Xerox WorkCentre 6400 Information Manual page 21

XEROX WorkCentre 6400 Information Assurance Disclosure Paper
The device supports SNMPv3, which is an encrypted version of the SNMP protocol that uses a shared secret. Secure
Sockets Layer must be enabled before configuring the shared secret needed for SNMPv3.
2.8.2.9. Port 389, LDAP
This is the standard LDAP port used for address book queries in the Scan to Email feature.
2.8.2.10. Port 396, Netware
This configurable port is used when Novell Netware is enabled to run over IP.
2.8.2.11. Port 427, SLP
When activated, this port is used for service discovery and advertisement. The device will advertise itself as a printer
and also listen for SLP queries using this port. It is not configurable. This port is explicitly enabled / disabled in the
Properties tab of the device's web pages.
2.8.2.12. Port 443, SSL
This is the default port for Secure Sockets Layer communication. This port can be configured via the device's web
pages. SSL must be enabled before setting up either SNMPv3 or IPSec or before retrieving the audit log (see Sec.
4.1). SSL must also be enabled in order to use any of the Web Services (Scan Template Management, Automatic
Meter Reads, or Network Scanning Validation Service).
SSL should be enabled so that the device can be securely administered from the web UI. When scanning, SSL can be
used to secure the filing channel to a remote repository.
SSL uses X.509 certificates to establish trust between two ends of a communication channel. When storing scanned
images to a remote repository using an https: connection, the device must verify the certificate provided by the
remote repository. A Trusted Certificate Authority certificate should be uploaded to the device in this case.
To securely administer the device, the user's browser must be able to verify the certificate supplied by the device. A
certificate signed by a well-known Certificate Authority (CA) can be downloaded to the device, or the device can
generate a self-signed certificate. In the first instance, the device creates a Certificate Signing Request (CSR) that
can be downloaded and forwarded to the well-known CA for signing. The signed device certificate is then uploaded
to the device. Alternatively, the device will generate a self-signed certificate. In this case, the generic Xerox root CA
certificate must be downloaded from the device and installed in the certificate store of the user's browser.
The device supports only server authentication.
2.8.2.13. Port 515, LPR
This is the standard LPR printing port, which only supports IP printing. It is a configurable port, and may be explicitly
enabled or disabled in the Properties tab of the device's web pages.
2.8.2.14. Port 631, IPP
This port supports the Internet Printing Protocol. It is not configurable. This is disabled when the http server is
disabled.
2.8.2.15. Port 1900, SSDP
This port behaves similarly to the SLP port. When activated, this port is used for service discovery and advertisement.
The device will advertise itself as a printer and also listen for SSDP queries using this port. It is not configurable. This
port is explicitly enabled / disabled in the Properties tab of the device's web pages.
2.8.2.16. Port 3003, http/SNMP reply
This port is used when the http server requests device information. The user displays the Web User Interface
(WebUI) and goes to a page where the http server must query the device for settings (e.g. Novell network settings).
The http server queries the machine via an internal SNMP request (hence this port can only open when the http
server is active). The machine replies back to the http server via this port. It sends the reply to the loopback address
(127.0.0.0), which is internally routed to the http server. This reply is never transmitted on the network. Only SNMP
replies are accepted by this port, and this port is active when the http server is active (i.e. if the http server is disabled,
this port will be closed). If someone attempted to send an SNMP reply to this port via the network, the reply would
have to contain the correct sequence number, which is highly unlikely, since the sequence numbers are internal to the
machine.
Ver. 1.00, May 2010
21
Page 21 of 44