XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Xerox WorkCentre Multifunction Systems Information Assurance Disclosure Paper Version 1.0 Prepared by: ™ 7755/7765/7775 Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester, New York 14623...
The information in this document is accurate to the best knowledge of the authors, and is provided without warranty of any kind. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Device Description WorkCentre products consist of two basic modules: a digital copier module that provides conventional copy functions and features, and a Network Controller that provides the capability to connect the copier to a LAN. CopyCentre models of these products are available which provide copy-only features and do not include a Network Controller.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Ethernet Port, USB Host Port Physical external Power Cord Interface Figure 2-2 TOE System Partitioning, single-board Controller configuration 2.1.2. Security Functions allocated to Subsystems Security Function Image Overwrite System Authentication Network Authentication Security Audit Cryptographic Operations User Data Protection –...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Security Function Security Management 2.2. Controller The Copy Controller and the Network Controller are the two main software components of the controller subsystem. Both components reside on the single controller board. The copy controller software and network controller software execute on a common processor within separate and unshared memory spaces and communicate with RPC calls.
* All residual customer data in de-allocated space can be overwritten using a three pass algorithm which conforms to U.S. Department of Defense Directive 5200.28.M. Xerox provides Immediate Image overwrite that overwrites user image data as soon as the job is complete plus the ability for the SA to overwrite the entire spool partition, if desired.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Scanner Video Habanero (SBC) Figure 2-5 Physical Map of Controller tray external connections Interface PSW USB Target Port USB Host Ports Ethernet FAX line 1, RJ-11 FAX line 2, RJ-11 Foreign Device Interface (FDI) Scanner 18.104.22.168.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper features. An Image Overwrite Security kit is available which enables both Immediate and On-Demand overwrite of any temporary image data created on the NC disk. The Network Controller also incorporates an open-source web server (Apache) that exports a Web User Interface (WebUI) through which users can submit jobs and check job and machine status, and through which System Administrators can remotely administer the machine.
Network Controller from kernel.org and modified by Xerox. consistent with Flaw Remediation, in which case the Xerox portion of the version number will be incremented. The crypto library for IPSec is provided by the kernel. A proprietary executive with no networking capability provides the operating environment for the copy controller.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper IP Filtering is also provided by the kernel. Figure 2-7 Network Controller Operating System layer components 2.7.3. Network Protocols Figure 2-3 is an interface diagram depicting the protocol stacks supported by the device, annotated according to the DARPA model.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 2-3 IPv4 Network Protocol Stack Ver. 1.01, April 2010 Page 12 of 40...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 2-4 IPv6 Network Protocol Stack 2.8. Logical Access [Multifunction models only] 2.8.1. Network Protocols The supported network protocols are listed in Appendix D and are implemented to industry standard specifications (i.e. they are compliant to the appropriate RFC) and are well-behaved protocols. There are no ‘Xerox unique’...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper otherwise insecure protocol. SNMP Traps may not be secure if either the client or the device has just been rebooted. IP Filtering can be useful to prevent SNMP calls from non-IPSec clients. Once an IPSec channel is established between two points, it stays open until one end reboots or goes into power saver,.
This feature is based on the Kerberos program from the Massachusetts Institute of Technology (MIT). The Kerberos network authentication protocol is publicly available on the Internet as freeware at http://web.mit.edu/kerberos/www/. Xerox has determined that there are no export restrictions on this version of the software. However, there are a few deviations our version of Kerberos takes from the standard Kerberos implementation from MIT.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper timeout (the usual default is 12 hours) or until the user removes it (prior to the timeout period). In the Xerox implementation, all traces of authentication of the user are removed once they have been authenticated to the device.
CA for signing. The signed device certificate is then uploaded to the device. Alternatively, the device will generate a self-signed certificate. In this case, the generic Xerox root CA certificate must be downloaded from the device and installed in the certificate store of the user’s browser.
If the device is set for local authentication, user account information will be kept in a local accounts database (see the discussion in Chapter 4 of Xerox Standard Accounting) and the authentication process will take place locally. The system administrator can assign authorization privileges on a per user basis.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Figure 3-1 Authentication and Authorization schematic Ver. 1.01, April 2010 Page 19 of 40...
PIN is required. The customer can set the PIN to anywhere from 3 to 12 digits in length. This PIN is stored in the Copy Controller NVM and is inaccessible to the user. Xerox strongly recommends that this PIN be changed from its default value immediately upon product installation.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 2) The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated. If (2) is successful, steps 3 – 5 proceed as described in 4 - 6 of Kerberos section.
3.4. Diagnostics 3.4.1. Service [All product configurations] To access onboard diagnostics from the local user interface, Xerox service representatives must enter a unique 4-digit password. This PIN is the same for all product configurations and cannot be changed. For additional security, a Xerox authorized service representative can enable a “secure diagnostics” mode.
(see next section). However, if this mode is entered, a Xerox unique serial protocol is used to communicate to the alt-boot code. All commands are DOS-type menu driven (i.e. type in a number to start a command). If a PSW is connected, the application on the PSW cannot be accessed without logging on with a password (see next section).
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper The communication process uses a Xerox proprietary protocol. Each packet passing back and forth will have a unique identifier (session key) with it for authentication and tracking purposes. All protocols are API based –...
3.4.5. Summary As stated above, accessibility of customer documents, files or network resources is impossible via the PSW. In the extremely unlikely event that someone did spoof the Xerox proprietary protocols, only diagnostic activities can be executed. Ver. 1.01, April 2010...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 4. Security Aspects of Selected Features 4.1. Audit Log The device maintains a security audit log. Recording of security audit log data can be enabled or disabled by the SA. The audit log is implemented as a circular log containing a maximum of 15000 event entries, meaning that once the maximum number of entries is reached, the log will begin overwriting the earliest entry.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Tagged Event index Ver. 1.01, April 2010 Event description net-destination. IFAX Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID total-number-of-smtp-recipients smtp-recipients Email job Job name User Name...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Tagged Event index Ver. 1.01, April 2010 Event description Completion status (Success or Failed). IIO feature status UserName Device name Device serial number IIO Status (enabled or disabled) SA pin changed UserName Device name...
Automatic Meter Reads (AMR) is a service that allows devices to electronically report meter readings back to Xerox. The Systems Administrator sets up the attributes for the AMR service via the web UI, including registering the device with the Xerox AMR server. Once enabled, the device will poll the Xerox AMR server daily over the network.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 4.4. Encrypted Partitions The network controller disk is encrypted using the AES algorithm with a 128-bit key. The key is generated dynamically on each boot, and is kept only in volatile memory. 4.5. Image Overwrite The Image Overwrite Security Option provides both Immediate Image Overwrite (IIO) and On-Demand Image Overwrite (ODIO) functions.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Please note that invocation of ODIO will cause currently processing print jobs to be aborted. However, scan jobs will not be aborted and so ODIO might fail. The user should insure that all scan jobs have been completed before invoking ODIO.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Responses to Known Vulnerabilities 5.1. Security @ Xerox (www.xerox.com/security) Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see www.xerox.com/security. Ver. 1.01, April 2010 Page 32 of 40...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper APPENDICES 6.1. Appendix A – Abbreviations Automatic Document Feeder Advanced Hardware Architecture, a proprietary compression Application Programming Interface Automatic Meter Reads ASIC Application-Specific Integrated Circuit. This is a custom integrated circuit that is unique to a specific product.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Management Information Base not applicable Network Controller NDPS Novell Distributed Print Services NETBEUI NETBIOS Extended User Interface NETBIOS Network Basic Input/Output System Network Operating System NVRAM Non-Volatile Random Access Memory Non-Volatile Memory ODIO...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.2. Appendix B – Supported MIB Objects NOTES : (1) The number of objects shown per MIB group represents the number of objects defined by the IETF standard for that MIB group. It does not represent the instantiation of the MIB group which may contain many more objects.
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper RFC 1759 - Printer MIB Group RFC 1213 - System group RFC 1213 - Interface group RFC 1514 - Storage group RFC 1514 - Device group General group [7 objects] Covers group [3 objects]...
Xerox MIBs supported = Network Connectivity, Job Monitoring, Scan-to-File, and Scan-to-LAN FAX features supported via Xerox MIBs supported w/ caveat = planned support within 2 - 3Q00 via Xerox web site, URL = www.xerox.com CentreWare Services supported...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.3. Appendix C –Standards Network Controller Hardware PCI Specification (PCI Local Bus Specification Revision 2.1) 100 Megabit Ethernet (IEEE 802.3) Universal Serial Bus 1.1 Parallel (IEEE 1284) IEEE 1394a (FireWire) Network Controller Software...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper Function Document Printing Application (DPA) Appletalk Printing Description Languages Postscript Language Reference, Third Edition PCL6 (PCL5E 5SI emulation) PCL6 (PCLXL 5M emulation) TIFF 6.0 JPEG Portable Document Format Reference Manual Version 1.3 Ver. 1.01, April 2010...
XEROX WorkCentre 7755/7765/7775 Information Assurance Disclosure Paper 6.4. Appendix E – References Kerberos os-faq.html IP port numbers Ver. 1.01, April 2010 http://www.nrl.navy.mil/CCS/people/kenh/kerber http://www.iana.org/assignments/port-numbers Page 40 of 40...