Xerox WorkCentre 7220 User Manual Download

Page: 1 / 61

WorkCentre 7220/7225

Information Assurance Disclosure Paper

Version 1.1

Prepared by:

Ralph H. Stoos Jr.
Xerox Corporation
800 Phillips Road
Webster, New York 14580

©2012, 2013 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks
of Xerox Corporation in the United States and/or other counties.

Other company trademarks are also acknowledged.

Document Version: 1.1 (August 2013).

Summary of Contents for WorkCentre 7220

Page 1: ...x Corporation 800 Phillips Road Webster New York 14580 2012 2013 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United Sta...

Page 2: ...sure Paper Ver 1 0 January 2013 Page 2 of 61 Contributors Michael Barrett Steve Beers Bob Crumrine Mike Faraoni Gordon Farquhar Mirelsa Fontanes Tim Hunter Larry Kovnat Tom Pierce Roger Rhodes Steve S...

Page 3: ...2 Hardware 15 2 4 Scanner 16 2 4 1 Purpose 16 2 4 2 Hardware 16 2 5 Graphical User Interface GUI 16 2 5 1 Purpose 16 2 6 Marking Engine Image Output Terminal or IOT 16 2 6 1 Purpose 16 2 6 2 Hardware...

Page 4: ...ns Role Based Access Control RBAC 47 4 5 SMart eSolutions 48 4 6 Encrypted Partitions 48 4 7 Image Overwrite 49 4 7 1 Algorithm 49 4 7 2 User Behavior 49 4 7 3 Overwrite Timing 50 4 7 4 Overwrite Comp...

Page 5: ...ign functions and features of the products relative to Information Assurance IA This document does NOT provide tutorial level information about security connectivity PDLs or products features and func...

Page 6: ...Description This product consists of an in put document handler and scanner marking engine including paper path controller and user interface Figure 2 1 WorkCentre 7220 7225 Multifunction System Docum...

Page 7: ...ler Power Interface TOE internal wiring proprietary TOE internal wiring proprietary PCI Bus TOE Physical Boundary Original Documents Optical interface Human Interface Hardcopy Finisher Paper output in...

Page 8: ...uthentication Controller Graphical User Interface Security Audit Controller Cryptographic Operations Controller User Data Protection SSL Controller User Data Protection IP Filtering Controller User Da...

Page 9: ...pre collation sometimes referred to as scan once print many When producing multiple copies of a document the scanned image is processed and buffered in the DRAM in a proprietary format Extended buffe...

Page 10: ...in System memory while the job is being processed Once the job is complete the memory is reused for the next job Likewise Image memory holds job data in a proprietary format while the job is being pr...

Page 11: ...do not remain stored on this disk One exception is Print From Saved Jobs feature Customer jobs saved on the machine s hard disk using this feature must be manually deleted by the customer If On Deman...

Page 12: ...al connections available at the right rear of the machine The tray contains a single controller board An optional fax board may also be installed Disk s are mounted on the underside of the tray Below...

Page 13: ...aders SW upgrade USB Printing Scan to USB Debug Port Troubleshooting and Monitoring Ethernet Network Connectivity Diagnostic LED Readout Displays status codes for Diagnostics Foreign Device Interface...

Page 14: ...rt and location Purpose Front panel 1 Host port User retrieves print ready files from Flash Media or stores scanned files on Flash Media Physical security of this information is the responsibility of...

Page 15: ...Fax Card is a printed wiring board assembly containing a fax modem and the necessary telephone interface logic It connects to the controller via a serial communications interface The Fax Card is respo...

Page 16: ...pose The GUI detects soft and hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is...

Page 17: ...m Software Structure 2 7 1 Open source components Open source components in the connectivity layer implement high level protocol services The security relevant connectivity layer components are Apache...

Page 18: ...ork and physical I O drivers The controller operating system is Wind River Linux kernel v 2 6 34 Xerox may issue security patches for the OS in which case the Xerox portion of the version number i e a...

Page 19: ...2013 Page 19 of 61 2 7 3 Network Protocols Figure 2 5 and Figure 2 6 are interface diagrams depicting the IPv4 and IPv6 protocol stacks supported by the device annotated according to the DARPA model F...

Page 20: ...up the shared secret When an IPSec tunnel is established between a client and the machine the tunnel will also be active for administration with SNMPv2 tools HP Open View etc providing security for S...

Page 21: ...P ISAKMP 515 TCP LPR 631 TCP IPP 1900 TCP UDP SSDP 1901 UDP SSDP 3003 TCP http SNMP reply 3702 TCP UDP WSD Discovery 4500 TCP UDP IKE Negotiation Port for IPSec 5353 TCP UDP Multicast DNS 5354 TCP Mul...

Page 22: ...o E mail or Internet Fax I Fax is exporting images to an SMTP server or when email alerts are being transmitted SMTP messages images are transmitted to the SMTP server from the device 2 8 2 4 Port 53...

Page 23: ...resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networks or web servers outs...

Page 24: ...s to most destinations and purchasers without the need for previous approval from or notification to BXA At the time of the opinion restricted destinations and entities included terrorist supporting s...

Page 25: ...o a remote repository using an https connection the device must verify the certificate provided by the remote repository A Trusted Certificate Authority certificate should be uploaded to the device in...

Page 26: ...e 2 8 2 21 Port 3702 WSD Discovery WS Discovery Multicast This is the default port for WS Discovery the discovery of services in an ad hoc network with a minimum of networking services for example no...

Page 27: ...t 61502 WS Web Service interface s used to get set services available on the device 2 8 2 32 Port 61503 WS Web Service interface s used to get session information applicable to the current active sess...

Page 28: ...he available services such as Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Extensible Interface Platform Services Also users can be authorized to access one or an...

Page 29: ...WorkCentre 7220 7225 Information Assurance Disclosure Paper Ver 1 0 January 2013 Page 29 of 61 Figure 3 1 Authentication and Authorization schematic...

Page 30: ...in and as many as 8 additional alternate authentication domains 3 2 2 1 Kerberos Authentication Solaris or Windows The authentication steps are 1 A User enters a user name and password at the device i...

Page 31: ...the Domain Controller 2 The Domain Controller responds back to the device whether or not the user was successfully authenticated If 2 is successful steps 3 5 proceed as described in steps 4 6 of the K...

Page 32: ...1 The device sends the Domain Controller hostname to the DNS Server 2 The DNS Server returns the IP Address of the Domain Controller 3 The device sends an authentication request directly to the Domain...

Page 33: ...Cosmo v7 0 128K with ActivIdentity Applets GnD SmartCafe Expert v3 2 144KB with ActivIdentity Applets Gemalto TOP DL GX4 FIPS with ActivIdentity Applets GnD SCE 3 2 80K with ActivIdentity Applets Obe...

Page 34: ...enticate a user The device can also take in additional information about the user to allow for two factor authentication The Web Service interface allows the 3rd party to tell the device that someone...

Page 35: ...nto bind to _ the LDAP server The device uses a simple bind to the LDAP server unless the device was able to obtain a TGS for the LDAP server from the Kerberos Servier In this case a SASL GSSAPI bind...

Page 36: ...re is installed and with it a new whitelist for the new version The digital signature prevents corrupted files from being installed by verification that the file is genuine Xerox software and has not...

Page 37: ...The following table lists the events that are recorded in the log Event ID Event description Entry Data 1 System startup Device name Device serial number 2 System shutdown Device name Device serial n...

Page 38: ...IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 14 Lan Fax Job Job name User Name Completion Status IIO status Accounting User ID Acco...

Page 39: ...Passwords Device name Device serial number StartupMode enabled disabled System Params Password changed Start Job Password changed 29 Network User Login UsereName Device name Device serial number Comp...

Page 40: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed 4...

Page 41: ...onfigured Interface Web Local CAC SNMP Session IP address if available 60 Device Clock NTP Enable Disable Device Name Device serial number Enable Disable NTP NTP Server IP Address Completion Status Su...

Page 42: ...vailable File names downloaded Destination IP address or USB device Completion status Success failed 74 Scan to USB Job Job Name User Name Completion Status IIO Status Accounting User ID Name Accounti...

Page 43: ...ent Device name Device serial number Type Read Modify Execute Deluge McAfee message text 87 McAfee Agent User name Device name Device serial number Completion Status Enabled Disabled 88 Digital Certif...

Page 44: ...Wired 100 Address Book Permissions UserName Machine Name Machine serial number Completion Status SA Only Open Access Enabled WebUI SA Only Open Access Enabled LocalUI 101 Address Book Export UserName...

Page 45: ...atus Success or Failed 108 Convenience Authentication Enable Disable Configure UserName Device name Device serial number Completion Status Enabled Disabled Configured 109 Efax Passcode Length UserName...

Page 46: ...cific services to zero for users that should not have rights to use the feature After each job is performed the user s balance is updated by the number of impressions or scans performed Services becom...

Page 47: ...device may be used In addition users can be assigned multiple roles Through the Web UI on the Xerox device the SA may perform the following functions Configure Job Types which will be allowed such as...

Page 48: ...ending the meter reads back to the server Supplies Assistant Once the connection with the Xerox Communication Server has been established the Supplies Assistant service will be automatically enabled b...

Page 49: ...emporary files IIO or to the entire spooling area of the disks ODIO hex value 0xCA ASCII compliment of 5 Step 3 Pattern 3 is written to the sectors containing temporary files IIO or to the entire spoo...

Page 50: ...Reporting Immediate Image Overwrite When an Immediate Image Overwrite is performed at the completion of each job the user may view the Completed Jobs Log at the Local UI In each Job entry there will...

Page 51: ...rinter is the server in the client server relationship An SSL certificate for HTTPS is an example Validates certificates for features where the printer is the client in the client server relationship...

Page 52: ...nd encrypting emails when the user is authenticated to the device using a CAC NET or PIV smart card containing appropriate signing and encryption certificates The device allows signing to multiple rec...

Page 53: ...that contains the latest security information pertaining to its products Please see http www xerox com security Xerox has created a document which details the Xerox Vulnerability Management and Disclo...

Page 54: ...t transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax IIO Immediate Image Overwrite IIT Image Input Term...

Page 55: ...Secure File Transfer Protocol SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Discovery Protocol SSL Secure Sockets Layer TCP...

Page 56: ...support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be supported Therefore this...

Page 57: ...e C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver LED is supported the other LEDs were not implemented...

Page 58: ...ered the standards track New type 2 enumerations from next generation Printer MIB supported supported New Printer MIBv2 objects implemented optional not support because Printer MIBv2 has NOT entered t...

Page 59: ...ver IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Protocol RARP 903 Bootstrap Protocol BOOTP 951 Clarifications...

Page 60: ...ance Disclosure Paper Ver 1 0 January 2013 Page 60 of 61 Printing Description Languages Postscript Language Reference Third Edition PCL6 PCL5C PCL XL class 3 0 emulation TIFF 6 0 JPEG Portable Documen...

Page 61: ...e Disclosure Paper Ver 1 0 January 2013 Page 61 of 61 Appendix E References Kerberos FAQ http www cmf nrl navy mil krb kerberos faq html IP port numbers http www iana org assignments service names por...

Search results

Summary of Contents for WorkCentre 7220

Reviews:

Related manuals for WorkCentre 7220

Brands by name

Popular brands

Xerox WorkCentre 7220, Information

Search results

Summary of Contents for WorkCentre 7220

Reviews:

Related manuals for WorkCentre 7220

Brands by name

Popular brands