Xerox WorkCentre
Information Assurance Disclosure Paper Version
5735/5740/5745/5755/5765/5775/5790
Prepared by
Other company trademarks are also acknowledged
Document Version: 1.00 May
Ver. 2.00, March
Page 2 of
Page 3 of
4. SECURITY ASPECTS OF SELECTED FEATURES
1. Introduction
1.1. Purpose
1.2. Target Audience
1.3. Disclaimer
2. Device Description
2.1.Security-relevantSubsystems
2.1.1.Physical Partitioning
Figure 2-1WorkCentre Multifunction System
2.1.2. Security Functions allocated to Subsystems
Security Function
Subsystem
Page 7 of
2.2.Controller
2.2.1.Purpose
2.2.2. Memory Components
Volatile Memory
Page 9 of
Non-VolatileMemory
Media and Storage
2.2.3. External Connections
2.2.4. USB Ports
2.2.Fax Module
2.4.Scanner
2.3.1.Purpose
2.3.2. Hardware
2.5.Graphical User Interface GUI
2.5.1.Purpose
2.5.2. Hardware
Volatile Memory Description
2.7.System Software Structure
2.6.1.Purpose
2.6.2. Hardware
2.6.3. Control and Data Interfaces
Page 14 of
Figure 2-5IPv4 Network Protocol Stack
2.7.3. Network Protocols
Page 15 of
2.8.Logical Access
2.8.1.Network Protocols
2.8.1.1.IPSec
Figure 2-6IPv6 Network Protocol Stack
2.8.2. Ports
2.8.2.1.Port 25, SMTP
2.8.2.2.Port 53, DNS
2.8.2.3.Port 68, DHCP
2.8.2.4.Port 80, HTTP
http
server
Network Controller
Page 19 of
2.8.2.5.Port 88, Kerberos
2.8.2.6.Port 110, POP-3Client
2.8.2.7.Ports 137, 138, 139, NETBIOS
2.8.2.8.Ports 161, 162, SNMP
2.8.2.9.Port 389, LDAP
2.8.2.10. Port 396, Netware
2.8.3. IP Filtering
2.8.2.13. Port 515, LPR
2.8.2.14. Port 631, IPP
2.8.2.15. Port 1900, SSDP
3. System Access
3.1. Authentication Model
Page 23 of
3.2. Login and Authentication Methods
3.2.2. User authentication
Page 25 of
3.3.System Accounts
3.3.1.Printing Multifunction models only
3.3.2. Network Scanning Multifunction models only
3.2.2.3.DDNS
3.4.Diagnostics
3.4.1.Service All product configurations
3.4.2. Alternate Boot via Serial Port
3.4.3. tty Mode
3.4.4.1.Access
3.4.4.3.Network Diagnostics executed from the PSW
3.4.4.2.Communication Protocol
Page 28 of
3.4.4.4.Accessible Data
Page 29 of
3.4.5. Summary
Page 30 of
4.1.Audit Log
Event
Event description
Entry Data
Event
Event description
Entry Data
Page 32 of
Event
Event description
Entry Data
Page 33 of
Event
Event description
Entry Data
Page 34 of
Event ID
Event
Event description
Entry Data
Event
Event description
Entry Data
Page 36 of
Event
Event description
Entry Data
Page 37 of
Event
Event description
Entry Data
Page 38 of
4.2. Xerox Standard Accounting
Event
Event description
Entry Data
4.3. Automatic Meter Reads
4.4. Encrypted Partitions
4.5. Image Overwrite
Page 40 of
4.5.1. Algorithm
4.5.2. User Behavior
4.5.3. Overwrite Timing
Page 41 of
5.Responses to Known Vulnerabilities
6. APPENDICES
6.1. Appendix A – Abbreviations
Customer Administration Tool
Customer Service Engineer
Non-VolatileRandom Access Memory
Portable Service Workstation
Printed Wire Board Assembly
System Administrator
6.2. Appendix B – Supported MIB Objects
Support Definitions
NOTES
Term
RFC 1759 - Printer MIB Group
WorkCentre
RFC 1514 – Host Resources MIB group
WorkCentre
RFC 1213 - MIB-IIfor TCP/IP group
WorkCentre
Additional Capabilities / Application Support
WorkCentre
6.3. Appendix C –Standards
Function
Page 48 of
Controller Hardware
Function
Page 49 of
RFC/Standard
Printing Description Languages
Page 50 of
6.4. Appendix E – References
faq.html