Xerox WORKCENTRE 7755 Information Manual
  1. Manuals
  2. Brands
  3. Xerox Manuals
  4. All in One Printer
  5. WORKCENTRE 7755
  6. Information manual
Xerox WORKCENTRE 7755 Information Manual

Xerox WORKCENTRE 7755 Information Manual

Information assurance disclosure paper
Hide thumbs Also See for XEROX WORKCENTRE 7755:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual, System Administrator Manual

Xerox WorkCentre

Multifunction Systems
Information Assurance Disclosure Paper
Version 1.0
Prepared by:
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper
Larry Kovnat
Xerox Corporation
1350 Jefferson Road
Rochester, New York 14623
7755/7765/7775

Advertisement

Table of Contents
loading

Related Manuals for Xerox XEROX WORKCENTRE 7755

Summary of Contents for Xerox XEROX WORKCENTRE 7755

  • Page 1: Xerox Workcentre

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Xerox WorkCentre Multifunction Systems Information Assurance Disclosure Paper Version 1.0 Prepared by: ™ 7755/7765/7775 Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester, New York 14623...
  • Page 2 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper ©2010 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and/or other counties. Other company trademarks are also acknowledged. Document Version: 1.01 (April 2010).

  • Page 3: Target Audience

    The information in this document is accurate to the best knowledge of the authors, and is provided without warranty of any kind. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages.

  • Page 4: Device Description

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Device Description WorkCentre products consist of two basic modules: a digital copier module that provides conventional copy functions and features, and a Network Controller that provides the capability to connect the copier to a LAN. CopyCentre models of these products are available which provide copy-only features and do not include a Network Controller.

  • Page 5: Security Functions Allocated To Subsystems

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Ethernet Port, USB Host Port Physical external Power Cord Interface Figure 2-2 TOE System Partitioning, single-board Controller configuration 2.1.2. Security Functions allocated to Subsystems Security Function Image Overwrite System Authentication Network Authentication Security Audit Cryptographic Operations User Data Protection –...
  • Page 6 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Security Function Security Management 2.2. Controller The Copy Controller and the Network Controller are the two main software components of the controller subsystem. Both components reside on the single controller board. The copy controller software and network controller software execute on a common processor within separate and unshared memory spaces and communicate with RPC calls.

  • Page 7: External Connections

    * All residual customer data in de-allocated space can be overwritten using a three pass algorithm which conforms to U.S. Department of Defense Directive 5200.28.M. Xerox provides Immediate Image overwrite that overwrites user image data as soon as the job is complete plus the ability for the SA to overwrite the entire spool partition, if desired.

  • Page 8: Internal Interfaces

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Scanner Video Habanero (SBC) Figure 2-5 Physical Map of Controller tray external connections Interface PSW USB Target Port USB Host Ports Ethernet FAX line 1, RJ-11 FAX line 2, RJ-11 Foreign Device Interface (FDI) Scanner 2.2.1.4.

  • Page 9: Fax Card

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper features. An Image Overwrite Security kit is available which enables both Immediate and On-Demand overwrite of any temporary image data created on the NC disk. The Network Controller also incorporates an open-source web server (Apache) that exports a Web User Interface (WebUI) through which users can submit jobs and check job and machine status, and through which System Administrators can remotely administer the machine.

  • Page 10: Graphical User Interface (Gui)

    Network Controller from kernel.org and modified by Xerox. consistent with Flaw Remediation, in which case the Xerox portion of the version number will be incremented. The crypto library for IPSec is provided by the kernel. A proprietary executive with no networking capability provides the operating environment for the copy controller.

  • Page 11: Network Protocols

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper IP Filtering is also provided by the kernel. Figure 2-7 Network Controller Operating System layer components 2.7.3. Network Protocols Figure 2-3 is an interface diagram depicting the protocol stacks supported by the device, annotated according to the DARPA model.
  • Page 12 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 2-3 IPv4 Network Protocol Stack Ver. 1.01, April 2010 Page 12 of 40...
  • Page 13 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 2-4 IPv6 Network Protocol Stack 2.8. Logical Access [Multifunction models only] 2.8.1. Network Protocols The supported network protocols are listed in Appendix D and are implemented to industry standard specifications (i.e. they are compliant to the appropriate RFC) and are well-behaved protocols. There are no ‘Xerox unique’...
  • Page 14 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper otherwise insecure protocol. SNMP Traps may not be secure if either the client or the device has just been rebooted. IP Filtering can be useful to prevent SNMP calls from non-IPSec clients. Once an IPSec channel is established between two points, it stays open until one end reboots or goes into power saver,.
  • Page 15 This feature is based on the Kerberos program from the Massachusetts Institute of Technology (MIT). The Kerberos network authentication protocol is publicly available on the Internet as freeware at http://web.mit.edu/kerberos/www/. Xerox has determined that there are no export restrictions on this version of the software. However, there are a few deviations our version of Kerberos takes from the standard Kerberos implementation from MIT.
  • Page 16 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper timeout (the usual default is 12 hours) or until the user removes it (prior to the timeout period). In the Xerox implementation, all traces of authentication of the user are removed once they have been authenticated to the device.
  • Page 17 CA for signing. The signed device certificate is then uploaded to the device. Alternatively, the device will generate a self-signed certificate. In this case, the generic Xerox root CA certificate must be downloaded from the device and installed in the certificate store of the user’s browser.

  • Page 18: System Access

    If the device is set for local authentication, user account information will be kept in a local accounts database (see the discussion in Chapter 4 of Xerox Standard Accounting) and the authentication process will take place locally. The system administrator can assign authorization privileges on a per user basis.
  • Page 19 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 3-1 Authentication and Authorization schematic Ver. 1.01, April 2010 Page 19 of 40...

  • Page 20: Login And Authentication Methods

    PIN is required. The customer can set the PIN to anywhere from 3 to 12 digits in length. This PIN is stored in the Copy Controller NVM and is inaccessible to the user. Xerox strongly recommends that this PIN be changed from its default value immediately upon product installation.
  • Page 21 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 2) The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated. If (2) is successful, steps 3 – 5 proceed as described in 4 - 6 of Kerberos section.

  • Page 22: System Accounts

    3.4. Diagnostics 3.4.1. Service [All product configurations] To access onboard diagnostics from the local user interface, Xerox service representatives must enter a unique 4-digit password. This PIN is the same for all product configurations and cannot be changed. For additional security, a Xerox authorized service representative can enable a “secure diagnostics” mode.

  • Page 23: Tty Mode

    (see next section). However, if this mode is entered, a Xerox unique serial protocol is used to communicate to the alt-boot code. All commands are DOS-type menu driven (i.e. type in a number to start a command). If a PSW is connected, the application on the PSW cannot be accessed without logging on with a password (see next section).
  • Page 24 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper The communication process uses a Xerox proprietary protocol. Each packet passing back and forth will have a unique identifier (session key) with it for authentication and tracking purposes. All protocols are API based –...
  • Page 25 3.4.5. Summary As stated above, accessibility of customer documents, files or network resources is impossible via the PSW. In the extremely unlikely event that someone did spoof the Xerox proprietary protocols, only diagnostic activities can be executed. Ver. 1.01, April 2010...

  • Page 26: Security Aspects Of Selected Features

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 4. Security Aspects of Selected Features 4.1. Audit Log The device maintains a security audit log. Recording of security audit log data can be enabled or disabled by the SA. The audit log is implemented as a circular log containing a maximum of 15000 event entries, meaning that once the maximum number of entries is reached, the log will begin overwriting the earliest entry.
  • Page 27 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Tagged Event index Ver. 1.01, April 2010 Event description net-destination. IFAX Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID total-number-of-smtp-recipients smtp-recipients Email job Job name User Name...
  • Page 28 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Tagged Event index Ver. 1.01, April 2010 Event description Completion status (Success or Failed). IIO feature status UserName Device name Device serial number IIO Status (enabled or disabled) SA pin changed UserName Device name...

  • Page 29: Xerox Standard Accounting

    Automatic Meter Reads (AMR) is a service that allows devices to electronically report meter readings back to Xerox. The Systems Administrator sets up the attributes for the AMR service via the web UI, including registering the device with the Xerox AMR server. Once enabled, the device will poll the Xerox AMR server daily over the network.

  • Page 30: Encrypted Partitions

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 4.4. Encrypted Partitions The network controller disk is encrypted using the AES algorithm with a 128-bit key. The key is generated dynamically on each boot, and is kept only in volatile memory. 4.5. Image Overwrite The Image Overwrite Security Option provides both Immediate Image Overwrite (IIO) and On-Demand Image Overwrite (ODIO) functions.

  • Page 31: Overwrite Timing

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Please note that invocation of ODIO will cause currently processing print jobs to be aborted. However, scan jobs will not be aborted and so ODIO might fail. The user should insure that all scan jobs have been completed before invoking ODIO.

  • Page 32: Responses To Known Vulnerabilities

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Responses to Known Vulnerabilities 5.1. Security @ Xerox (www.xerox.com/security) Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see www.xerox.com/security. Ver. 1.01, April 2010 Page 32 of 40...

  • Page 33: Appendix A - Abbreviations

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper APPENDICES 6.1. Appendix A – Abbreviations Automatic Document Feeder Advanced Hardware Architecture, a proprietary compression Application Programming Interface Automatic Meter Reads ASIC Application-Specific Integrated Circuit. This is a custom integrated circuit that is unique to a specific product.
  • Page 34 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Management Information Base not applicable Network Controller NDPS Novell Distributed Print Services NETBEUI NETBIOS Extended User Interface NETBIOS Network Basic Input/Output System Network Operating System NVRAM Non-Volatile Random Access Memory Non-Volatile Memory ODIO...

  • Page 35: Appendix B - Supported Mib Objects

    XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.2. Appendix B – Supported MIB Objects NOTES : (1) The number of objects shown per MIB group represents the number of objects defined by the IETF standard for that MIB group. It does not represent the instantiation of the MIB group which may contain many more objects.
  • Page 36 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper RFC 1759 - Printer MIB Group RFC 1213 - System group RFC 1213 - Interface group RFC 1514 - Storage group RFC 1514 - Device group General group [7 objects] Covers group [3 objects]...
  • Page 37 Xerox MIBs supported = Network Connectivity, Job Monitoring, Scan-to-File, and Scan-to-LAN FAX features supported via Xerox MIBs supported w/ caveat = planned support within 2 - 3Q00 via Xerox web site, URL = www.xerox.com CentreWare Services supported...
  • Page 38 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.3. Appendix C –Standards Network Controller Hardware PCI Specification (PCI Local Bus Specification Revision 2.1) 100 Megabit Ethernet (IEEE 802.3) Universal Serial Bus 1.1 Parallel (IEEE 1284) IEEE 1394a (FireWire) Network Controller Software...
  • Page 39 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Function Document Printing Application (DPA) Appletalk Printing Description Languages Postscript Language Reference, Third Edition PCL6 (PCL5E 5SI emulation) PCL6 (PCLXL 5M emulation) TIFF 6.0 JPEG Portable Document Format Reference Manual Version 1.3 Ver. 1.01, April 2010...
  • Page 40 XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.4. Appendix E – References Kerberos os-faq.html IP port numbers Ver. 1.01, April 2010 http://www.nrl.navy.mil/CCS/people/kenh/kerber http://www.iana.org/assignments/port-numbers Page 40 of 40...

This manual is also suitable for:

Workcentre 7765Workcentre 7775

Table of Contents