manualshive.com logo in svg

Xerox WorkCentre 3655, Secure Installation And Operation, Page: 6 / 19

Share
Download
Xerox WorkCentre 3655 Secure Installation And Operation Download Page 6

 

 

WorkCentre 7220/7225 or WorkCentre 7830/7835/7845/7855 is not in diagnostics mode and that there are no 
active or pending scan jobs.  

10. 

IP Filtering

Enable and configure IP Filtering to create IP Filter rules by following the instructions under “IP 

Filtering” in Section 4 of the SAG. 

Note tha

t IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing 

transport. Also, IP Filtering will not work if IPv6 is used instead of IPv4, but IPv6 is not part of the evaluated 
configuration. 

Note also that 

a zero (‘0’) should be used and not an asterisk (‘*’) if a wildcard is needed for an IP address in 

an IP Filter rule. 

11. 

Audit Log

: Enable the audit log, download the audit log file and then store it on an external IT product using 

the  Web  UI  by  following  the  appropriate  instructions 

for  “Enabling  Audit  Log”  and  “Saving  an  Audit  Log”, 

respectively, 

under “Audit Log” in Section 4 of the SAG.  

Save audit log entries on a USB drive attached to the device via one of the Host USB ports using the Control 
Panel by fo

llowing the appropriate instructions for “Saving an Audit Log to a USB Drive” under “Audit Log” in 

Section 4 of the SAG. In downloading the  Audit Log the System Administrator should ensure that  Audit Log 
records are protected after they have been exported  to an external trusted IT product and that the exported 
records are only accessible by authorized individuals. 

The System Administrator should download and review the Audit Log on a daily basis.  The machine will send 
a warning email when the audit log is filled to 90% (i.e., 13,500) of the 15,000 maximum allowable number of 
entries, and repeated thereafter at 15,000 entries until the Audit Log is downloaded.  

The System Administrator  should be  aware that there is the possibility that on an intermittent basis multiple 
entries may be included in the audit log for the same event.  

The Audit Log can be transferred to an audit log server outside the device. The directions for transferring the 
audit log are: 

 

Follow the directions for accessing the Audit Log under 

“Audit Log” in Section 4 of the SAG. 

 

Select the Audit Log 

Enabled

 checkbox.  

 

Enter the IP Address or Host Name and the port number for the Audit Log Server. 

 

Enter the directory path to the filename where the transferred Audit Log is to be stored. 

 

Enter the login name and password to access the Audit Log server. 

 

Either  schedule  a  time  when  the  Audit  Log  will  be  transferred  by  selecting  the  Schedule  Automatic  Log 
Transfer 

Enabled

 checkbox and entering the desired time in the appropriate text boxes the Audit Log is to 

be transferred, or selecting

 Send Log Now

 button to send the Audit Log immediate to the Audit Log server.  

Note that the Audit Log will be transferred using the SFTP secure protocol even though that fact may not be 
stated on the Audit Log Web UI page.  

12. 

IPSec

: Enable and configure IPSec by following the instructions 

under “IPsec” in Section 4 of the SAG.  Note 

that IPSec should be used to secure printing jobs; HTTPS (SSL) should be used to secure scanning jobs.  Use 
the default values for IPSec parameters whenever possible for secure IPSec setup.  

Note that IPSec can be disabled at the Control Panel by following the instructions for “Disabling IPSec at the 
Control Panel” under “IPSec” in Section 4 of the SAG. However, if IPSec is disabled the device will no longer 
be in the evaluated configuration. 

Ensure that an IP Address of 0.0.0.0 is not used to create a new Host Group.  

13. 

Session Inactivity Timeout

: Enable the session inactivity timers (termination of an inactive session) from the 

Web UI by follow

ing the instructions for “Setting System Timeout Values” or from the Control Panel by following 

the instructions for “Setting the System Timeout Values at the Control Panel” in Section 4 of the SAG. 

14. 

Secure Print

: Set the Secure Print security function to require the User ID for identification purposes to release 

a secure print job. Access and configure the Secure Print security function by following the instructions under 
“Configuring Secure Print Settings” in Section 5 of the SAG.  

Ensure that 

the ‘Release Policies for Secure Print Jobs Requiring Passcode When the User is Already Logged 

In’ option is set to 

Prompt for Passcode Before Releasing Jobs

For best security, print jobs (other than LANFax jobs) submitted to the device from a client or from the Web UI 
should be submitted as a secure print job. To ensure that print jobs can only be submitted as secure print jobs, 
for  logged  in  users  (since  non-logged  in  users  are  denied  permission  to  print  any  job  in  the  evaluated 

Summary of Contents for WorkCentre 3655

Page 1: ...ntre 5845 5855 5865 5865i 5875 5875i 5890 5890i WorkCentre 5945 5945i 5955 5955i WorkCentre 6655 6655i WorkCentre 7220 7220i 7225 7225i WorkCentre 7830 7830i 7835 7835i 7845 7845i 7855 7855i WorkCentr...

Page 2: ...from the Common Criteria Certified Product website http www commoncriteriaportal org products html list of evaluated products from the Xerox security website http www xerox com information security c...

Page 3: ...Accessing Administration and Configuration Settings in Section 2 of the applicable System Administration Guide SAG 5 To log in to the Local User Interface denoted hereafter in this document as the Con...

Page 4: ...ructions in Section 4 of the SAG Set up unique user accounts with appropriate privileges on the device for all users who require access to the device by following the User Database instructions in Sec...

Page 5: ...ed certificate is installed by default on the device If a CA certificate is desired a Certificate Signing Request CSR will have to be sent to a Certificate Authority to obtain the CA Certificate befor...

Page 6: ...number for the Audit Log Server Enter the directory path to the filename where the transferred Audit Log is to be stored Enter the login name and password to access the Audit Log server Either schedu...

Page 7: ...re print job only the submitter of a held print job can release the job and only the System Administrator can delete any print job 16 802 1x Device Authentication Enable and configure 802 1x device au...

Page 8: ...ption and signing Workflow Scanning Scan to Mailbox Scan to USB Print from USB Print from Mailbox NTP SMB Filing When setting up the device to be in the evaluated configuration perform the following s...

Page 9: ...Fax in Section 8 of the SAG Makes sure the Delete on Print option is selected for Received Documents The Local Polling option and embedded fax mailboxes should not be set up or used at any time Remot...

Page 10: ...encryption and signing of Scan to Email jobs by following the instructions for Configuring Email Encryption Settings and Configuring Email Signing Settings respectively under Configuring Email Securit...

Page 11: ...0 of the SAG II Secure Acceptance Secure acceptance once device delivery and installation is completed should be done by Printing out a Configuration Report from the Web UI by following the Printing t...

Page 12: ...age will persist until an On Demand Image overwrite is initiated by the System Administrator In the case that the copy controller is reset at the same time a copy job is being processed by the device...

Page 13: ...certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository When an SSL certificate for a remote SSL repository fails its validation checks...

Page 14: ...rvice calls for example through appropriate signage in order to discourage unauthorized physical attacks such as attempts to remove the internal hard disk drive s Ensure that office personnel are made...

Page 15: ...vice Allows the user to pause an active copy print workflow scanning scan to email Internet Fax or Embedded Fax job while it is being processed Is accessible by selecting the Stop machine hard button...

Page 16: ...Filter guess algorithm will use a strict or loose interpretation Is accessible by typing http IP Address diagnostics postScriptTokens php Web Services IP Lockout Reset Allows the System Administrator...

Page 17: ...t be displayed for a device in the evaluated configuration Scan Image Compression Allows the System Administrator to manage the asymmetric sub sampling options of scan image processing Is accessible b...

Page 18: ...m the Web User Interface with no user login and authentication required Site Map Provides the user with hyperlink pointers to each Web User Interface screen organized by Web UI tab Is accessible by se...

Page 19: ...oss of business profits or special damages even if Xerox Corporation has been advised of the possibility of such damages Some states do not allow the exclusion or limitation of liability for consequen...

Reviews:

No comments