Xerox WorkCentre 6400 Information Manual
  1. Manuals
  2. Brands
  3. Xerox Manuals
  4. All in One Printer
  5. WorkCentre 6400
  6. Information manual
Xerox WorkCentre 6400 Information Manual

Xerox WorkCentre 6400 Information Manual

Mfps information assurance disclosure paper
Hide thumbs Also See for WorkCentre 6400:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Service Manual, Configuration Manual

Xerox WorkCentre 6400

Multifunction System
Information Assurance Disclosure Paper
Version 1.0
Prepared by:
Larry Kovnat
Xerox Corporation
1350 Jefferson Road
Rochester, New York 14623

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the WorkCentre 6400 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Xerox WorkCentre 6400

Summary of Contents for Xerox WorkCentre 6400

  • Page 1: Xerox Workcentre

    Xerox WorkCentre 6400 Multifunction System Information Assurance Disclosure Paper Version 1.0 Prepared by: Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester, New York 14623...
  • Page 2 XEROX WorkCentre 6400 Information Assurance Disclosure Paper ©2010 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and/or other counties. Other company trademarks are also acknowledged. Document Version: 1.00 (May 2010).

  • Page 3: Table Of Contents

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper INTRODUCTION ..........................5 1.1. Purpose ....................................5 1.2. Target Audience ................................5 1.3. Disclaimer ..................................5 DEVICE DESCRIPTION........................6 2.1. Security-relevant Subsystems ............................. 6 2.1.1. Physical Partitioning..................................6 2.1.2. Security Functions allocated to Subsystems ........................7 2.2.
  • Page 4 XEROX WorkCentre 6400 Information Assurance Disclosure Paper 3.2. Login and Authentication Methods ........................25 3.2.1. System Administrator Login [All product configurations] ...................25 3.2.2. User authentication..................................25 3.3. System Accounts ................................27 3.3.1. Printing [Multifunction models only]............................27 3.3.2. Network Scanning [Multifunction models only] ......................27 3.4.

  • Page 5: Introduction

    The information in this document is accurate to the best knowledge of the authors, and is provided without warranty of any kind. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages.

  • Page 6: Device Description

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Device Description This product consists of an in put document handler and scanner, marking engine including paper path, controller, and user interface. Not shown in the picture below are optional additional paper trays and an optional finisher.

  • Page 7: Security Functions Allocated To Subsystems

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Human Interface Original Power Button Documents Scanner / Document Handler Image Output Hardcopy Terminal (also Ethernet Port, Paper output interface Controller/GUI known as Marking (Finisher) USB Target Port, UI Engine) Physical external Power Cord...

  • Page 8: Controller

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Security Function Subsystem Security Management Controller Graphical User Interface Table 1 Security Functions allocated to Subsystems 2.2. Controller 2.2.1. Purpose The controller provides both network and direct-connect external interfaces, and enables print, email, network scan, server fax, internet FAX, and LanFAX functionality.
  • Page 9 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Non-Volatile Memory Description Type (Flash, EEPROM, etc) Size User Modifiable Function or Use Process to Clear: (Y/N) Flash 16MB via Diagnostics & U-Boot, IOTIF FPGA code, sw upgrade Diagnostic Software Upgrade boot mgr, kernel [CC]...

  • Page 10: External Connections

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 2.2.3. External Connections Scanner/UI USB Host Type A 10/100/1000 ethernet USB Target Type B Foreign Device I/F Figure 2-3 Back panel connections Interface Description / Usage Scanner Proprietary connection between the scanner and...

  • Page 11: Usb Host Port

    For example, the fax address book can be saved and restored by a service technician. There is no method for a user, administrator or technician to move image data from the WorkCentre 6400 to a USB device.

  • Page 12: Scanner

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 2.4. Scanner 2.4.1. Purpose The purpose of the scanner is to provide mechanical transport of hardcopy originals and to convert hardcopy originals to electronic data. 2.4.2. Hardware The scanner converts the image from hardcopy to electronic data. An optional document handler moves originals into a position to be scanned.

  • Page 13: Marking Engine (Also Known As The Image Output Terminal Or Iot)

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Volatile Memory Description Type (SRAM, DRAM, etc) Size User Modifiable Function or Use Process to Clear: (Y/N) SRAM within the FPGA 87KB Display logic, data buffers Power Off System Additional Information: All memory listed above contains code for execution and configuration information. No user or job data is permanently stored in this location.

  • Page 14: System Software Structure

    The OS layer includes the operating system, network and physical I/O drivers. The controller operating system is Wind River Linux, kernel v. 2.6.20+. Xerox may issue security patchesfor the OS, in which case the Xerox portion of the version number (i.e.. after the ‘+’ sign) will be incremented.

  • Page 15: Network Protocols

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Figure 2-4 Controller Operating System layer components 2.7.3. Network Protocols Figure 2-5 is an interface diagram depicting the protocol stacks supported by the device, annotated according to the DARPA model. Ver. 1.00, May 2010...
  • Page 16 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Figure 2-5 IPv4 Network Protocol Stack Ver. 1.00, May 2010 Page 16 of 44...

  • Page 17: Logical Access

    2.8.1. Network Protocols The supported network protocols are listed in Appendix D and are implemented to industry standard specifications (i.e. they are compliant to the appropriate RFC) and are well-behaved protocols. There are no ‘Xerox unique’ additions to these protocols.

  • Page 18: Ports

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper device-initiated operations (like scanning) cannot assume the existence of the tunnel unless a print job (or other client initiated action) has been previously run since the last boot at either end of the connection.
  • Page 19 This feature is based on the Kerberos program from the Massachusetts Institute of Technology (MIT). The Kerberos network authentication protocol is publicly available on the Internet as freeware at http://web.mit.edu/kerberos/www/. Xerox has determined that there are no export restrictions on this version of the Ver. 1.00, May 2010...
  • Page 20 It was determined during the implementation of Kerberos for our device that it would be too difficult for the user/SA to keep the device clock in sync with the Kerberos server, so the Xerox instantiation of Kerberos has the clock skew check removed. The disadvantage is that this gives malicious users unlimited time to reverse engineer the user’s key.
  • Page 21 CA for signing. The signed device certificate is then uploaded to the device. Alternatively, the device will generate a self-signed certificate. In this case, the generic Xerox root CA certificate must be downloaded from the device and installed in the certificate store of the user’s browser.

  • Page 22: Ip Filtering

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 2.8.2.17. Port 9100, raw IP This allows downloading a PDL file directly to the interpreter. This port has limited bi-directionality (via PJL back channel) and allows printing only. This is a configurable port, and may be disabled in the Properties tab of the device’s web pages.

  • Page 23: System Access

    If the device is set for local authentication, user account information will be kept in a local accounts database (see the discussion in Chapter 4 of Xerox Standard Accounting) and the authentication process will take place locally. The system administrator can assign authorization privileges on a per user basis. User access to services will be provided based on the privileges set for each user in the local accounts database.
  • Page 24 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Figure 3-1 Authentication and Authorization schematic Ver. 1.00, May 2010 Page 24 of 44...

  • Page 25: Login And Authentication Methods

    The customer can set the PIN to anywhere from 3 to 31digits in length. This PIN is stored in the Copy Controller NVM and is inaccessible to the user. Xerox strongly recommends that this PIN be changed from its default value immediately upon product installation.
  • Page 26 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Authentication Steps: The device sends an authentication request directly to the Domain Controller through the router using the IP address of the Domain Controller. The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated.

  • Page 27: System Accounts

    3.4. Diagnostics 3.4.1. Service [All product configurations] To access onboard diagnostics from the local user interface, Xerox service representatives must enter a unique 4-digit password. This PIN is the same for all product configurations and cannot be changed. 3.4.2. tty Mode When the Network Controller has completed booting a login line will be displayed.

  • Page 28: Summary

    3.4.3. Summary As stated above, accessibility of customer documents, files or network resources is impossible via the PSW. In the extremely unlikely event that someone did spoof the Xerox proprietary protocols, only diagnostic activities can be executed. Ver. 1.00, May 2010...

  • Page 29: Security Aspects Of Selected Features

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 4. Security Aspects of Selected Features 4.1. Audit Log The device maintains a security audit log. Recording of security audit log data can be enabled or disabled by the SA. The audit log is implemented as a circular log containing a maximum of 15000 event entries, meaning that once the maximum number of entries is reached, the log will begin overwriting the earliest entry.
  • Page 30 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Event Event description Entry Data IFAX Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID total-number-of-smtp-recipients smtp-recipients Email job Job name User Name Completion Status IIO status Accounting User ID...
  • Page 31 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Event Event description Entry Data USB Thumbdrive UserName Device name Device serial number USB port Completion Status (Enabled/Disabled) Scan to Home UserName Device name Device serial number Completion Status (Enabled/Disabled) Scan to Home job...
  • Page 32 XEROX WorkCentre 6400 Information Assurance Disclosure Paper Event Event description Entry Data UserName Device name Device serial number Completion status (Enabled/Disabled). X509 certificate UserName Device name Device serial number Completion Status (Created/uploaded/Downloaded). IP sec UserName Device name Device serial number Completion Status (Configured/enabled/disabled).

  • Page 33: Xerox Standard Accounting

    Systems Administrator sets up the attributes for the AMR service via the web UI, including registering the device with the Xerox AMR server. Once enabled, the device will poll the Xerox AMR server daily over the network. The server will check whether it is time in the monthly billing cycle to update the meter readings.

  • Page 34: Image Overwrite

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 4.5. Image Overwrite The Image Overwrite Security feature provides both Immediate Image Overwrite (IIO) and On-Demand Image Overwrite (ODIO) functions. Immediately before a job is considered complete, IIO will overwrite any temporary files associated with print, network scan, internet fax, network fax, or e-mail jobs that had been created on the Controller Hard Disks.

  • Page 35: Overwrite Timing

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 4.5.3. Overwrite Timing The ODIO overwrite time is dependent on the type of hard disk in the product. The overwrite and reset average time is 10 minutes, but longer times are possible. IIO is performed as a background operation, with no user-perceivable reduction in copy, print or scan performance.

  • Page 36: Responses To Known Vulnerabilities

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper Responses to Known Vulnerabilities 5.1. Security @ Xerox (www.xerox.com/security) Xerox maintains an evergreen public web page that contains the latest security information pertaining to its products. Please see www.xerox.com/security. Ver. 1.00, May 2010 Page 36 of 44...

  • Page 37: Appendices

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper APPENDICES 6.1. Appendix A – Abbreviations Application Programming Interface Automatic Meter Reads ASIC Application-Specific Integrated Circuit. This is a custom integrated circuit that is unique to a specific product. Customer Service Engineer DADF/DADH...
  • Page 38 XEROX WorkCentre 6400 Information Assurance Disclosure Paper ODIO On-Demand Image Overwrite Printer Control Language Page Description Language Personal Identification Number PWBA Printed Wire Board Assembly Required Functional Capability System Administrator Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory...

  • Page 39: Appendix B - Supported Mib Objects

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 6.2. Appendix B – Supported MIB Objects NOTES : (1) The number of objects shown per MIB group represents the number of objects defined by the IETF standard for that MIB group. It does not represent the instantiation of the MIB group which may contain many more objects.
  • Page 40 XEROX WorkCentre 6400 Information Assurance Disclosure Paper RFC 1759 - Printer MIB Group WorkCentre RFC 1213 - System group supported RFC 1213 - Interface group supported RFC 1514 - Storage group supported RFC 1514 - Device group supported General group [7 objects]...
  • Page 41 = Network Connectivity, Job Monitoring, Scan-to-File, and Scan-to-LAN FAX features supported via Xerox MIBs Vendor-specific MIBs provided to customer supported w/ caveat = planned support within 2 - 3Q00 via Xerox web site, URL = www.xerox.com Vendor-specific client application(s) provided...

  • Page 42: Appendix C -Standards

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 6.3. Appendix C –Standards Controller Hardware PCI Specification (PCI Local Bus Specification Revision 2.1) 100 Megabit Ethernet (IEEE 802.3) Universal Serial Bus 1.1 Parallel (IEEE 1284) IEEE 1394a (FireWire) Controller Software Function RFC/Standard...
  • Page 43 XEROX WorkCentre 6400 Information Assurance Disclosure Paper RFC/Standard Function Appletalk Inside Appletalk, Second Edition Printing Description Languages Postscript Language Reference, Third Edition PCL6 (PCL5E 5SI emulation) PCL6 (PCLXL 5M emulation) TIFF 6.0 JPEG Portable Document Format Reference Manual Version 1.3 Ver.

  • Page 44: Ver. 1.00, May 2010

    XEROX WorkCentre 6400 Information Assurance Disclosure Paper 6.4. Appendix E – References Kerberos FAQ http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html IP port numbers http://www.iana.org/assignments/port-numbers Ver. 1.00, May 2010 Page 44 of 44...

Table of Contents