Table of Contents
Advertisement
Xerox® Security Guide for Light Production Mono Class Products
o
Prevent impersonation (aka spoofing) of a printer/MFP
o
Automatically prevent connection of non-approved print products
o
Smart rules-based policies to govern user interaction with network printing products
Provide simplified implementation of security policies for printers and MFPs by:
o
Providing real time policy violation alerts and logging
o
Enforcing network segmentation policy
o
Isolating the printing products to prevent general access to printers and MFPs in
restricted areas
Automated access to policy enforcement
Provide extensive reporting of printing product network activity
Network Access Control
Cisco ISE
Contextual Endpoint Connection Management
Traditionally network connection management has been limited to managing endpoints by IP address and
use of VLANs and firewalls. This is effective, but highly complex to manage for every endpoint on a
network. Managing, maintaining, and reviewing the ACLs (and the necessary change management and
audit processes to support them) quickly become prohibitively expensive. It also lacks the ability to
manage endpoints contextually.
Connectivity of D-Series® Copier/Printer devices can be fully managed contextually by Cisco
TrustSec. TrustSec uses Security Group Tags (SGT) that are associated with an endpoint's user, device,
and location attributes. SG-ACLs can also block unwanted traffic so that malicious reconnaissance
activities and even remote exploitation from malware can be effectively prevented.
FIPS140-2 Compliance Validation
When enabled, the product will validate its current configuration to identify cryptographic modules in use.
Modules which are not FIPS 140-2 (Level 1) compliant will be reported.
Legacy and D-Series® products include FIPS compliant algorithms of Kerberos, however an exception
can be approved to run these in non-FIPS compliant mode when configured for non-FIPS algorithms.
Legacy and D-Series® products use encryption algorithms for Kerberos, SMB, and PDF Direct Print
Service that are not approved by FIPS140-2. They can however operate in FIPS140-2 approved Mode in
order to maintain compatibility with conventional products after an exception is approved by a system
administrator. They do not use FIPS compliant algorithms when in this configuration.
Additional Network Security Controls
Additional network security controls are discussed in the following sections.
Legacy Printers
Legacy Copier/Printers D-Series® Copier/Printers
4110, 4112/4127, 4590
4110, 4112/4127, 4590
EPS
(Not Supported)
(Not Supported)
D95/D110/D125/D136
Supported
Hide quick links:
Advertisement
Table of Contents
