Xerox VersaLink, Secure Installation And Operation

Page: 9 / 10

7
8. If there is a power failure or system crash of the network controller while processing a print job, residual data might
still reside on the hard disk drive. Immediately initiate a full ODIO once the machine has been restored.
9. Once a manual or scheduled ODIO has been initiated, it cannot be aborted.
10. For a scheduled ODIO, If, upon switching back to Standard Time from Daylight Saving Time, the scheduled time is
arrived at for a second time in the same day, this feature is not executed.
11. Perform a Full ODIO immediately before the device is decommissioned, returned, sold or disposed of.
e. The device supports the use of TLS 1.0; SSLv2.0, SSLv3.0, RC4 and MD5 have been removed on the device. However,
customers are advised to set the crypto policy of their clients to request either TLS 1.1 and TLS 1.2 and to disallow the use
of TLS 1.0. The cryptographic module supports additional ciphers that may be called by other unevaluated functions.
Using the device in FIPS mode will automatically restrict the device to using TLS 1.x only.
f. Audit Log Notes:

In viewing the main Audit Log the System Administrator should note the following:
 Audit Log entries can sometimes include extraneous characters.
 Extraneous events may be recorded in the Audit Log.
 Duplicate audit log entries may appear in the Audit Log for some events.
 Download and review the Audit Log on a daily basis. In downloading the Audit Log the System Administrator
should ensure that Audit Log records are protected after they have been exported to an external trusted IT
product and that the exported records are only accessible by authorized individuals.
g. Be careful for IP Filtering not to reject incoming TCP traffic from all addresses with source port set to 80; this will disable
the Web UI. Also, configure IP filtering so that traffic to open ports from external users (specified by subnet mask) is
dropped.
h. Ensure the user permission roles names do not contain single quotes (‘) or double quotes (“).
i. Users should be provided with appropriate training on how to use the device in a secure manner before being assigned
user accounts to access the device.
j. Users experiencing problems logging in to the device using the Web UI only on a particular web browser are advised to
switch to a different web browser.
k. The device should be installed in a standard office environment. Office personnel should be made aware of authorized
service calls (for example through appropriate signage) in order to discourage unauthorized physical attacks such as
attempts to remove the internal hard disk drive(s). Ensure that office personnel are made aware to pick up the outputs of
print and copy jobs in a timely manner.
l. Caution: The device allows an authenticated System Administrator to disable functions like Disk Overwrite that are
necessary for secure operation. Periodically review the configuration of all installed machines in your environment to verify
that the proper evaluated configuration is maintained.
m. System Administrators should avoid opening emails and attachments from unknown sources unless the emails and
attachments have been properly scanned for viruses, malware, etc.
n. System Administrators and users should:

Whenever possible use a browser to access the Web UI whose only purpose is to access the Web UI.

Always logoff the browser immediately after completing any tasks associated with accessing the Web UI.

Not allow the browser to either save their username/password or “remember” their login.

Follow secure measures, only use browsers with TLS 1.0 and above and not open any malicious links or documents
with their browser.
u. The latest general software release available from www,xerox.com can be found by accessing the following in the order
stated:

Select the Support > Support and Drivers links

In the text box enter the model number of your device. A menu list of all Xerox devices with that model number will
appear; select the one that corresponds to the product you have.

Select the Drivers & Downloads link

Scroll down the resultant page; under ‘Firmware’ will be the latest general release. Click on the release link and a page
will be displayed that allows you to download the release onto a desired location.
v. Additional items: