Xerox® Security Guide for Office Class Products: AltaLink®
VersaLink®
November 2018
Page 19
o
Prevent impersonation (aka spoofing) of a printer/MFP
o
Automatically prevent connection of non-approved print products
o
Smart rules-based policies to govern user interaction with network printing products
Provide simplified implementation of security policies for printers and MFPs by:
o
Providing real time policy violation alerts and logging
o
Enforcing network segmentation policy
o
Isolating the printing products to prevent general access to printers and MFPs in
restricted areas
Automated access to policy enforcement
Provide extensive reporting of printing product network activity
AltaLink® Multifunction VersaLink®
Multifunction
VersaLink® Printers
B8045, B8055, B8065, B8075,
B8090, C8030, C8035, C8045,
C8055, C8070
B405, B605, B615, B7025,
B7030, B7035, C405, C505,
C605, C7020, C7025, C7030
B400, B600, B610, C400, C500,
C600, C7000, C8000, C9000
Network Access Control
Cisco ISE
Supported
Supported
Supported
Contextual Endpoint Connection Management
Traditionally network connection management has been limited to managing endpoints by IP address and
use of VLANs and firewalls. This is effective, but highly complex to manage for every endpoint on a
network. Managing, maintaining, and reviewing the ACLs (and the necessary change management and
audit processes to support them) quickly become prohibitively expensive. It also lacks the ability to
manage endpoints contextually.
Connectivity of AltaLink® and VersaLink® devices can be fully managed contextually by Cisco
TrustSec.
TrustSec uses Security Group Tags (SGT) that are associated with an endpoint’s user, device,
and location attributes. SG-ACLs can also block unwanted traffic so that malicious reconnaissance
activities and even remote exploitation from malware can be effectively prevented.
FIPS140-2 Compliance Validation
When enabled, the product will validate its current configuration to identify cryptographic modules in use.
Modules which are not FIPS 140-2 (Level 1) compliant will be reported.
AltaLink® products include FIPS compliant algorithms of SNMPv3 and Kerberos, however an exception
can be approved to run these in non-FIPS compliant mode when configured for non-FIPS algorithms.
VersaLink® products use encryption algorithms for Kerberos, SMB, SNMPv3, and PDF Direct Print
Service that are not approved by FIPS140-2. They can however operate in FIPS140-2 approved Mode in
order to maintain compatibility with conventional products after an exception is approved by a system
administrator. They do not use FIPS compliant algorithms when in this configuration.
Additional Network Security Controls
Additional network security controls are discussed in the following sections.
Endpoint Firewall Options
AltaLink® Multifunction VersaLink®
Multifunction
VersaLink® Printers
B8045, B8055, B8065, B8075,
B8090, C8030, C8035, C8045,
C8055, C8070
B405, B605, B615, B7025,
B7030, B7035, C405, C505,
C605, C7020, C7025, C7030
B400, B600, B610, C400, C500,
C600, C7000, C8000, C9000
Firewall
Stateful Packet Filter
IP Whitelisting
IP Whitelisting