Xerox VersaLink B7025 Security Function Supplementary Manual Download

Page: 1 / 50

Xerox

VersaLink

B7025/B7030/B7035

Multifunction Printer

Security Function Supplementary Guide

Document Version 1.0: March 2018

Summary of Contents for VersaLink B7025

Page 1: ...Xerox VersaLink B7025 B7030 B7035 Multifunction Printer Security Function Supplementary Guide Document Version 1 0 March 2018 ...

Page 2: ... the Machine ROM Version 10 Print the Configuration Report 10 Check the System Clock 11 Initial Settings ProceduresUsing Embedded Web Server 12 Preparationsfor Settings on the Embedded Web Server 12 Change the System Administrator s Password 12 Set EIP 12 Set My Folder 12 Set DropBox 13 Set GoogleDrive 13 Set OneDrive 13 Set Scan to Desktop 13 Set USB 13 Set App Gallery 14 Set Authentication 14 Se...

Page 3: ...m Administrator 24 Set Fax Forwarding 24 Regular Review by Audit Log 25 Import the Audit Log File 25 Self Testing 27 Authenticationfor the secure operation 28 Users Controlled by Authentication 28 Roles 28 Login Method 29 FunctionsControlledby Access Method 29 Authenticationfor Secure Fax Receive 31 Maximum Login Attempts by System Administrator 31 OperationUsing Control Panel 32 User Authenticati...

Page 4: ...ink B7025 B7030 B7035Multifunction Printer Security Function Supplementary Guide 4 Job Deletion by Authenticated Users 36 Problem Solving 38 Fault ClearanceProcedure 38 Fault Codes 39 Security Xerox 47 Appendix 48 ...

Page 5: ...ndJISEC http www ipa go jp security jisec jisec_e website Pleasecheckthatthehashvaluesofyourmanualsarecorrect TheManualversionmightbechangedwhenthemanualcontentisupdated The security features of the Xerox VersaLink B7025 B7030 B7035 are supported by the following ROM versions Controller ROM Ver 1 10 33 Fax ROM Ver 2 0 8 NOTE The machine has obtained IT security certification for Common Criteria EA...

Page 6: ...eexpectedoptionsintheListofProductCodesin Appendix Security Features The machine has the following security features Hard Disk Data Overwrite HDD Model Hard Disk Data Encryption HDD Model FlashMemoryEncryption DisklessModel User Authentication System Administrator sSecurityManagement Customer EngineerOperationRestriction Security Audit Log InternalNetwork data protection SelfTest InformationFlowSe...

Page 7: ...er Restricted Maximum Login Attempts 5 User Password Minimum Length 9 TLS Enabled Certificate Validation Google Cloud Print Disabled Bonjour IPP Enabled SOAP Disabled SNMP SMB WSD Scan CSRF Enabled LDAP Server Set the LDAP Server information S MIME Enabled Email Direct Fax Disabled Secure Fax Receive Enabled Service Representative Restricted Operation Enabled Enter a password of 9 or more characte...

Page 8: ...u can set the overwrite conditions to apply them to the data stored on the hard disk The feature also overwrites temporarily saved data such as copy documents NOTE If the machine is powered off during the overwriting operation unfinished files may remain on the hard disk When the power is restored the overwriting operation will resume with the unfinished files remaining on the hard disk Service Re...

Page 9: ...9ormorecharacters Setaccountlockoutpolicyto5times Administratorsneedtoremovetheuseraccounts whenusersleavetheirorganization Users and administratorsneed to manageandoperate the machine so that their user IDsand passwords may not be disclosed to anotherperson Theusersneed tosettheSecure PrintforJob Type on printerdriver Forsecureoperation alloftheremotetrustedITproductsthatcommunicatewiththemachine...

Page 10: ...proxyserver NTP server connection is outsidethescopeofevaluation Confirm the Machine ROM Version and the System Clock Before making initial settings the System Administrator needs to check the ROM version of the machine and the system clock of the machine Login as System Administrator 1 Select Log In on the control panel 2 Select admin 3 Enter the password from the keypad 4 Select OK Check the Mac...

Page 11: ...ection Check the System Clock 1 Select General On the Device screen Check the time and the date of the system clock If you need to change the time and the date refer to the following procedures 2 Select Date Time twice 3 Change the required setting 4 Select OK twice 5 Select 6 Press the Home button ...

Page 12: ...rowser enter the TCP IP address of the machine to the URL bar and press the Enter key 2 Select Log In on the Embedded Web Server 3 Select admin 4 Enter the password 5 Select Log In Change the System Administrator s Password 1 Select Permissions 2 Select admin 3 Select Change Password 4 Enter the old password in Old Password 5 Enter the new password in New Password 6 Enter the new password in Retyp...

Page 13: ...ocedure below to delete GoogleDrive application 1 Select Apps 2 Select Print and Scan for GoogleDrive 3 Select Delete App 4 Select Delete Set OneDrive For the secure operation of the machine follow the procedure below to delete OneDrive application 1 Select Apps 2 Select Print and Scan for OneDrive 3 Select Delete App 4 Select Delete Set Scan to Desktop For the secure operation of the machine foll...

Page 14: ...entication settings 1 Select Permissions 2 Select Login Logout Settings Configure the Local Authentication or Network Authentication Settings in the following procedures To use Local Authentication 3 Select Local 4 Select OK 5 Select Change The Machine automatically restarts To use Kerberos Network Authentication 6 Select Network 7 Select Kerberos Windows ADS 8 Select Next 9 Set Realm and Server A...

Page 15: ...en Select Edit for Guest Access 14 Select Printing User Role 15 Select Custom Permissions for Printing Permissions 16 Disable all services for Allowed Job Types 17 Select OK 18 On the Permission screen select Roles 19 Select Device User Roles 20 Select Edit for Basic User 21 Select Custom Permissions for Control Panel Permissions 22 Select Setup 23 Select Device 24 Select Hide for View Information...

Page 16: ...below to specify maximum login attempts 1 Select Permissions 2 Select Login Logout Settings 3 Select Edit for Advanced Settings 4 Select Limit Login Attempts of System Administrator 5 Enable Limit Login Attempts of System Administrator 6 Enter 5 in Failed Login Attempt Limit 7 Select OK twice Set User Password Minimum Length Follow the procedure below to specify the minimum number of digits allowe...

Page 17: ... 2 Select Security 3 Select Security Certificates 4 Select Import 5 Select Select 6 Select a certificate 7 Enter Password and enter Retype Password if necessary 8 Select Import 9 Select Close Set Certificate Validation Follow the procedure below to configure the Certificate Path Validation settings 1 Select System 2 Select Security 3 Select Certificate Path Validation 4 Select On 5 Select OK 6 Sel...

Page 18: ...le Port 4 Select OK 5 Select Restart Later if prompted Set SOAP For the secure operation of the machine follow the procedure below to set SOAP to Disabled 1 Select Connectivity 2 Select SOAP 3 Disable Port 4 Select OK 5 Select Restart Later if prompted Set SNMP For the secure operation of the machine follow the procedure below to set SNMP to Disabled 1 Select Connectivity 2 Select SNMP 3 Disable P...

Page 19: ... 2 Select HTTP 3 Enable CSRF Protection 4 Select OK 5 Select Restart Later if prompted Set LDAP Server Configure the LDAP server settings for directory service 1 Select Connectivity 2 Select LDAP 3 Select LDAP Servers Directory Services 4 Set Server Information and Advanced Settings 5 Select OK 6 Select Restart Later if prompted Set User Role Configure the user role settings for network authentica...

Page 20: ...ing you need to import an S MIME certificate according to the same procedure as Import Machine Certificates To use E mail with this machine the E mail function needs to be enabled and configured 1 Select Connectivity 2 Select S MIME 3 Enable S MIME 4 Select OK 5 Select Restart Now if prompted Set Email Follow the procedure below to configure the E mail settings 1 Select Apps 2 Select Email 3 Selec...

Page 21: ... this service 5 Set a passcode 6 Select OK 7 Select Restart Now if prompted Set Service Representative Restricted Operation Follow the procedure below to restrict the operation of service representatives 1 Select System 2 Select Security 3 Select Customer Service Engineer Access Restriction 4 Enable this service 5 Enter a password of 9 or more characters in Maintenance Password and Retype Maintena...

Page 22: ...int settings 1 Select System 2 Select Defaults and Policies 3 Select Allowed Print Job Types for Printer Settings 4 Select Personal Secure and Saved Only 5 Select OK 6 Select Restart Later if prompted 7 Select Close Set Audit Log Follow the procedure below to configure the Audit Logs settings 1 Select System 2 Select Logs 3 Select Audit Log 4 Enable this service 5 Select OK 6 Select Restart Later ...

Page 23: ...re characters in Preshared Key and Retype Preshared Key When you select Digital Signature select the certificate name in Device Certificate 6 Enter the IP Address in Specify Destination IPv4 Address 7 Enter the IP Address in Specify Destination Ipv6 Address 8 Select Enabled or Disabled for Communicate with Non IPSec Device 9 Select OK 10 Select Restart Now if prompted Set Overwrite Hard Disk Follo...

Page 24: ...ntrol panel Login as System Administrator Before configuring settings auser must be authenticated with an administrator s ID and a password 1 Select Log In on the control panel 2 Select admin 3 Enter the password from the keypad 4 Select OK Set Fax Forwarding For the secure operation of the machine follow the procedure below to set Fax Forwarding to Disabled 1 Select Apps on the Device screen 2 Se...

Page 25: ...ith time stamps into the internal storage device Up to 15 000 events can be stored When the number of recorded events exceeds 15 000 the oldest audit log file is overwritten and a new audit event is stored There is no deletion function Import the Audit Log File The following describes methods for importing the Audit Log The audit logs are only available to System Administrators and can be download...

Page 26: ...g The following audit log is recorded when someone tried to login under ID User1 and the login failed due to an invalid password Item Description Log ID 1 Date 01 01 2018 Time 10 00 00 Logged Events Login Logout User Name User1 Description Login Status Failed Invalid Password Optionally Logged Items ...

Page 27: ...erifies the area of NVRAM and SEEPROM including setting data at initiation and displays an error on the control panel at error occurrence However an error is not detected for the data on audit logs and time and date as these are not included in the target of verification Also when Self Test function is set at initiation the machine calculates the checksum of Controller ROM to confirm if it matches...

Page 28: ...vices that are restricted To enter the system administration mode enter the Machine Administrator ID into the user ID entry field on the authentication screen Authenticated Users with System Administrator Privileges Users to whom the system administrator privileges are granted To use a restricted service this type of users must enter their user IDs on the authentication screen This type of users h...

Page 29: ...ses the user information that is registered on the machine to manage authentication Remote Authentication Login to Network Accounts Remote authentication uses a network authentication server LDAP or Kerberos Server and authenticates users based on the user information managed on the server User information cannot be registered on the machine Functions Controlled by Access Method The following expl...

Page 30: ...rPrint Scan Copy Device Email Fax IDCardCopy Jobs MyFolder RemoteScanning ScanTo ScantoDesktop USB Remote Access Device Website Permissions Operation of the machine through a network using Embedded Web Server is called Remote Access The functions restricted by Remote Access are as follows Everything Except Setup Users can access everything except Apps Connectivity Permissions and System Home Only ...

Page 31: ...ccordingtothesettingsdescribedpreviously ThemachinehasasingleSecureFaxReceivefoldertoholdreceivedfaxjobs Maximum Login Attempts by System Administrator This feature protects the settings from being changed by someone impersonating your system administrator If authentication for a system administrator s ID fails more than specified times continuously access is denied You can specify a login attempt...

Page 32: ...ome available NOTE WhenusingLocalAuthentication onlytheSystemAdministrator sIDispre registeredonthemachine Otheruser IDsarenotregistered FordetailsonhowtoregisterUserIDs refertothe OperationUsingEmbeddedWeb Server WhenusingNetworkAuthentication theuserinformationregisteredonaremoteauthenticationserverisused TheSystemAdministrator sIDonthemachineisnotregisteredonaremoteauthenticationserver Job Dele...

Page 33: ...cure Jobs 4 Select Secure Fax Receive folder 5 Select a job to be printed or Print All NOTE ThemachinehasasingleSecureFaxReceivefoldertoholdreceivedfaxjobs OnlySystemAdministratorscanprintasecurefaxreceivejobsaccordingtothesettingsdescribedpreviously WhenthereisatleastoneSecureFax theSecureFaxfolderappearsatthetopoftheSecureJobslist Print and delete Secure Print jobs The Secure Print feature tempo...

Page 34: ...tem Administrator for further assistance Accessing Embedded Web Server Follow the steps below to access Embedded Web Server On a client computer on the network launch an internet browser In the URL field enter http followed by the IP address or the Internet address of the machine Then press the Enter key on the keyboard For example if the Internet address URL is vvv xxx yyy zzz enter it in the URL...

Page 35: ...n 2 Select the user account from the list or enter the user name 3 Enter the password 4 Select Log In NOTE EntertheusernamefortheNetworkauthentication FortheLocalauthentication theuseridentificationvaries dependingonthesettings WhentheNetworkauthenticationsystemisKerberos enteringtherealmordomainisrequired ForKerberos entertheusernameandrealmintheUPNformat username realm All features on the Embedd...

Page 36: ...ation to change the registered password This feature is only applicable to Local Authentication mode 1 Select the user icon on upper right corner on the Embedded Web Server 2 Select My Profile 3 Select Change Password 4 Enter the old password in Old Password 5 Enter the new password in New Password 6 Enter the new password in Retype New Password 7 Select OK Job Deletion by Authenticated Users This...

Page 37: ...Xerox VersaLink B7025 B7030 B7035Multifunction Printer Security Function Supplementary Guide 37 NOTE Only System Administrators are allowed this operation ...

Page 38: ...m is identified specify the probable cause and then apply the appropriate solution Ifafaultoccurs firstrefertothescreenmessagestoclearthefaultaccordingtothespecifiedorder AlsorefertothefaultcodesdisplayedonthetouchscreenintheMachineStatusmode RefertotheFaultCodestablebelowforanexplanationofsomefaultcodesandcorrespondingcorrectiveactions Whenyouhaveproblemsinfixingthefault contactaSystemAdministrat...

Page 39: ...tch on themachinepower If theerror still is not resolved contact our CustomerSupport Center 016 402 Cause The authenticationconnectiontimed out Remedy Confirmthenetwork connectionandswitch setting of the authenticationdevice physically connected to the machine viaa network and check whether it isconnectedtothe machine correctly 016 403 Cause The root certificatedidnot match Remedy Confirmtheauthen...

Page 40: ...abled for LDAP SSL TLS Communication under SSL TLSSettings on the machine however note that selectingthis option does not ensure thevalidityof the LDAP server 016 525 CauseLDAPserverSSLauthenticationerror Theservercertificatehasexpired RemedyChangetheSSLcertificateoftheLDAPservertoavalidone Youcanclear thiserrorbyselectingDisabledforLDAP SSL TLSCommunicationunderSSL TLS Settingsonthemachine howeve...

Page 41: ...rebecause it could not connect to the FTP server Remedy Ensure that both thedestinationFTP server and themachine are availablefor network communications bycheckingthe following The IP address of the server isset correctly The network cables are plugged in securely 016 577 Cause Unabletoconnect to the FTP service of the destinationserver Remedy Take one of the following actions Check ifthe FTP serv...

Page 42: ...e can be used in the save location Check if the same folder name exists in the save location Check ifenough space isavailablein the save location 016 585 Cause The machinefailed totransfer data using FTP of the Scan to PC featurebecause file deletionwas not successfulon the FTP server after connection Remedy Check theaccess privilegetothe FTP server 016 586 Cause The machinefailed totransfer data ...

Page 43: ... Resolution Reducethe magnificationwith Reduce Enlarge Ask your system administratorto increase the value set for MaximumTotal Data Size For color scanning set MRC High Compression toOn under File Format 016 713 Cause The password entereddoes not match the password set on the folder Remedy Enter the correct password 016 764 Cause Unabletoconnect to the SMTP server Remedy Consultthe SMTP server adm...

Page 44: ...ec again When AuthenticationMethodis set toPreshared Key set the password When AuthenticationMethodis set toDigital Signature set an IPSec certificate 018 405 Cause An error occurred during LDAP authentication Remedy The account is disabled in theactive directoryof theauthentication server orthe accessisset todisabled Consult your network administrator 018 502 Cause The machinefailed totransfer da...

Page 45: ...the network cable connection has noproblem confirmthe active status of the targetserver Check whether the server name has been correctly set for LDAP Server DirectoryService Settings under Remote Authentication Server DirectoryService 018 782 018 783 018 784 018 785 018 786 018 787 018 788 018 789 018 790 018 791 018 792 018 793 018 794 018 795 018 796 018 797 Cause An LDAP server protocol error o...

Page 46: ...Ecertificatehas expired or isan unreliable certificate Remedy Ask the sender tosend the e mail with a valid S MIME certificate 027 713 Cause The received e mail has been discarded becauseitmight be altered on itstransmissionroute Remedy Tell the sender about it andask tosend thee mail again 027 714 Cause The received e mail has been discarded because the addressin its From fieldwas not the same as...

Page 47: ...unction Printer Security Function Supplementary Guide 47 Security Xerox For the latest information on security and operation concerning your device see the Xerox Security Information website located at http www xerox com information security ...

Page 48: ...t user Permissions Guest Access Device User Role or Printing User Role Set Access Control Basic user Permissions Roles Device User Role or Printing User Role Set Maximum Login Attempts Permissions Login Logout Settings Advanced Settings Limit Login Attempts of System Administrator 5 Set User Password Minimum Length Permissions Password Rule Length 4 Set TLS Device Connectivity HTTPS System Securit...

Page 49: ...ings and Policies Secure Fax Receive Off Set Service Representative Restricted Operation System Security Customer Service Engineer Access Restriction Off Set Self Test System Security Firmware Verification Off Set Auto Clear Device General System Timeout System Timeouts On Set Store Print System Defaults and Policies Printer Settings Allowed Print Job Types All Jobs Set Audit Log System Logs Audit...

Page 50: ...00657 TL200658 TL200664 EC103358 EC103360 EC103361 EC103362 EC103363 Xerox VersaLink B7030 TL200653 Diskless TL200654 Diskless TL200662 Diskless TL200655 TL200656 TL200663 TL200657 TL200658 TL200664 EC103364 EC103366 EC103367 EC103368 EC103369 Xerox VersaLink B7035 TL200653 Diskless TL200654 Diskless TL200662 Diskless TL200655 TL200656 TL200663 TL200657 TL200658 TL200664 EC103370 EC103372 EC103373...

Search results

Summary of Contents for VersaLink B7025

Reviews:

Related manuals for VersaLink B7025

Brands by name

Popular brands

Xerox VersaLink B7025, Security Function Supplementary Manual

Search results

Summary of Contents for VersaLink B7025

Reviews:

Related manuals for VersaLink B7025

Brands by name

Popular brands