 4110, 4112/4127, 4590 Copier/Printers

    Xerox® Security Guide for Light Production Mono Class Products Legacy® 4110, 4112/4127, 4590 Copier/Printers Physical Overview Bypass Tray User Interface Duplex Automatic Document Feeder (Not Included) Offset Catch Tray Dry Ink/Toner Waste Bottle Door Trays 1-3 Front Door Dry Ink/Toner Cover...
  • Page 46 Xerox® Security Guide for Light Production Mono Class Products Contains User Data (E.g. Print, Scan, Fax) Encryption Support Configurable NIST 800-171 Overwrite Support Contains Configuration Settings Encryption Support Configurable Customer Erasable On Demand Note: Configuration settings may be erased by the reset to factory defaults feature.
  • Page 47 Xerox® Security Guide for Light Production Mono Class Products Additional Information: All memory listed above contains code for execution and configuration information. No user or job data is stored in these locations. Controller Volatile Memory Size Type User How to Clear...

  • Page 48: D-Series® D95A/D110/D125/D136 Copier/Printers

    Xerox® Security Guide for Light Production Mono Class Products D-Series® D95A/D110/D125/D136 Copier/Printers Physical Overview Bypass Tray User Interface Duplex Automatic Document Feeder (Not Included) Offset Catch Tray Dry Ink/Toner Waste Bottle Door Trays 1-3 Front Door Dry Ink/Toner Cover Security Related Interfaces Ethernet 10/100/1000 MB Ethernet interface.
  • Page 49 Xerox® Security Guide for Light Production Mono Class Products Controller Non-Volatile Storage SD Card Optional Contains User Data (E.g. Print, Scan, Fax) Encryption Support Configurable NIST 800-171 Overwrite Support Contains Configuration Settings Customer Erasable On Demand Note: Configuration settings may be erased by the reset to factory defaults feature.
  • Page 50 Scan data stored by Scan to URL process remain on this partition until user retrieves data. 8 Xerox D95/D95A/D110/D125 Statement of Volatility ® ide0/j: Image Log remains on this partition until Image Log is transferred to server. Xerox ® D95/D95A/D110/D125 Copier/Printer does not support the Image Log feature and the partition is not used.
  • Page 51 Xerox® Security Guide for Light Production Mono Class Products Battery-backed Permanent storage of SRAM is not SRAM machine setting erased (MCU NVM data/job log data. User image when a main PWBA) data are not stored. switch is turned off. Not customer alterable.
  • Page 52 Xerox® Security Guide for Light Production Mono Class Products not stored. SEEPROM Permanent storage of Not customer (BP PWBA) machine setting data. User alterable. image data are not stored. Flash (ESS Permanent storage of Not customer PWBA) program data. User image alterable.

  • Page 53: Appendix B: Security Events

    Xerox® Security Guide for Light Production Mono Class Products Appendix B: Security Events Xerox Legacy® Security Events Event Description System startup Device name Device serial number System shutdown Device name Device serial number Manual ODIO Standard started Device name Device serial number...
  • Page 54 Xerox® Security Guide for Light Production Mono Class Products Audit Log Disabled Device name Device serial number Audit Log Enabled Device name Device serial number Copy Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID...
  • Page 55 Xerox® Security Guide for Light Production Mono Class Products Scan to Home job Job name or Dir name User Name Completion Status (Normal/Error) IIO status Accounting User ID-Name Accounting Account ID-Name total-number-net-destination net-destination Copy store job Job name or Dir name...
  • Page 56 Xerox® Security Guide for Light Production Mono Class Products Audit log Saved UserName Device name Device serial number Completion status UserName Device name Device serial number Completion Status (Enabled/Disabled/Terminated) X509 certificate UserName Device name Device serial number Completion Status (Created/uploaded/Downloaded).
  • Page 57 Xerox® Security Guide for Light Production Mono Class Products Process terminated Device name Device serial number Process name ODIO scheduled Device name Device serial number ODIO type (Full or Standard) Scheduled time ODIO status (Started/Completed/canceled) Completion Status (Success/Failed/Canceled) CPSR Backup...
  • Page 58 Xerox® Security Guide for Light Production Mono Class Products 802.1x UserName Enable/Disable/Configure Device Name Device Serial Number Completion Status (Success/Failed) Abnormal System Termination Device Name Device Serial Number Local Authentication UserName Device Name Device Serial Number Completion Status (Enabled/Disabled) Web User Interface Authentication...
  • Page 59 Xerox® Security Guide for Light Production Mono Class Products Remote UI session User Name Device Name Device Serial Number Completion Status (Initiated/Terminated) Remote Client IP Address Remote Scan Feature User Name Enable/Disable Device Name (TWAIN driver) Device Serial Number Competion Status (Enable/Disable)
  • Page 60 Xerox® Security Guide for Light Production Mono Class Products Digital Certificate Import Failure Device name User Name Device serial number Add/Delete User Name Password Change Security Mode EFax Job Secure Print Passcode UserName (managing passcodes) Device name Device serial number...
  • Page 61 Xerox® Security Guide for Light Production Mono Class Products Address Book Permissions UserName Machine Name Machine serial number Completion Status (SA Only/Open Access Enabled WebUI) / (SA Only/Open Access Enabled LocalUI) Address Book Export UserName Machine Name Machine serial number...
  • Page 62 Xerox® Security Guide for Light Production Mono Class Products Efax Passcode Length UserName (managing passcodes) Device name Device serial number Completion Status (Passcode Length Changed) Custom Authentication Login UserName Device name Device serial number Completion Status (Success or Failed) Custom Authentication...
  • Page 63 Xerox® Security Guide for Light Production Mono Class Products Mopria Print UserName enable / disable Device name Device serial number Completion Status Enable / Disable PoS credit card API enable / UserName disable Device name Device serial number Completion Status...
  • Page 64 Xerox® Security Guide for Light Production Mono Class Products Airprint & Mopria Scanning UserName Enable/Disable/Configure Device Name Device serial number Completion Status (Enable/Disable/Configured) Airprint & Mopria Scan Job Job name (if accepted) Submitted UserName (if available) IP address of submitting client...
  • Page 65 Xerox® Security Guide for Light Production Mono Class Products User or Group Role User name Assignment Device name Device serial number User or group name (assigned) Role name Action (added/removed) User Permission Role User name Device name Device serial number...
  • Page 66 Xerox® Security Guide for Light Production Mono Class Products Send Engineering Logs on Data User name (if available) Push Device name Device serial number Current setting (“Enabled” / “Disabled”) Allow the Print Submission of UserName (if available) Clone Files Device name Device serial numberCompletion status: (“Enabled”...
  • Page 67 Xerox® Security Guide for Light Production Mono Class Products One-Touch App Export User name Device name Device serial number Completion Status: (“Success” | “Failed”) Device File Distribution Trust User name Operations Device name Device serial number Member name Member serial number...
  • Page 68 Xerox® Security Guide for Light Production Mono Class Products POP3 Connection Encryption User Name (TLS) Device name Device serial number Completion Status: (“Enabled” | “Disabled” | “Configured”) FTP Browse User Name Device name Device serial number Completion Status: (“Enabled” | “Disabled” | “Configured”)

  • Page 69: D-S Eries ® S Ecurity E Vents

    Xerox® Security Guide for Light Production Mono Class Products D-Series® Security Events Event Description Started normally (cold boot) Started normally (warm boot) Booting due to forced LOG initialization Booting due to forced HDD initialization Shutdown requested Completion: (“Success” / “Failed”)
  • Page 70 Xerox® Security Guide for Light Production Mono Class Products File Name Copy Action Details Scan Encrypted, Signed, Destination Name, Sender Name Action Details, Destination Name, Sender Name Mailbox Action Details Print Reports Job Flow Service Jobs other than the above Completion: (“Success”...
  • Page 71 Xerox® Security Guide for Light Production Mono Class Products Self Test Auto Clear Timer Service Rep. Restricted Operation Print Reports Button External Code Integrity Check Authorization Access Method: (“Local” / “EWS” ) View Security Setting Host Name or IP Address...
  • Page 72 Xerox® Security Guide for Light Production Mono Class Products Category: (“Apps” / “Contacts” / “Connectivity”/ “Permissions”/ “System”) Import Cloning Data Completion: (“Replaced”) Important Parts Completion: (“Replaced” / “Installed” / “Removed”) Hard Disk ROM Version Change Communication Reliability When Reliability Communication Error...

This manual is also suitable for:

Legacy 4112Legacy seriesLegacy 4127Legacy 4590D95aD110 ... Show all

Table of Contents