manualshive.com logo in svg

Xerox Versant 3100 Press, Security Manual, Page: 18 / 45

Share
Download
Xerox Versant 3100 Press Security Manual Download Page 18

Xerox® Security Guide for Entry Production Color Class Products 

March 2019 

  Page  3-16 

 

 

Network Access Control 

802.1x 

In 802.1X authentication, when the product is connected to the LAN port of Authenticator such as the 
switch as shown below, the Authentication Server authenticates the product, and the Authenticator 
controls access of the LAN port according to the authentication result. The product starts authentication 
processing at startup when the startup settings for 802.1X authentication are enabled. 

 

 

 

 

 

Versant®  80/180 Press  Versant® 2100/3100 

Press 

Color 800/100 Press®  

 

 

Versant 80 Press, Versant 
180 Press  

Versant 2100 Press, 
Versant 3100 Press 

Color 800/1000 Presses, 
Color 800i/1000i Presses 

Network Access Control 

 

802.1x 

Supported 

Supported 

Supported 

 

Authentication Methods 

PSK, AES (CCMP)/TKIP, 
PEAPv0/MS-CHAPv2, 
EAP-TLS, EAP-
TTLS/PAP, EAP-
TTLS/MS-CHAPv2, EAP-
TTLS/EAP-TLS 

MD5, MS-CHAPv2, 
PEAP/MS-CHAPv2, EAP-
TLS 

MD5, MS-CHAPv2, 
PEAP/MS-CHAPv2, 
EAP-TLS 

 

 

Cisco Identity Services Engine (ISE) 

Cisco ISE is an intelligent security policy enforcement platform that mitigates security risks by providing a 
complete view of which users and what products are being connected across the entire network 
infrastructure. It also provides control over what users can access on your network and where they can 
go.  Cisco's ISE includes over 200 Xerox® product profiles that are ready for security policy enablement. 
This allows ISE to automatically detect Xerox® products in your network.  Xerox® products are organized 
in Cisco ISE under product families, such as Versant®, enabling Cisco ISE to automatically detect and 
profile new Xerox® products from the day they are released.  Customers who use Cisco ISE find that 
including Xerox® products in their security policies is simpler and requires minimal effort. 

Cisco ISE Profiling Services provides dynamic detection and classification of endpoints connected to the 
network.  ISE collects various attributes for each network endpoint to build an endpoint database. The 
classification process matches the collected attributes to prebuilt or user-defined conditions, which are 
then correlated to an extensive library of product profiles.  These profiles include a wide range of product 
types, including tablets, smartphones, cameras, desktop operating systems (for example, Windows®, 
Mac OS® X, Linux® and others), and workgroup systems such as Xerox printers and MFPs. 

Once classified, endpoints can be authorized to the network and granted access based on their profile 
signature.  For example, guests to your network will have different level of access to printers and other 
end points in your network.  For instance, you and your employees can get full printer access when 
accessing the network from a corporate workstation but be granted limited printer access when accessing 
the network from your personal Apple® iPhone®. 

Cisco ISE allows you to deploy the following controls and monitoring of Xerox® products: 

 

Automatically provision and grant network access rights to printers and MFPs to prevent 
inappropriate access

 

(including automatically tracking new printing products connecting to the 

network):  

o

 

Block non-printers from connecting on ports assigned to printers 

Authentication 

Server  

Authenticator  

(e.g. Switch)  

Product 

(Supplicant) 

EAPOL 

Summary of Contents for Versant 3100 Press

Page 1: ...Xerox Security Guide Entry Production Color Presses Versant 2100 3100 Color Digital Press Versant 80 180 Color Digital Press ColorPress Production Press Versant 2100 Press Versant 3100 Press Versant 8...

Page 2: ...sion 1 0 February 2019 Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including w...

Page 3: ...CE VALIDATION 3 17 ADDITIONAL NETWORK SECURITY CONTROLS 3 17 4 DEVICE SECURITY BIOS FIRMWARE OS RUNTIME AND OPERATIONAL SECURITY CONTROLS 4 19 FAIL SECURE VS FAIL SAFE 4 19 PRE BOOT SECURITY 4 20 BOOT...

Page 4: ...uction Color Class Products March 2019 Page 1 2 COLORPRESS 800 1000 800I 1000I 7 35 APPENDIX B SECURITY EVENTS 7 39 XEROX VERSANT 80 180 SECURITY EVENTS 7 39 XEROX VERSANT 2100 3100 SECURITY EVENTS 7...

Page 5: ...ument is Xerox field personnel and customers concerned with IT security Disclaimer The information in this document is accurate to the best knowledge of the authors and is provided without warranty of...

Page 6: ...leges can manage the product configuration settings User permissions are configurable through Role Based Access Control RBAC policies described in section 6 Identification Authentication and Authoriza...

Page 7: ...rt supports the following Walk up users may insert a USB thumb drive to store or retrieve documents for scanning and or printing Versant cannot print from USB not an option from a FAT formatted USB de...

Page 8: ...upported via optional touch screen user interface or optional dedicated NFC USB dongle Information shared over NFC includes IPv4 address IPv6 address MAC address UUID a unique identifier on the NFC cl...

Page 9: ...odule TPM The TPM is compliant with ISO IEC 11889 the international standard for a secure cryptoprocessor dedicated to secure cryptographic keys The TPM is used to securely hold the product storage en...

Page 10: ...encryption when submitting Secure Print jobs to enabled products Simply check the box to Enable Encryption when adding the Passcode to the print job Outbound User Data Scanning to Network Repository...

Page 11: ...DD See Appendix A Product Security Profiles Models with magnetic HDD See Appendix A Product Security Profiles Print Submission IPPS TLS Supported Supported Supported HTTPS TLS Supported Supported Supp...

Page 12: ...e device acting as a client to external network services Inbound Listening Services Out Bound Network Client Print Services LPR IPP Raw IP etc Management Services SNMP Web interface WebServices etc In...

Page 13: ...encryption and authentication at the packet level ColorPress and Versant products support IPSec for both IPv4 and IPv6 protocols Versant 80 180 Press Versant 2100 3100 Press Color 800 100 Press Versan...

Page 14: ...ts support the latest version TLS 1 2 Versant 80 180 Press Versant 2100 3100 Press Color 800 100 Press Versant 80 Press Versant 180 Press Versant 2100 Press Versant 3100 Press Color 800 1000 Presses C...

Page 15: ...to the product using a Smart Card For protocols such as HTTPS the printer is the server and must prove its identity to the client Web browser For protocols such as 802 1X the printer is the client and...

Page 16: ...does not meet this requirement a message appears The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement Versant 80 180 Press Versant 2...

Page 17: ...0 Presses Color 800i 1000i Presses Email S MIME Versions v3 Not Applicable Not Applicable Digest SHA1 SHA256 SHA384 SHA512 Not Applicable Not Applicable Encryption 3DES AES128 AES192 AES256 Not Applic...

Page 18: ...milies such as Versant enabling Cisco ISE to automatically detect and profile new Xerox products from the day they are released Customers who use Cisco ISE find that including Xerox products in their...

Page 19: ...ints contextually Connectivity of Versant and ColorPress devices can be fully managed contextually by Cisco TrustSec TrustSec uses Security Group Tags SGT that are associated with an endpoint s user d...

Page 20: ...bled IPsec is evaluated first Up to 25 addresses can be enabled for IPv4 and an additional 25 for IPv6 Addresses include IP and subnet allowing individual system or subnets to be enabled A system admi...

Page 21: ...mware is verified against a whitelist using cryptographic hashing Event Monitoring Logging The Audit Log feature records security related events Continuous Operational Security Firmware and Diagnostic...

Page 22: ...tion is used to protect the system user data and configuration including security settings from being retrieved or modified Each device uses its own unique key that is securely generated Encryption is...

Page 23: ...l Service Details Xerox products are serviced by a tool referred to as the Portable Workstation PWS Only Xerox authorized service technicians are granted access to the PWS Customer documents or files...

Page 24: ...oducts March 2019 Page 5 22 Configuration Security Policy Management Solutions Xerox Device Manager and Xerox CentreWare Web available as a free download centrally manage Xerox Devices For details ple...

Page 25: ...ColorPress and Versant devices support the following authentication modes Local Authentication Network Authentication Smart Card Authentication CAC PIV SIPR Net Convenience Authentication Local Authen...

Page 26: ...sing the XCP Plug in architecture and a Smart Card authentication solution created by 90meter under contract for Xerox Details regarding 90meter can be found online here http www 90meter com Other Sma...

Page 27: ...support various workflows as well as security needs User permissions include security related permissions and non security related workflow permissions e g walkup user options copy scan paper selecti...

Page 28: ...erabilities in Xerox software and hardware It can be downloaded from this page http www xerox com information security information security articles whitepapers enus html Additional Resources Below ar...

Page 29: ...Xerox Security Guide for Entry Production Color Class Products March 2019 Page 7 27 Appendix A Product Security Profiles This appendix describes specific details of each Versant and ColorPress product...

Page 30: ...letely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this information is the respo...

Page 31: ...Integrated Circuit soldered to circuit board HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Non Volatile Memory Size Type Use User Modifiable How to Clear Vo...

Page 32: ...ogram and work area N SDRAM is erased when machine is powered off Yes 64MB SDRAM ESS PWBA Temporary storage of program and work area N SDRAM is erased when machine is powered off Yes 1Gbit SDRAM page...

Page 33: ...0 Type A USB target connector used for printing Xxxx Not possible on Versant or CP1000 Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Us...

Page 34: ...rd HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Non Volatile Memory Size Type Use User Modifiable How to Clear Volatile 8MB Flash MCU PWBA Permanent storage...

Page 35: ...SDRAM MCU PWBA Temporary storage of variables N SRAM is erased when machine is powered off Yes 4Gbit DRAM SYSTEM MEMORY DIMM Temporary storage of program and work area N SDRAM is erased when machine i...

Page 36: ...M ESS PWBA Temporary storage of program and work area N SDRAM is erased when machine is powered off Yes 1Gbit SDRAM page memory Temporary storage of variables N SRAM is erased when machine is powered...

Page 37: ...print on those printer from USB Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store...

Page 38: ...hardware ID system settings realtime control parameters print job control state performance log information usage counters No Content can be initialized to factory default values Yes Additional Inform...

Page 39: ...ues No Additional Information The controller operating system memory manager allocates memory dynamically between OS running processes and temporary data which includes jobs in process When a job is c...

Page 40: ...ta Contains machine specific data hardware ID system settings real time control parameters print job control state performance log information usage counters Contains machine specific data System Admi...

Page 41: ...to KO authentication failures Detection of unauthorized access 0x0301 Change of Audit Policy Enabling of audit log management function Disabling of audit log management function 0x0401 Job Completion...

Page 42: ...ess deletion Address change Uploading from remote client Whole address book Downloading to remote client Whole address book Deletion of all addresses Downloading to remote client Whole address book 0x...

Page 43: ...ement function 0x0401 Job Completion Print Copy Scan Fax Mailbox Report Flow Service Jobs other than the above 0x0501 Change view of Device Setting Change of date time setting local time User registra...

Page 44: ...ion Color Class Products March 2019 Page 7 42 0x0701 Change Restoration of Device Configuration Replacement of important parts Detection of HDD replacement Change of ROM version 0x0801 Communication R...

Page 45: ...Xerox Security Guide for Entry Production Color Class Products March 2019 Page 7 43 ColorPress Security Events ColorPress utilizes Windows Event Logging which is outside the scope of this document...

Reviews:

No comments