background image

Xerox® Security Guide for Light Production Mono Class Products 

 

Marking Engine 

The Marking Engine performs copy/print paper feeding and transport, image marking, fusing, and 
document finishing. The marking engine is comprised of paper supply trays and feeders, paper transport, 
LED scanner, xerographic, and paper output and finishing. The marking engine is only accessible to the 
Controller via inter-chip communication with no other access and does not store user data

.

 

 

Name 

Purpose/Explanation 

Flash ROM 

All operating system and application executable control code related to Marking 
Engine resides here (e.g. boot loader, paper path, and xerographic).  

SRAM 

(Static RAM) 

This is a Work RAM used to develop the program and parameters in the 
above-mentioned Flash ROM. No user data is stored in this memory. 

 

Controller 

The controller manages document processing using proprietary hardware and algorithms to process 
documents into high-quality electronic and/or printed reproductions.  Documents may be temporarily 
buffered in RAM during processing.  Some models may be equipped with additional storage options such 
as magnetic Hard Disk Drive (HDD), Solid State Disk (SSD), SD Card, or Flash media.  For model 
specific details please see 

Appendix A:  Product Security Profiles

 Legacy and D-Series® products 

encrypt user data and include media sanitization (overwrite) options that ensure that erased data cannot 
be recovered, described further in sectio

2

 

User Data Protection

. 

In addition to managing document processing the controller manages all network functions and services.  
Details can be found in section 

Network Security

. 

The controller handles all I/O communications with connected products.  The following section provides a 
description of each interface.  Please note that not all interfaces are supported on all models; details 
about each model can be found in 

Appendix A:  Product Security Profiles

. 

The details of the memory devices in the Controller are: 

 

Name 

Purpose/Explanation 

DRAM 

The executable software is loaded in this memory and is run. This memory is 
also used for temporary storage of user data such as data files and images. 
Such data is not backed up and is deleted when a job is completed. And the all 
data is lost when the power to the device is removed.  

Flash ROM 

This Flash memory contains the code necessary to boot the system, all 
executable code (operating system, PostScript interpreter, network protocols, 
document scheduler, etc.), and the installed fonts. A power-on self-test is 
performed and the bootstrap OS is loaded. This memory never contains any 
user data or document data. 

Operating system and application executable control code resides here. All 
codes except for the code of boot loader are compressed and are extracted 
into DRAM to be executed. No user image data is stored in this memory. 

NVRAM 

This non-volatile memory has no image data stored in it. User data such as 
system setting information, mailbox information, job memory, user 
management information, and various types of logs are recorded in it. The data 
is written in the memory after it is encrypted. 

Summary of Contents for D Series

Page 1: ...e Disclosure Xerox Security Guide Light Production Mono Class Copier Printers Legacy Printers Legacy Copier Printers D Series Copier Printers 4110 4112 4127 4590 Enterprise Printing System 4110 4112 4...

Page 2: ...sion 1 0 February 2019 Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including w...

Page 3: ...CONTROLS 25 4 DEVICE SECURITY BIOS FIRMWARE OS RUNTIME AND OPERATIONAL SECURITY CONTROLS 27 FAIL SECURE VS FAIL SAFE 27 PRE BOOT SECURITY 28 BOOT PROCESS SECURITY 28 RUNTIME SECURITY 28 EVENT MONITORI...

Page 4: ...Xerox Security Guide for Light Production Mono Class Products APPENDIX B SECURITY EVENTS 51 XEROX LEGACY SECURITY EVENTS 51 D SERIES SECURITY EVENTS 67 1...

Page 5: ...pect to Information Assurance This document does not provide tutorial level information about security connectivity or the product s features and functions This information is readily available elsewh...

Page 6: ...luding finishers paper trays document handers etc may vary configuration however they are not relevant to security and are not discussed 1 Optional High Capacity Feeder 2 Bypass paper feed tray 3 Dupl...

Page 7: ...memory on Controller is accessible Preview Thumbnail feature Scanner The scanner converts documents from hardcopy to electronic data A document handler moves originals into a position to be scanned Th...

Page 8: ...er Data Protection In addition to managing document processing the controller manages all network functions and services Details can be found in section Network Security The controller handles all I O...

Page 9: ...r more USB ports may be located on the front of the product near the user interface Front USB ports may be enabled or disabled by a system administrator The front USB port supports the following Walk...

Page 10: ...ddress and product location NFC functionality can be disabled using the embedded web server of the product NFC functionality requires a software plugin that can be obtained from Xerox sales and suppor...

Page 11: ...56 The encryption key is automatically created at start up and stored in the RAM The key is deleted by a power off due to the physical characteristics of the RAM TPM Chip The Legacy and D Series produ...

Page 12: ...protocol is based on HTTP and utilizes the TLS suite to encrypt data HTTPS TLS Securely submit a print job directly to product via the built in web server Xerox Print Stream Encryption The Xerox Glob...

Page 13: ...ia Sanitization NIST 800 171 Image Overwrite All models use magnetic HDD Models with magnetic HDD See Appendix A Product Security Profiles Models with magnetic HDD See Appendix A Product Security Prof...

Page 14: ...nt to external network services Inbound Listening Services Out Bound Network Client Print Services LPR IPP Raw IP etc Management Services SNMP Web interface WebServices etc Infrastructure Discovery Se...

Page 15: ...on Agent 445 TCP Direct Hosting 465 TCP SMTPS Client 500 UDP ISAKMP 515 TCP LPR 524 TCP NetWare NCP Client 547 UDP DHCPv6 Client 631 TCP IPP FreeFlow 636 TCP LDAPS Client 1824 TCP HTTPS OffBox Validat...

Page 16: ...A system administrator can change the port number from CentreWare Internet Services Port 53 DNS This port is used for DNS This port is used for name queries to the DNS server when the product accesses...

Page 17: ...operates as a secure channel for SSMI and supports TLSv1 1 and TLSv1 2 When SSL TLS is enabled HTTP connections to SSMI are redirected to HTTPS Since communication through port 443 is encrypted inter...

Page 18: ...sing protocol Port 445 is a standard direct host port and is used for communication using SMB protocol that does not use NetBIOS over TCP A system administrator can disable each of the 4 ports via Loc...

Page 19: ...ntreWare Internet Services Ports 80 443 HTTPS Authentication Agent ASC These are used as the destination ports when the product communicates to ApeosWare Authentication Agent AWAA Protocol and port nu...

Page 20: ...DAP authentication and for Address Book queries in the Scan to Email feature Port 1824 HTTPS OffBox Validation This port is used to communicate with OffBox Validation server The protocol and port numb...

Page 21: ...d IPv6 protocols Legacy Printers Legacy Copier Printers D Series Copier Printers 4110 4112 4127 4590 EPS 4110 4112 4127 4590 D95 D110 D125 D136 IPSec Supported IP Versions IPv4 IPv6 IPv4 IPv6 IPv4 IPv...

Page 22: ...x Legacy 4110 4112 4127 and D Series Copier Printer products support TLS 1 2 Legacy Printers Legacy Copier Printers D Series Copier Printers 4110 4112 4127 4590 EPS 4110 4112 4127 4590 D95 D110 D125 D...

Page 23: ...logs in to the product using a Smart Card For protocols such as HTTPS the printer is the server and must prove its identity to the client Web browser For protocols such as 802 1X the printer is the cl...

Page 24: ...ficate that contains a key that does not meet this requirement a message appears The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement...

Page 25: ...D95 D110 D125 D136 Email S MIME Versions v3 v3 v3 Digest SHA1 SHA256 SHA384 SHA512 SHA1 SHA256 SHA384 SHA512 SHA1 SHA2 SHA256 SHA384 SHA512 Encryption 3DES AES128 AES192 AES256 3DES AES128 AES192 AES...

Page 26: ...g Cisco ISE to automatically detect and profile new Xerox products from the day they are released Customers who use Cisco ISE find that including Xerox products in their security policies is simpler a...

Page 27: ...udit processes to support them quickly become prohibitively expensive It also lacks the ability to manage endpoints contextually Connectivity of D Series Copier Printer devices can be fully managed co...

Page 28: ...and D Series products support IP Whitelisting only When enabled all traffic is prohibited regardless of interface wired wireless unless enabled by IP filter rule IPv4 and IPv6 are enabled separately...

Page 29: ...BIOS is inaccessible and cannot be cleared or reset The BIOS can only be modified by a firmware update which is digitally signed BIOS will fail secure locking the system if integrity is compromised E...

Page 30: ...ware is protected from tampering by use of digital signatures discussed later in this section The BIOS is designed to fail secure An integrity check is performed immediately when power is applied If v...

Page 31: ...on audit log settings and data can only be accessed via HTTPS Operational Security Firmware Restrictions The list below describes supported firmware delivery methods and applicable access controls Loc...

Page 32: ...Workstation PWS Only Xerox authorized service technicians are granted access to the PSW Customer documents or files cannot be accessed during a diagnostic session nor are network servers accessible t...

Page 33: ...rity Guide for Light Production Mono Class Products 5 Configuration Security Policy Management Solutions Xerox Device Manager and Xerox CentreWare Web available as a free download centrally manage Xer...

Page 34: ...on Legacy and D Series Copier Printer devices support the following authentication mode Local Authentication Network Authentication Smart Card Authentication CAC PIV SIPR Net Convenience Authenticatio...

Page 35: ...D and password set for the product authentication to the switch device starts in order to connect to the LAN port 802 1X Authentication In 802 1X authentication when the product is connected to the LA...

Page 36: ...rted Supported Supported PIV PIV II Supported Supported Supported Net Gemalto Net v1 Gemalto Net v2 Supported Supported Supported Gemalto MD Not Currently Supported Not Currently Supported Not Current...

Page 37: ...view this information can be disallowed Local Access Without RBAC permissions defined basic information such as Model Serial number Software Version IP address and Host Name can be viewed without auth...

Page 38: ...he Initial Ticket that the product received using the entered password When the decryption completes in success the user is authenticated In SMB authentication through the negotiation with SMB authent...

Page 39: ...ion server is encrypted by the supplier s unique code e g Equitrac Corporation Sequence of authentication performed by inserting card to Secure Access card reader is as follows 1 The information on th...

Page 40: ...s in Xerox software and hardware It can be downloaded from this page http www xerox com information security information security articles whitepapers enus html Additional Resources Below are addition...

Page 41: ...ox Security Guide for Light Production Mono Class Products Appendix A Product Security Profiles This appendix describes specific details of each Legacy 4110 4112 4127 and D Series Copier Printer produ...

Page 42: ...system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this information is the responsibility o...

Page 43: ...Circuit soldered to circuit board HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Non Volatile Memory Size Type Use User Modifiable How to Clear Volatile 64MB...

Page 44: ...ork area N SDRAM is erased when machine is powered off Yes 64MB SDRAM ESS PWBA Temporary storage of program and work area N SDRAM is erased when machine is powered off Yes 1Gbit SDRAM page memory Temp...

Page 45: ...Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this information is the responsibility of the user or operator Note that f...

Page 46: ...BA Permanent storage of program font data User image data not stored N Not Customer Clearable No 16KB EEPROM BP PWBA Permanent storage of machine setting data User image data not stored N Not Customer...

Page 47: ...ogram and work area N SDRAM is erased when machine is powered off Yes 64MB SDRAM ESS PWBA Temporary storage of program and work area N SDRAM is erased when machine is powered off Yes 1Gbit SDRAM page...

Page 48: ...an be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this infor...

Page 49: ...Card Secure Digital Card Controller Hard Disk Table Drive Partition Removable Y N Size User Modifiable Y N Function Process to Clear ide0 a N 3726MB N Resources data storage At the deletion of data id...

Page 50: ...emporarily stored on this partition when Scan To Server Scan To PC or Scan To Email is used ide0 g PDL data are received and temporarily stored on this partition ide0 h Management data are authenticat...

Page 51: ...of work area No SDRAM is erased when a main switch is turned off Yes 512KB SRAM ESS PWBA Temporary storage of variables for IISS No SRAM is erased when machine is powered off Yes 4MB SDRAM ESS PWBA Te...

Page 52: ...ent storage of program data User image data are not stored No Not customer alterable No 16KB EEPROM IIT PWBA Permanent storage of IIT configuration code User image data are not stored No Not customer...

Page 53: ...ser ID Accounting Account ID 6 Network scan job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID total number net destination net destination 7 Server fax job J...

Page 54: ...ers 14 Lan Fax Job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 15 Data Encryption enabled Dev...

Page 55: ...ript Passwords Device name Device serial number StartupMode enabled disabled System Params Password changed Start Job Password changed 29 Network User Login UsereName Device name Device serial number...

Page 56: ...bled disabled 42 Network Authentication Enable Disable Configure UserName Device name Device serial number Completion Status Enabled Disabled 43 Device clock UserName Device name Device serial number...

Page 57: ...Interval Change Device Name Device Serial Number Interface Web LUI Timer affected by change User Name who made this change Session IP if available Completion Status 59 Feature Access Control Enable D...

Page 58: ...ogin UserName Device Name Device Serial Number Completion Status Success Failed 70 Print from USB Enable Disable User Name Device Name Device Serial Number Completion Status Enabled Disabled 71 USB Po...

Page 59: ...yption UserName Device name Device serial number Completion Status Enabled for STARTLS Enabled for STARTLS if Avail Enabled for SSL TLS Disabled 81 Email Domain Filtering Rule User name Device Name De...

Page 60: ...reated Changed 94 FTP SFTP Filing Passive Mode User Name Device Name Device Serial Number Completion Status Enabled Disabled 95 EFax Forwarding Rule User Name Device Name Device Serial Number Fax Line...

Page 61: ...ning for next attempt Min Remaining for next attempt 104 Plan Conversion Device name Device serial number Completion Status Success if Passcode is ok Failed if Passcode is not ok Locked out if Max Att...

Page 62: ...ion data 113 Airprint Enable Disable Configure UserName Device name Device serial number Completion Status Enabled Disabled Configured 114 Device cloning enable disable UserName Device name Device ser...

Page 63: ...Name Device serial number Completion Status Enable Disable 126 Display Device information configure UserName Device Name Device serial number Completion Status Configured 127 Invalid Login Lockout Exp...

Page 64: ...stall Device Name Device Serial Completion Status Success Fail User readable names for the features being installed 138 Remote Services Data Push Device Name Device Serial Completion Status Success Fa...

Page 65: ...serial number User name of target user Action Grant or Revoke 150 Manual session logout Device Name Device Serial Number Interface Web LUI CAC User Name who was logged out Session IP if available 151...

Page 66: ...Serial Number Destination IP address Completion Status Success Failed 164 One Touch App Management User Name Device name Device serial number Onetouch application Display Name Action Install Un insta...

Page 67: ...lone Add On File name 176 Xerox Configuration Watchdog User name Device Name Device Serial number Completion status Enabled Disabled 177 Xerox Configuration Watchdog Check Complete User name if availa...

Page 68: ...User Name Device name Device serial number Completion Status Enabled Disabled Configured 183 FTP Browse User Name Device name Device serial number Completion Status Enabled Disabled Configured 184 SFT...

Page 69: ...ame Completion Success Failed Invalid User ID Failed Invalid Password Failed Host Name or IP Address Method Local Remote Convenience Custom Role System Administrator Customer Engineer Casual Operator...

Page 70: ...and Time Completion Success Failed 501 Add User User name User Role 501 Edit User User name User Role ID Password CardID Name Permission Role ICCardID Other 501 Delete User User Name 501 Create Mailb...

Page 71: ...ng Impression Mode Completion Success Failed Designated Mode A3 Mode A4 Mode Billing Meter Values 601 Import Certificate User name Completion Success Failed Category RootCA DeviceEE SSCEE Key Size Iss...

Page 72: ...tacts Connectivity Permissions System 601 Import Cloning Data 701 Important Parts Completion Replaced 701 Hard Disk Completion Replaced Installed Removed 701 ROM Version Change 801 Communication Relia...

Reviews: