Xerox 5775, 5790, 5745, 5740, 5735, 5755 manual Port 88, Kerberos, Port 110, POP-3 Client

Page 19

XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper

2.8.2.5.Port 88, Kerberos

This port is only open when the device is communicating with the Kerberos server to authenticate a user, and is only used only to authenticate users in conjunction with the Network Scanning feature. To disable this port, authentication must be disabled, and this is accomplished via the Local User Interface.

This version of software has Kerberos 5.1.1 with DES (Data Encryption Standard) and 64-bit encryption. The Kerberos code is limited to user authentication, and is used to authenticate a user with a given Kerberos server as a valid user on the network. Please note that the Kerberos server (a 3rd party device) needs to be set up for each user. Once the user is authenticated, the Kerberos software has completed its task. This code will not and cannot be used to encrypt or decrypt documents or other information.

This feature is based on the Kerberos program from the Massachusetts Institute of Technology (MIT). The Kerberos network authentication protocol is publicly available on the Internet as freeware at http://web.mit.edu/kerberos/www/. Xerox has determined that there are no export restrictions on this version of the software. However, there are a few deviations our version of Kerberos takes from the standard Kerberos implementation from MIT. These deviations are:

1)The device does not keep a user’s initial authentication and key after the user has been authenticated. In a standard Kerberos implementation, once a user is authenticated, the device holds onto the authentication for a programmed timeout (the usual default is 12 hours) or until the user removes it (prior to the timeout period). In the Xerox implementation, all traces of authentication of the user are removed once they have been authenticated to the device. The user can send any number of jobs until the user logs off the system, either manually or through system timeout.

2)The device ignores clock skew errors. In a standard implementation of Kerberos, authentication tests will fail if a device clock is 5 minutes (or more) different from the Kerberos server. The reason for this is that given enough time, someone could reverse engineer the authentication and gain access to the network. With the 5-minute timeout, the person has just 5 minutes to reverse engineer the authentication and the key before it becomes invalid. It was determined during the implementation of Kerberos for our device that it would be too difficult for the user/SA to keep the device clock in sync with the Kerberos server, so the Xerox instantiation of Kerberos has the clock skew check removed. The disadvantage is that this gives malicious users unlimited time to reverse engineer the user’s key. However, since this key is only valid to access the Network Scanning features on a device, possession of this key is of little use for nefarious purposes.

3)The device ignores much of the information provided by Kerberos for authenticating. For the most part, the device only pays attention to information that indicates whether authentication has passed. Other information that the server may return (e.g. what services the user is authenticated for) is ignored or disabled in the Xerox implementation. This is not an issue since the only service a user is being authenticated for is access to an e- mail directory. No other network services are accessible from the Local UI.

Xerox has received an opinion from its legal counsel that the device software, including the implementation of a Kerberos encryption protocol in its network authentication feature, is not subject to encryption restrictions based on Export Administration Regulations of the United States Bureau of Export Administration (BXA). This means that it can be exported from the United States to most destinations and purchasers without the need for previous approval from or notification to BXA. At the time of the opinion, restricted destinations and entities included terrorist- supporting states (Cuba, Iran, Libya, North Korea, Sudan and Syria), their nationals, and other sanctioned entities such as persons listed on the Denied Parties List. Xerox provides this information for the convenience of its customers and not as legal advice. Customers are encouraged to consult with legal counsel to assure their own compliance with applicable export laws.

2.8.2.6.Port 110, POP-3 Client

This unidirectional port is used when receiving an Internet Fax (I-Fax) or E-Mail. These jobs may only be printed, and the port is only open if I-Fax is enabled and while receiving the job. It is not configurable.

Ver. 2.00, March 2011

Page 19 of 50

Page 18 Page 20
Image 19
Page 18 Page 20
Contents Xerox WorkCentre Page Device Description Target AudienceSecurity Aspects of Selected Features Target Audience PurposeDisclaimer Physical Partitioning Security-relevant SubsystemsSecurity Functions allocated to Subsystems System functional block diagramSecurity Functions allocated to Subsystems ControllerPurpose Memory ComponentsHard Disk Drives Controller memory componentsUSB Ports External ConnectionsController External Connections USB Ports Fax ModuleScanner HardwareScanner memory components Graphical User Interface GUIOS Layer in the Controller System Software StructureControl and Data Interfaces Open-source componentsController Operating System layer components IPv4 Network Protocol Stack Network ProtocolsIPSec Logical AccessPort 68, Dhcp PortsPort 25, Smtp Port 53, DNSServer Port 80, HttpPort 110, POP-3 Client Port 88, KerberosPort 396, Netware Ports 137, 138, 139, NetbiosPorts 161, 162, Snmp Port 389, LdapIP Filtering Authentication Model System AccessAuthentication and Authorization schematic Kerberos Authentication Solaris or Windows 2000/Windows Login and Authentication MethodsSystem Administrator Login All product configurations User authenticationDomain Controller Printing Multifunction models only System AccountsNetwork Scanning Multifunction models only Tty Mode DiagnosticsService All product configurations Alternate Boot via Serial PortAccess Accessible Data Summary Audit Log Security Aspects of Selected FeaturesIfax Event Event description Entry Data SSL System startup Device name Device serial number Ifax Event Event description Entry Data SSL Xerox Standard Accounting Encrypted Partitions Automatic Meter ReadsImage Overwrite User Behavior AlgorithmOverwrite Timing Responses to Known Vulnerabilities Appendix a Abbreviations System Administrator Non-Volatile Random Access MemoryPortable Service Workstation Printed Wire Board AssemblyTerm Definition Appendix B Supported MIB ObjectsSnmp version / Network Transport support WorkCentre RFC 1514 Host Resources MIB group WorkCentre RFC 1759 Printer MIB Group WorkCentreRFC 1213 MIB-II for TCP/IP group WorkCentre Additional Capabilities / Application Support WorkCentre RFC/Standard Appendix C -StandardsController Hardware Controller SoftwarePrinting Description Languages Appendix E References
Related manuals
Manual 1 pages 6.71 Kb

5790, 5755, 5775, 5735, 5740 specifications

The Xerox 5790, 5760, and 5765 are part of Xerox's well-known line of multifunction printers (MFPs), designed to meet the needs of businesses looking for efficient, high-volume printing, copying, and scanning solutions. These models provide a blend of advanced technology and user-friendly features, making them ideal for offices that demand speed and reliability.

The Xerox 5790 is a standout model in this series, offering exceptional printing speeds of up to 90 pages per minute. It features a robust paper handling system capable of accommodating various media sizes and types, including both standard and custom formats. This model integrates advanced imaging technology, providing high-quality output with sharp text and vibrant colors, thanks to its high resolution of up to 1200 x 1200 dpi.

The 5760 and 5765 models, while slightly lower in terms of speed – with the 5765 reaching up to 65 pages per minute – still maintain impressive performance levels suitable for medium to large-sized businesses. Both devices utilize Xerox's innovative EA toner technology, which delivers fine details and smooth gradients, making them particularly effective for graphics-intensive documents.

One of the key features across these models is their user-friendly touchscreen interface, which simplifies operation and allows for seamless workflow management. Users can easily access scanning, printing, and copying functions, with options to customize workflows according to specific job requirements. Additionally, these MFPs offer advanced scanning capabilities, such as double-sided scanning and scan-to-email features, enhancing productivity.

Connectivity is another highlight of the Xerox 5790, 5760, and 5765. They support a variety of networking options, including Ethernet and Wi-Fi, making it easy to integrate them into existing office networks. Furthermore, they are equipped with mobile printing options, allowing users to print directly from their smartphones and tablets, enhancing flexibility and convenience.

In addition to their powerful performance, these models also come equipped with various security features, such as secure print, user authentication, and data encryption, ensuring sensitive information remains protected. With their strong emphasis on sustainability, Xerox has designed these printers to be energy-efficient and equipped with features aimed at reducing paper waste, such as duplex printing.

In conclusion, the Xerox 5790, 5760, and 5765 multifunction printers combine speed, quality, and advanced technology, making them excellent choices for businesses looking to enhance productivity and workflow. Their range of features and capabilities ensures they can meet the demands of various office environments, all while maintaining a commitment to sustainability and security.
Top Page Image Contents