System Accounts, Diagnostics, Device log on | Xerox 3550 guide

XEROX WorkCentre 3550 Information Assurance Disclosure Paper

3.3.System Accounts

3.3.1.Printing [Multifunction models only]

The device may be set up to connect to a print queue maintained on a remote print server. The login name and password are sent to the print server in clear text. IPSec should be used to secure this channel.

3.3.2. Network Scanning [Multifunction models only]

Network Scanning may require the device to log into a server. The instances where the device logs into a server are detailed in the following table. Users may also need to authenticate for scanning. This authentication is detailed in subsequent sections.

3.3.2.1.Device log on

Scanning feature		Device behavior
Scan to Network		The device logs in to the scan repository as set up by the SA via CWIS.
Scan to E-mail		The device logs into an SMTP Server as set up by the SA via CWIS. It will

		only log into the Server when a user attempts to use the scan-to-email
		feature. At the time the LDAP server must be accessed, the device will
		log into the LDAP server.
		The device uses simple authentication on the SMTP server. A network
		username and password must be assigned to the device. The device
		logs in as a normal user, with read only privileges. User credentials are
		not used for this authentication step, and are never transmitted over the
		network.
	Table 8 Device Log On for Scanning Features

Please note that when the device logs into any server the device username and password are sent over the network in clear text unless SSL has been enabled or IPSec has been configured to encrypt the traffic.

3.4. Diagnostics

To access onboard diagnostics from the local user interface, Xerox service representatives must enter a unique 4-digit password. This PIN is the same for all product configurations and cannot be changed.

	24
Ver. 1.3, March 2011	Page 24 of 32

Image 24

Xerox 3550 System Accounts, Diagnostics, Printing Multifunction models only, Network Scanning Multifunction models only

Contents

Prepared by Ver .3, March Target Audience Device Description Security Aspects of Selected Features Purpose Target AudienceDisclaimer Device Description Security-relevant Subsystems Physical Partitioning Security Functions allocated to Subsystems Security Functions allocated to Subsystems Controller PurposeMemory Components Controller memory components External Connections USB PortsController External Connections USB Ports Fax Module ScannerHardware Fax Module memory components Local User Interface LUI Control and Data InterfacesUser Interface memory components System Software Structure Open-source componentsOS Layer in the Controller Network Protocols IPv4 Network Protocol Stack Logical Access IPSec Ports Port 25, SmtpPort 53, DNS Network Ports Port 68, Dhcp Port 80, Http Ports 137, 138, 139, Netbios Port 88, Kerberos Ports 161, 162, Snmp Port 389, LdapPort 396, Netware Port 427, SLP IP Filtering Authentication Model Login and Authentication MethodsSystem Administrator Login All product configurations User authentication SMB Authentication Windows NT 4 or Windows 2000/Windows SMB Authentication with IP Address SMB Authentication with Hostname Ddns Diagnostics System AccountsPrinting Multifunction models only Network Scanning Multifunction models only SMart eSolutions Meter AssistantSupplies Assistant Summary Responses to Known Vulnerabilities Appendix a Abbreviations Electrically erasable programmable read only memoryIPSec Ldap Server UDP WebUI Appendix B Supported MIB Objects Snmp version / Network Transport support WorkCentreRFC 1759 Printer MIB Group WorkCentre RFC 1514 Host Resources MIB group WorkCentre RFC 1213 MIB-II for TCP/IP group WorkCentreAdditional Capabilities / Application Support WorkCentre Supported MIB Objects Controller Software RFC/StandardController Software Printing Description Languages Appendix E References