Xerox 3550 manual Logical Access, IPSec

Page 15

XEROX WorkCentre 3550 Information Assurance Disclosure Paper

Figure 2-5 IPv6 Network Protocol Stack

2.8.Logical Access

2.8.1.Network Protocols

The supported network protocols are listed in Appendix C and are implemented to industry standard specifications (i.e. they are compliant to the appropriate RFC) and are well-behaved protocols. There are no ‘Xerox unique’ additions to these protocols.

2.8.1.1.IPSec

The device supports IPSec tunnel mode. The print channel can be secured by establishing an IPSec association between a client and the device. A shared secret is used to encrypt the traffic flowing through this tunnel. SSL must be enabled in order to set up the shared secret.

When an IPSec tunnel is established between a client and the machine, the tunnel will also be active for administration with SNMPv2 tools (HP Open View, etc.), providing security for SNMP SETs and GETS with an otherwise insecure protocol. SNMP Traps may not be secure if either the client or the device has just been rebooted. IP Filtering can be useful to prevent SNMP calls from non-IPSec clients.

Once an IPSec channel is established between two points, it stays open until one end reboots or goes into power saver,. Only network clients and servers will have the ability to establish an IPSec tunnel with the machine. Thus

 

15

Ver. 1.3, March 2011

Page 15 of 32

Page 14 Page 16
Image 15
Page 14 Page 16
Contents Prepared by Ver .3, March Device Description Target AudienceSecurity Aspects of Selected Features Purpose Target AudienceDisclaimer Device Description Physical Partitioning Security-relevant SubsystemsSecurity Functions allocated to Subsystems Security Functions allocated to SubsystemsController memory components ControllerPurpose Memory ComponentsUSB Ports External ConnectionsUSB Ports Controller External ConnectionsFax Module memory components Fax ModuleScanner HardwareLocal User Interface LUI Control and Data InterfacesUser Interface memory components System Software Structure Open-source componentsOS Layer in the Controller IPv4 Network Protocol Stack Network ProtocolsIPSec Logical AccessNetwork Ports PortsPort 25, Smtp Port 53, DNSPort 80, Http Port 68, DhcpPort 88, Kerberos Ports 137, 138, 139, NetbiosPort 427, SLP Ports 161, 162, SnmpPort 389, Ldap Port 396, NetwareIP Filtering User authentication Authentication ModelLogin and Authentication Methods System Administrator Login All product configurationsSMB Authentication with IP Address SMB Authentication Windows NT 4 or Windows 2000/WindowsDdns SMB Authentication with HostnameNetwork Scanning Multifunction models only DiagnosticsSystem Accounts Printing Multifunction models onlySummary SMart eSolutionsMeter Assistant Supplies AssistantResponses to Known Vulnerabilities Ldap Server Appendix a AbbreviationsElectrically erasable programmable read only memory IPSecWebUI UDPAppendix B Supported MIB Objects Snmp version / Network Transport support WorkCentreRFC 1759 Printer MIB Group WorkCentre Supported MIB Objects RFC 1514 Host Resources MIB group WorkCentreRFC 1213 MIB-II for TCP/IP group WorkCentre Additional Capabilities / Application Support WorkCentreController Software RFC/StandardController Software Printing Description Languages Appendix E References
Top Page Image Contents