Xerox 3550 manual System Accounts, Diagnostics, Printing Multifunction models only, Device log on

Page 24

XEROX WorkCentre 3550 Information Assurance Disclosure Paper

3.3.System Accounts

3.3.1.Printing [Multifunction models only]

The device may be set up to connect to a print queue maintained on a remote print server. The login name and password are sent to the print server in clear text. IPSec should be used to secure this channel.

3.3.2. Network Scanning [Multifunction models only]

Network Scanning may require the device to log into a server. The instances where the device logs into a server are detailed in the following table. Users may also need to authenticate for scanning. This authentication is detailed in subsequent sections.

3.3.2.1.Device log on

Scanning feature

 

Device behavior

Scan to Network

 

The device logs in to the scan repository as set up by the SA via CWIS.

Scan to E-mail

 

The device logs into an SMTP Server as set up by the SA via CWIS. It will

 

 

 

 

only log into the Server when a user attempts to use the scan-to-email

 

 

feature. At the time the LDAP server must be accessed, the device will

 

 

log into the LDAP server.

 

 

The device uses simple authentication on the SMTP server. A network

 

 

username and password must be assigned to the device. The device

 

 

logs in as a normal user, with read only privileges. User credentials are

 

 

not used for this authentication step, and are never transmitted over the

 

 

network.

 

Table 8 Device Log On for Scanning Features

Please note that when the device logs into any server the device username and password are sent over the network in clear text unless SSL has been enabled or IPSec has been configured to encrypt the traffic.

3.4. Diagnostics

To access onboard diagnostics from the local user interface, Xerox service representatives must enter a unique 4-digit password. This PIN is the same for all product configurations and cannot be changed.

 

24

Ver. 1.3, March 2011

Page 24 of 32

Page 23 Page 25
Image 24
Page 23 Page 25
Contents Prepared by Ver .3, March Target Audience Device DescriptionSecurity Aspects of Selected Features Purpose Target AudienceDisclaimer Device Description Security-relevant Subsystems Physical PartitioningSecurity Functions allocated to Subsystems Security Functions allocated to SubsystemsController PurposeMemory Components Controller memory componentsExternal Connections USB PortsController External Connections USB PortsFax Module ScannerHardware Fax Module memory componentsLocal User Interface LUI Control and Data InterfacesUser Interface memory components System Software Structure Open-source componentsOS Layer in the Controller Network Protocols IPv4 Network Protocol StackLogical Access IPSecPorts Port 25, SmtpPort 53, DNS Network PortsPort 68, Dhcp Port 80, HttpPorts 137, 138, 139, Netbios Port 88, KerberosPorts 161, 162, Snmp Port 389, LdapPort 396, Netware Port 427, SLPIP Filtering Authentication Model Login and Authentication MethodsSystem Administrator Login All product configurations User authenticationSMB Authentication Windows NT 4 or Windows 2000/Windows SMB Authentication with IP AddressSMB Authentication with Hostname DdnsDiagnostics System AccountsPrinting Multifunction models only Network Scanning Multifunction models onlySMart eSolutions Meter AssistantSupplies Assistant SummaryResponses to Known Vulnerabilities Appendix a Abbreviations Electrically erasable programmable read only memoryIPSec Ldap ServerUDP WebUIAppendix B Supported MIB Objects Snmp version / Network Transport support WorkCentreRFC 1759 Printer MIB Group WorkCentre RFC 1514 Host Resources MIB group WorkCentre RFC 1213 MIB-II for TCP/IP group WorkCentreAdditional Capabilities / Application Support WorkCentre Supported MIB ObjectsController Software RFC/StandardController Software Printing Description Languages Appendix E References
Top Page Image Contents