XEROX WorkCentre 3550 Information Assurance Disclosure Paper
2.8.2.3.Port 68, DHCP
This port is used only when performing DHCP, and is not open all of the time. To permanently close this port, DHCP must be explicitly disabled. This is done in User Tools via the Local User Interface or via the TCP/IP page in the Properties tab on the WebUI.
2.8.2.4.Port 80, HTTP
The embedded web pages communicate to the machine through a set of unique APIs and do not have direct access to machine information:
Network
| Network Controller | |||
|
| I |
| |
|
| n |
| |
| request | t |
| |
| e |
| ||
http |
| request | ||
| r | |||
| machine | |||
server |
| n | ||
| information | |||
response | a | |||
|
| |||
|
| l | response | |
|
|
| ||
|
| A |
| |
|
| P |
| |
|
| I |
| |
Figure |
|
| ||
The HTTP port can only access the HTTP server residing in the controller. The embedded HTTP server is Apache. The purpose of the HTTP server is to:
•Give users information of the status of the device;
•View the job queue within the device and delete jobs;
•Allow users to download print ready files and program Scan to File Job Templates;
•Allow remote administration of the device. Many settings that are on the Local UI are replicated in the device’s web pages. Users may view the properties of the device but not change them without logging into the machine with administrator privileges.
The HTTP server can only host the web pages resident on the device. It does not and cannot act as a proxy server to get outside of the network the device resides on. Hence the server cannot access any networks (or web servers) outside of the customer firewall.
When the device is configured with an IP address, it is as secure as any device inside the firewall. The web pages are accessible only to authorized users of the network inside the firewall.
This service (and port) may be disabled in User Tools via the Local User Interface or via the TCP/IP page in the Properties tab on the Web UI. Please note that when this is disabled, IPP Port 631 is also disabled.
HTTP may be secured by enabling Secure Sockets Layer.
2.8.2.4.1.Proxy Server
The device can be configured to communicate through a proxy server. Features that can make use of a proxy server include the Automatic Meter Read feature, scanning to a remote repository, or retrieving scan templates from a remote template pool.
| 17 |
Ver. 1.3, March 2011 | Page 17 of 32 |