manualshive.com logo in svg

Xerox WorkCentre 7220, Information

The Xerox WorkCentre 7220 is a versatile printer with advanced features for efficient document management. For a quick setup and overview, download the free Quick Start Manual from our website. Easily access the manual for detailed instructions on how to maximize the functionality of this printer. Download it from manualshive.com.

Share
Download
background image

WorkCentre 7220-7225 Information Assurance Disclosure Paper 

Ver. 1.0, January 2013 

 

 

 

 

Page

 35 of 61 

 

3.3.

 

System Accounts 

3.3.1.

 

Printing 

The  device  may  be  set  up  to  connect  to  a  print  queue  maintained  on  a  remote  print  server.    The  login  name  and 
password are sent to the print server in clear text.  IPSec should be used to secure this channel. 

3.3.2.

 

Network Scanning 

Network Scanning may require the device to log into a server.  The instances where the device logs into a server are 
detailed in the following table.  Users may also need to authenticate for scanning.  This authentication is detailed in 
subsequent sections. 

3.3.2.1.

 

Device log on 

Scanning feature 

Device behavior 

Scan to File, Public Template  

The  device  logs  in  to  the  scan  repository  as  set  up  by  the  SA  in  the 
Properties  tab  on  the  WebUI.The  credentials  may  be  the  user’s 
credentials or system credentials. 

Scan to E-mail, I-Fax 

The device logs into an LDAP Server as set up by the SA in User Tools.  It 
will  log  into  the  Server  when  a  user  is  authenticated  and  the  device  is 
configured for Remote Authorization or Personalization is enabled, and 
when  the  user  attempts  to  access  LDAP  based  scan-to-email  address 
books. At the time the LDAP server must be accessed, the device will log 
into (bind to)_ the LDAP server.   
 
The device uses a simple bind to the LDAP server unless the device was 
able to obtain a TGS for the LDAP server from the Kerberos Servier.  In 
this case a SASL (GSSAPI) bind is performed..  A network username and 
password may be assigned to the device.  The device logs in as a normal 
user,  with  read  only  privileges.    User  credentials  may  be  used  if 
configured by the SA for this authentication step. 
 
The  device  then  logs  into  the  SMTP  server  as  set  up  by  the  SA  in  the 
Properties  tab  on  the  WebUI.The  credentials  may  be  the  user’s 
credentials or system credentials. 

Scan to Fax Server 

The  device  logs  in  to  the  Fax  Server  as  set  up  by  the  SA  from  the 
Properties  tab  on  the  WebUI.    The  credentials  may  be  the  user’s 
credentials or system credentials. 

Please note that when the device logs into any server the device username and password are sent over the network in 
clear text unless: 

 

SSL has been enabled 

 

IPSec has been configured to encrypt the traffic 

 

The device is logging into an SMB Server in which case the credentials are hashed. 

 

The device is using NTLM to login to the SMTP server (the device negotiates the most secure authentication 
method that both the device and server support). 

 

The LDAP server is being accessed via SASL. 

3.3.2.2.

 

Scan Template Management 

This is a web service that allows the SA to manage templates stored in a remote template pool.  The connection to 
the remote pool can be secured with SSL. 

 

Summary of Contents for WorkCentre 7220

Page 1: ...x Corporation 800 Phillips Road Webster New York 14580 2012 2013 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United Sta...

Page 2: ...sure Paper Ver 1 0 January 2013 Page 2 of 61 Contributors Michael Barrett Steve Beers Bob Crumrine Mike Faraoni Gordon Farquhar Mirelsa Fontanes Tim Hunter Larry Kovnat Tom Pierce Roger Rhodes Steve S...

Page 3: ...2 Hardware 15 2 4 Scanner 16 2 4 1 Purpose 16 2 4 2 Hardware 16 2 5 Graphical User Interface GUI 16 2 5 1 Purpose 16 2 6 Marking Engine Image Output Terminal or IOT 16 2 6 1 Purpose 16 2 6 2 Hardware...

Page 4: ...ns Role Based Access Control RBAC 47 4 5 SMart eSolutions 48 4 6 Encrypted Partitions 48 4 7 Image Overwrite 49 4 7 1 Algorithm 49 4 7 2 User Behavior 49 4 7 3 Overwrite Timing 50 4 7 4 Overwrite Comp...

Page 5: ...ign functions and features of the products relative to Information Assurance IA This document does NOT provide tutorial level information about security connectivity PDLs or products features and func...

Page 6: ...Description This product consists of an in put document handler and scanner marking engine including paper path controller and user interface Figure 2 1 WorkCentre 7220 7225 Multifunction System Docum...

Page 7: ...ler Power Interface TOE internal wiring proprietary TOE internal wiring proprietary PCI Bus TOE Physical Boundary Original Documents Optical interface Human Interface Hardcopy Finisher Paper output in...

Page 8: ...uthentication Controller Graphical User Interface Security Audit Controller Cryptographic Operations Controller User Data Protection SSL Controller User Data Protection IP Filtering Controller User Da...

Page 9: ...pre collation sometimes referred to as scan once print many When producing multiple copies of a document the scanned image is processed and buffered in the DRAM in a proprietary format Extended buffe...

Page 10: ...in System memory while the job is being processed Once the job is complete the memory is reused for the next job Likewise Image memory holds job data in a proprietary format while the job is being pr...

Page 11: ...do not remain stored on this disk One exception is Print From Saved Jobs feature Customer jobs saved on the machine s hard disk using this feature must be manually deleted by the customer If On Deman...

Page 12: ...al connections available at the right rear of the machine The tray contains a single controller board An optional fax board may also be installed Disk s are mounted on the underside of the tray Below...

Page 13: ...aders SW upgrade USB Printing Scan to USB Debug Port Troubleshooting and Monitoring Ethernet Network Connectivity Diagnostic LED Readout Displays status codes for Diagnostics Foreign Device Interface...

Page 14: ...rt and location Purpose Front panel 1 Host port User retrieves print ready files from Flash Media or stores scanned files on Flash Media Physical security of this information is the responsibility of...

Page 15: ...Fax Card is a printed wiring board assembly containing a fax modem and the necessary telephone interface logic It connects to the controller via a serial communications interface The Fax Card is respo...

Page 16: ...pose The GUI detects soft and hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is...

Page 17: ...m Software Structure 2 7 1 Open source components Open source components in the connectivity layer implement high level protocol services The security relevant connectivity layer components are Apache...

Page 18: ...ork and physical I O drivers The controller operating system is Wind River Linux kernel v 2 6 34 Xerox may issue security patches for the OS in which case the Xerox portion of the version number i e a...

Page 19: ...2013 Page 19 of 61 2 7 3 Network Protocols Figure 2 5 and Figure 2 6 are interface diagrams depicting the IPv4 and IPv6 protocol stacks supported by the device annotated according to the DARPA model F...

Page 20: ...up the shared secret When an IPSec tunnel is established between a client and the machine the tunnel will also be active for administration with SNMPv2 tools HP Open View etc providing security for S...

Page 21: ...P ISAKMP 515 TCP LPR 631 TCP IPP 1900 TCP UDP SSDP 1901 UDP SSDP 3003 TCP http SNMP reply 3702 TCP UDP WSD Discovery 4500 TCP UDP IKE Negotiation Port for IPSec 5353 TCP UDP Multicast DNS 5354 TCP Mul...

Page 22: ...o E mail or Internet Fax I Fax is exporting images to an SMTP server or when email alerts are being transmitted SMTP messages images are transmitted to the SMTP server from the device 2 8 2 4 Port 53...

Page 23: ...resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networks or web servers outs...

Page 24: ...s to most destinations and purchasers without the need for previous approval from or notification to BXA At the time of the opinion restricted destinations and entities included terrorist supporting s...

Page 25: ...o a remote repository using an https connection the device must verify the certificate provided by the remote repository A Trusted Certificate Authority certificate should be uploaded to the device in...

Page 26: ...e 2 8 2 21 Port 3702 WSD Discovery WS Discovery Multicast This is the default port for WS Discovery the discovery of services in an ad hoc network with a minimum of networking services for example no...

Page 27: ...t 61502 WS Web Service interface s used to get set services available on the device 2 8 2 32 Port 61503 WS Web Service interface s used to get session information applicable to the current active sess...

Page 28: ...he available services such as Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Extensible Interface Platform Services Also users can be authorized to access one or an...

Page 29: ...WorkCentre 7220 7225 Information Assurance Disclosure Paper Ver 1 0 January 2013 Page 29 of 61 Figure 3 1 Authentication and Authorization schematic...

Page 30: ...in and as many as 8 additional alternate authentication domains 3 2 2 1 Kerberos Authentication Solaris or Windows The authentication steps are 1 A User enters a user name and password at the device i...

Page 31: ...the Domain Controller 2 The Domain Controller responds back to the device whether or not the user was successfully authenticated If 2 is successful steps 3 5 proceed as described in steps 4 6 of the K...

Page 32: ...1 The device sends the Domain Controller hostname to the DNS Server 2 The DNS Server returns the IP Address of the Domain Controller 3 The device sends an authentication request directly to the Domain...

Page 33: ...Cosmo v7 0 128K with ActivIdentity Applets GnD SmartCafe Expert v3 2 144KB with ActivIdentity Applets Gemalto TOP DL GX4 FIPS with ActivIdentity Applets GnD SCE 3 2 80K with ActivIdentity Applets Obe...

Page 34: ...enticate a user The device can also take in additional information about the user to allow for two factor authentication The Web Service interface allows the 3rd party to tell the device that someone...

Page 35: ...nto bind to _ the LDAP server The device uses a simple bind to the LDAP server unless the device was able to obtain a TGS for the LDAP server from the Kerberos Servier In this case a SASL GSSAPI bind...

Page 36: ...re is installed and with it a new whitelist for the new version The digital signature prevents corrupted files from being installed by verification that the file is genuine Xerox software and has not...

Page 37: ...The following table lists the events that are recorded in the log Event ID Event description Entry Data 1 System startup Device name Device serial number 2 System shutdown Device name Device serial n...

Page 38: ...IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 14 Lan Fax Job Job name User Name Completion Status IIO status Accounting User ID Acco...

Page 39: ...Passwords Device name Device serial number StartupMode enabled disabled System Params Password changed Start Job Password changed 29 Network User Login UsereName Device name Device serial number Comp...

Page 40: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed 4...

Page 41: ...onfigured Interface Web Local CAC SNMP Session IP address if available 60 Device Clock NTP Enable Disable Device Name Device serial number Enable Disable NTP NTP Server IP Address Completion Status Su...

Page 42: ...vailable File names downloaded Destination IP address or USB device Completion status Success failed 74 Scan to USB Job Job Name User Name Completion Status IIO Status Accounting User ID Name Accounti...

Page 43: ...ent Device name Device serial number Type Read Modify Execute Deluge McAfee message text 87 McAfee Agent User name Device name Device serial number Completion Status Enabled Disabled 88 Digital Certif...

Page 44: ...Wired 100 Address Book Permissions UserName Machine Name Machine serial number Completion Status SA Only Open Access Enabled WebUI SA Only Open Access Enabled LocalUI 101 Address Book Export UserName...

Page 45: ...atus Success or Failed 108 Convenience Authentication Enable Disable Configure UserName Device name Device serial number Completion Status Enabled Disabled Configured 109 Efax Passcode Length UserName...

Page 46: ...cific services to zero for users that should not have rights to use the feature After each job is performed the user s balance is updated by the number of impressions or scans performed Services becom...

Page 47: ...device may be used In addition users can be assigned multiple roles Through the Web UI on the Xerox device the SA may perform the following functions Configure Job Types which will be allowed such as...

Page 48: ...ending the meter reads back to the server Supplies Assistant Once the connection with the Xerox Communication Server has been established the Supplies Assistant service will be automatically enabled b...

Page 49: ...emporary files IIO or to the entire spooling area of the disks ODIO hex value 0xCA ASCII compliment of 5 Step 3 Pattern 3 is written to the sectors containing temporary files IIO or to the entire spoo...

Page 50: ...Reporting Immediate Image Overwrite When an Immediate Image Overwrite is performed at the completion of each job the user may view the Completed Jobs Log at the Local UI In each Job entry there will...

Page 51: ...rinter is the server in the client server relationship An SSL certificate for HTTPS is an example Validates certificates for features where the printer is the client in the client server relationship...

Page 52: ...nd encrypting emails when the user is authenticated to the device using a CAC NET or PIV smart card containing appropriate signing and encryption certificates The device allows signing to multiple rec...

Page 53: ...that contains the latest security information pertaining to its products Please see http www xerox com security Xerox has created a document which details the Xerox Vulnerability Management and Disclo...

Page 54: ...t transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax IIO Immediate Image Overwrite IIT Image Input Term...

Page 55: ...Secure File Transfer Protocol SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Discovery Protocol SSL Secure Sockets Layer TCP...

Page 56: ...support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be supported Therefore this...

Page 57: ...e C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver LED is supported the other LEDs were not implemented...

Page 58: ...ered the standards track New type 2 enumerations from next generation Printer MIB supported supported New Printer MIBv2 objects implemented optional not support because Printer MIBv2 has NOT entered t...

Page 59: ...ver IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Protocol RARP 903 Bootstrap Protocol BOOTP 951 Clarifications...

Page 60: ...ance Disclosure Paper Ver 1 0 January 2013 Page 60 of 61 Printing Description Languages Postscript Language Reference Third Edition PCL6 PCL5C PCL XL class 3 0 emulation TIFF 6 0 JPEG Portable Documen...

Page 61: ...e Disclosure Paper Ver 1 0 January 2013 Page 61 of 61 Appendix E References Kerberos FAQ http www cmf nrl navy mil krb kerberos faq html IP port numbers http www iana org assignments service names por...

Reviews:

No comments

Related manuals for WorkCentre 7220

Oki C910 Hardware preview
C910
Brand: Oki Pages: 2
Oki C910 Material Safety Data Sheet preview
C910
Brand: Oki Pages: 52
Oki C110 Manual Do Usuário preview
C110
Brand: Oki Pages: 117
Oki C110 How To Remove Jammed Paper preview
C110
Brand: Oki Pages: 45
Oki C110 Manual De L'Utilisateur preview
C110
Brand: Oki Pages: 112
Oki C110 Guías Del Usuario Manual preview
C110
Brand: Oki Pages: 115
Oki C110 Quick Setup preview
C110
Brand: Oki Pages: 2
Ier I420 User Safety And Start Manual preview
I420
Brand: Ier Pages: 8
Valentin DUOPRINT Operating Manual preview
DUOPRINT
Brand: Valentin Pages: 96
Oce cm2522 User Manual preview
cm2522
Brand: Oce Pages: 222
Ascend Zebra GK420d Field Troubleshooting Manual preview
Zebra GK420d
Brand: Ascend Pages: 6
Xerox 5550N - Phaser B/W Laser Printer Evaluator Manual preview
5550N - Phaser B/W Laser Printer
Brand: Xerox Pages: 16
Oki IP-7900-21 Advanced Operation Manual preview
IP-7900-21
Brand: Oki Pages: 109
POSBank A7EN User Manual preview
A7EN
Brand: POSBank Pages: 9
Epson Stylus CX3500 Series Setup Manual preview
CX3500 Series
Brand: Epson Stylus Pages: 2
Ricoh D124 Detailed Descriptions Manual preview
D124
Brand: Ricoh Pages: 177
Ricoh Aficio 2022 Service Manual preview
Aficio 2022
Brand: Ricoh Pages: 849
Canon LBP7018C E-Manual preview
LBP7018C
Brand: Canon Pages: 343

Brands by name

Popular brands

Load more brands