Xerox 3550 manual IP Filtering

Page 20

XEROX WorkCentre 3550 Information Assurance Disclosure Paper

2.8.2.15. Port 636, sLDAP

This is the standard LDAP port when using SSL for address book queries in the Scan to Email feature.

2.8.2.16. Port 1124, Network Scan Utility

This port supports the Xerox Network Scan utility. It is not configurable and cannot be disabled.

2.8.2.17. Port 1900, SSDP

This port behaves similarly to the SLP port. When activated, this port is used for service discovery and advertisement. The device will advertise itself as a printer and also listen for SSDP queries using this port. It is not configurable. This port is explicitly enabled / disabled in the Properties tab of the device’s web pages.

2.8.2.18. Port 3003, http/SNMP reply

This port is used when the http server requests device information. The user displays the Web User Interface (WebUI) and goes to a page where the http server must query the device for settings (e.g. Novell network settings). The http server queries the machine via an internal SNMP request (hence this port can only open when the http server is active). The machine replies back to the http server via this port. It sends the reply to the loopback address (127.0.0.0), which is internally routed to the http server. This reply is never transmitted on the network. Only SNMP replies are accepted by this port, and this port is active when the http server is active (i.e. if the http server is disabled, this port will be closed). If someone attempted to send an SNMP reply to this port via the network, the reply would have to contain the correct sequence number, which is highly unlikely, since the sequence numbers are internal to the machine.

2.8.2.19. Port 5200, UPnP

This port is used by UPnP. This is disabled when SSDP is disabled (see 3.2.2.16).

2.8.2.20. Port 5353, Multicast DNS

Designating a Multicast DNS server will allow the device to resolve domain names over a multicast protocol. This can be configured via the Local UI or WebUI.

2.8.2.21. Port 6000, SetIP Utility

This port supports the Xerox SetIP utility. It is not configurable and cannot be disabled.

2.8.2.22. Port 9100, raw IP

This allows downloading a PDL file directly to the interpreter. This port has limited bi-directionality (via PJL back channel) and allows printing only. This is a configurable port, and may be disabled in the Properties tab of the device’s web pages.

2.8.2.23. 9400, TWAIN for Network Utility

This port supports the Xerox TWAIN for Network utility. It is not configurable and cannot be disabled.

2.8.2.24. 9401, TWAIN for Network Utility

This port supports the Xerox TWAIN for Network utility. It is not configurable and cannot be disabled.

2.8.3. IP Filtering

The devices contain a static host-based firewall that provides the ability to prevent unauthorized network access based on an IP address or IP address range. Filtering rules can be set by the SA using the WebUI.

 

20

Ver. 1.3, March 2011

Page 20 of 32

Image 20
Contents Prepared by Ver .3, March Target Audience Device DescriptionSecurity Aspects of Selected Features Disclaimer PurposeTarget Audience Device Description Security-relevant Subsystems Physical PartitioningSecurity Functions allocated to Subsystems Security Functions allocated to SubsystemsController PurposeMemory Components Controller memory componentsExternal Connections USB PortsController External Connections USB PortsFax Module ScannerHardware Fax Module memory componentsUser Interface memory components Local User Interface LUIControl and Data Interfaces OS Layer in the Controller System Software StructureOpen-source components Network Protocols IPv4 Network Protocol StackLogical Access IPSecPorts Port 25, SmtpPort 53, DNS Network PortsPort 68, Dhcp Port 80, HttpPorts 137, 138, 139, Netbios Port 88, KerberosPorts 161, 162, Snmp Port 389, LdapPort 396, Netware Port 427, SLPIP Filtering Authentication Model Login and Authentication MethodsSystem Administrator Login All product configurations User authenticationSMB Authentication Windows NT 4 or Windows 2000/Windows SMB Authentication with IP AddressSMB Authentication with Hostname DdnsDiagnostics System AccountsPrinting Multifunction models only Network Scanning Multifunction models onlySMart eSolutions Meter AssistantSupplies Assistant SummaryResponses to Known Vulnerabilities Appendix a Abbreviations Electrically erasable programmable read only memoryIPSec Ldap ServerUDP WebUIRFC 1759 Printer MIB Group WorkCentre Appendix B Supported MIB ObjectsSnmp version / Network Transport support WorkCentre RFC 1514 Host Resources MIB group WorkCentre RFC 1213 MIB-II for TCP/IP group WorkCentreAdditional Capabilities / Application Support WorkCentre Supported MIB ObjectsController Software Printing Description Languages Controller SoftwareRFC/Standard Appendix E References