manualshive.com logo in svg

Xerox AltaLink B8045, Security Manual, Page: 28 / 70

Share
Download
Xerox AltaLink B8045 Security Manual Download Page 28

Xerox® Security Guide for Office Class Products:  AltaLink® 

 VersaLink® 

November 2018 

  Page  26 

 

 

7  Identification, Authentication, and Authorization 

AltaLink® and VersaLink® products offer a range of authentication and authorization options to support 
various environments.   

Single Factor authentication is supported locally on the product or via external network authentication 
servers (e.g. LDAP, Kerberos, ADS).  Multi Factor authentication is supported by addition of card reader 
hardware.  (Where ease of access is desired, open access and simple user identification modes also 
exist, however these are not recommended for secure environments.) 

In all modes, product administrator accounts always require authentication.  This cannot be disabled. 

A flexible RBAC (Role Based Access Control) security model supports granular to assign of user 
permissions.  Once a user has been authenticated, the product grants (or denies) user permissions 
based upon the role(s) they have been assigned to.  Pre-defined roles that may be used or custom roles 
may be created as desired. 

 

Authentication 

AltaLink® and VersaLink® devices support the following authentication mode: 

 Local Authentication 

 Network Authentication 

 Smart Card Authentication (CAC, PIV, SIPR, .Net) 

 Convenience Authentication    

 

Local Authentication 

The local user database stores user credential information. The printer uses this information for local 
authentication and authorization, and for Xerox ® Standard Accounting. When you configure local 
authentication, the printer checks the credentials that a user provides against the information in the user 
database. When you configure local authorization, the printer checks the user database to determine 
which features the user is allowed access. 

Note: User names and passwords stored in the user database are not transmitted over the network 

Password Policy 

The following password attributes can be configured:  

 

 

 

AltaLink®  
Multifunction 

VersaLink® 
Multifunction 

VersaLink® Printers  

 

 

B8045, B8055, B8065, B8075, 
B8090, C8030, C8035, C8045, 
C8055, C8070 

B405, B605, B615, B7025, 
B7030, B7035, C405, C505, 
C605, C7020, C7025, C7030 

B400, B600, B610, C400, 
C500, C600, C7000, C8000, 
C9000 

Password Policy 

 

 

 

 

Minimum Length

 

 

Maximum Length

 

63 

63 

63 

 

Password cannot contain User Name 

Supported 

Supported 

Supported 

 

Password complexity options (in addition 
to alphabetic characters) 

Require a number 

Require a number 
Require non-alphabetic  

Require a number 
Require non-alphabetic  

 

 

 

Summary of Contents for AltaLink B8045

Page 1: ...Products Single Function Printers AltaLink Multi Function Products VersaLink Multi Function Products VersaLink Printers B8045 B8055 B8065 B8075 B8090 B405 B605 B615 B7025 B7030 B7035 B400 B600 B610 C8...

Page 2: ...ledged Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including without limitatio...

Page 3: ...10 100 1000 MB Ethernet RJ 45 Network Connector 8 Rear USB Type B Target port 8 Optional Equipment 8 RJ 11 Analog Fax and Telephone 8 Wireless Network Connector 8 Near Field Communications NFC Reader...

Page 4: ...15 Trusted Certificates 16 Certificate Validation 17 Email Signing and Encryption using S MIME 17 SNMPv3 17 Network Access Control 18 802 1x 18 Cisco Identity Services Engine ISE 18 Cisco ISE allows y...

Page 5: ...the following authentication mode 26 Local Authentication 26 Password Policy 26 Network Authentication 27 Smart Card Authentication 27 Convenience Authentication 27 Simple Authentication non secure 28...

Page 6: ...Xerox Security Guide for Office Class Products AltaLink VersaLink November 2018 Page 4 Appendix B Security Events 49 Xerox AltaLink Security Events 49 VersaLink Security Events 65...

Page 7: ...Information Assurance This document does not provide tutorial level information about security connectivity or the product s features and functions This information is readily available elsewhere We a...

Page 8: ...nt to security and are not discussed 1 Stabilizer 2 Bypass paper feed tray 3 Front USB Port s 4 Touch screen user interface 5 Upper paper tray 6 Lower paper tray 7 Paper feed trays 8 Caster wheels 9 R...

Page 9: ...s may be equipped with additional storage options such as magnetic Hard Disk Drive HDD Solid State Disk SSD SD Card or Flash media For model specific details please see Appendix A Product Security Pro...

Page 10: ...communication cannot write or change any settings on the system The data exchanged is not encrypted and may include information including system network status IP address and product location NFC fun...

Page 11: ...latform Module TPM The TPM is compliant with ISO IEC 11889 the international standard for a secure cryptoprocessor dedicated to secure cryptographic keys The TPM is used to securely hold the product s...

Page 12: ...ption The Xerox Global Print Driver supports document encryption when submitting Secure Print jobs to enabled products Simply check the box to Enable Encryption when adding the Passcode to the print j...

Page 13: ...171 Image Overwrite All models use magnetic HDD Models with magnetic HDD See Appendix A Product Security Profiles Models with magnetic HDD See Appendix A Product Security Profiles Print Submission IPP...

Page 14: ...a client to external network services Inbound Listening Services Out Bound Network Client Print Services LPR IPP Raw IP etc Management Services SNMP Web interface WebServices etc Infrastructure Discov...

Page 15: ...ersaLink products support IPSec for both IPv4 and IPv6 protocols AltaLink Multifunction VersaLink Multifunction VersaLink Printers B8045 B8055 B8065 B8075 B8090 C8030 C8035 C8045 C8055 C8070 B405 B605...

Page 16: ...WPA2 Enterprise CCMP AES TKIP TKIP CCMP AES PEAPv0 MS CHAPv2 EAP TLS EAP TTLS PAP EAP TTLS MS CHAPv2 EAP TTLS EAP TLS CCMP AES TKIP PEAPv0 MS CHAPv2 EAP TLS EAP TTLS PAP EAP TTLS CHAP EAP TTLS MS CHAP...

Page 17: ...For protocols such as HTTPS the printer is the server and must prove its identity to the client Web browser For protocols such as 802 1X the printer is the client and must prove its identity to the au...

Page 18: ...this requirement a message appears The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement AltaLink Multifunction VersaLink Multifuncti...

Page 19: ...B600 B610 C400 C500 C600 C7000 C8000 C9000 Email S MIME Versions v3 v2 v3 v3 2 Not Applicable Digest SHA1 SHA256 SHA384 SHA512 MD5 SHA1 SHA256 Not Applicable Encryption 3DES AES128 AES192 AES256 3DES...

Page 20: ...SE under product families such as AltaLink and VersaLink enabling Cisco ISE to automatically detect and profile new Xerox products from the day they are released Customers who use Cisco ISE find that...

Page 21: ...manage endpoints contextually Connectivity of AltaLink and VersaLink devices can be fully managed contextually by Cisco TrustSec TrustSec uses Security Group Tags SGT that are associated with an endp...

Page 22: ...ately If IP Filter and IPsec are both enabled IPsec is evaluated first Up to 25 addresses can be enabled for IPv4 and an additional 25 for IPv6 Addresses include IP and subnet allowing individual syst...

Page 23: ...Firmware is digitally signed Firmware is verified against a whitelist using cryptographic hashing Runtime Intrusion Prevention Detection Runtime Executable Control McAfee Embedded Control prevents una...

Page 24: ...are applied by device firmware updates Firmware is protected from tampering by use of digital signatures discussed later in this section The BIOS is designed to fail secure An integrity check is perf...

Page 25: ...that the event happened in mm dd yy format Time The time that the event happened in hh mm ss format ID The type of event The number corresponds to a unique description Description An abbreviated desc...

Page 26: ...tion is required while servicing a Xerox device service technicians will remove the device from any connected networks The technician will then connect directly to the device using an Ethernet cable c...

Page 27: ...d Xerox CentreWare Web available as a free download centrally manage Xerox Devices Additionally AltaLink products come with McAfee built in and can be managed with McAfee ePO providing an enhanced sec...

Page 28: ...owing authentication mode Local Authentication Network Authentication Smart Card Authentication CAC PIV SIPR Net Convenience Authentication Local Authentication The local user database stores user cre...

Page 29: ...elf Support for the SIPR network is provided using the XCP Plug in architecture and a Smart Card authentication solution created by 90meter under contract for Xerox Details regarding 90meter can be fo...

Page 30: ...ote that Xerox products are designed to be customizable and support various workflows as well as security needs User permissions include security related permissions and non security related workflow...

Page 31: ...ulnerabilities in Xerox software and hardware It can be downloaded from this page http www xerox com information security information security articles whitepapers enus html Additional Resources Below...

Page 32: ...rox Security Guide for Office Class Products AltaLink VersaLink November 2018 Page 30 Appendix A Product Security Profiles This appendix describes specific details of each AltaLink and VersaLink produ...

Page 33: ...Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Ty...

Page 34: ...oard HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 SDRAM Executable code Printer contr...

Page 35: ...or C Release Lever Security Related Interfaces Ethernet 10 100 1000 MB Ethernet interface Optional Wi Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printi...

Page 36: ...oard HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 SDRAM Executable code Printer contr...

Page 37: ...Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print...

Page 38: ...d HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control d...

Page 39: ...pe B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print fr...

Page 40: ...HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2 4GB DDR3 DRAM Executable code Printer control...

Page 41: ...Wi Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0...

Page 42: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Page 43: ...s optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users...

Page 44: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Page 45: ...11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a U...

Page 46: ...gnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2 4GB DDR3 DRAM Executable code Printer control data te...

Page 47: ...for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to P...

Page 48: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Page 49: ...t can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this in...

Page 50: ...d HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 DRAM Executable code Printer control d...

Page 51: ...verwrite Status 5 Print job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID 6 Network scan job Job name User Name Completion Status IIO status Accounting User...

Page 52: ...Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 14 Lan Fax Job Job name User Name Completion Status IIO status...

Page 53: ...pts Exceed 5 Time Remaining Hrs Remaining for next attempt Min Remaining for next attempt 27 Postscript Passwords Device name Device serial number StartupMode enabled disabled System Params Password c...

Page 54: ...enabled disabled 41 IP Filtering Rules UserName Device name Device serial number Completion Status Configured enabled disabled 42 Network Authentication Enable Disable Configure UserName Device name D...

Page 55: ...Logout Device Name Device Serial Number Interface Web LUI User Name who was logged out Session IP if available 58 Session Timer Interval Change Device Name Device Serial Number Interface Web LUI Time...

Page 56: ...Mode Enable Disable Configure UserName Device name Device Serial Number Enable Disable Configure 69 Xerox Secure Access Login UserName Device Name Device Serial Number Completion Status Success Faile...

Page 57: ...request 79 Scan to Web Service Job Remote Scan Job Competed TWAIN driver Job name UserName Accounting User ID Name Accounting Account ID Name Completion status Destination 80 SMTP Connection Encryptio...

Page 58: ...e managing passwords Device name Device serial number Folder Name Completion Status Password was Changed 93 EFax Mailbox Passcode UserName managing passcodes Device name Device serial number Completio...

Page 59: ...evice name Device serial number Completion Status Success if Passcode is ok Failed if Passcode is not ok Locked out if Max Attempts Exceed 5 Time Remaining Hrs Remaining for next attempt Min Remaining...

Page 60: ...abled Configured 112 Billing Impression Mode UserName Device name Device serial number Mode Set to A4 Mode A3 Mode Completion Status Success Failed Impression data 113 Airprint Enable Disable Configur...

Page 61: ...etion status Success Fail 124 Invalid Login Attempt Lockout Device name Device serial number Interface Web UI Local UI Session IP Address if available 125 Protocol audit Log enable Disable UserName De...

Page 62: ...evice serial number Completion status accept reject request 134 Airprint Mopria Scan Job Completed Job name UserName if available Completion status 136 Remote Services NVM Write Device Name Device Ser...

Page 63: ...n Password Policy Configure User name Device name Device serial number 147 Local user account password policy User name Device name Device serial number 148 Restricted admin login User name Device nam...

Page 64: ...Clone Files UserName if available Device name Device serial numberCompletion status Enabled Disabled 161 Network Troubleshooting Start Stop User name Device Name Device Serial Number Completion Status...

Page 65: ...umber Completion Status Success Failed 173 Device File Distribution Trust Operations User name Device name Device serial number Member name Member serial number TC Lead Device Name TC Lead Serial Numb...

Page 66: ...Beaconing for iBeacon for AirPrint Discovery User Name Device name Device serial number Completion Status Enabled Disabled 181 Network Troubleshooting Install Uninstall User Name Device name Device s...

Page 67: ...me Completion Success Failed Invalid User ID Failed Invalid Password Failed Host Name or IP Address Method Local Remote Convenience Custom Role System Administrator Customer Engineer Casual Operator 2...

Page 68: ...ompletion Success Failed 501 Add User User name User Role 501 Edit User User name User Role ID Password CardID Name Permission Role ICCardID Other 501 Delete User User Name 501 Create Mailbox Host Nam...

Page 69: ...ge Billing Impression Mode Completion Success Failed Designated Mode A3 Mode A4 Mode Billing Meter Values 601 Import Certificate User name Completion Success Failed Category RootCA DeviceEE SSCEE Key...

Page 70: ...ectivity Permissions System 601 Import Cloning Data 701 Important Parts Completion Replaced 701 Hard Disk Completion Replaced Installed Removed 701 Software Completion Updated ROM Type IOT UI Controll...

Reviews:

No comments