manualshive.com logo in svg

Xerox AltaLink B8045, Руководство по безопасности, Страница: 4 / 70

Поделиться
Скачать
Xerox AltaLink B8045 Скачать руководство пользователя страница 4

Xerox® Security Guide for Office Class Products:  AltaLink® 

 VersaLink® 

November 2018 

  Page  2 

 

 

Outbound User Data .....................................................................................................................10

 

Scanning to Network Repository, Email, Fax Server ....................................................................... 10

 

Protocol ............................................................................................................................................ 10

 

Encryption ........................................................................................................................................ 10

 

Description ....................................................................................................................................... 10

 

Scanning to User Local USB Storage Product ................................................................................ 11

 

Add on Apps- Cloud, Google, DropBox, and others .....................................................................11

 

4

 

Network Security .............................................................................................................................12

 

TCP/IP Ports & Services ............................................................................................................................. 12

 

Listening services (inbound ports) ................................................................................................12

 

Network Encryption ..................................................................................................................................... 13

 

IPSec 

13

 

Wireless 802.11 Wi-Fi Protected Access (WPA) ..........................................................................14

 

TLS 

14

 

Public Key Encryption (PKI) ..........................................................................................................15

 

Device Certificates ........................................................................................................................... 15

 

Trusted Certificates .......................................................................................................................... 16

 

Certificate Validation ........................................................................................................................ 17

 

Email Signing and Encryption using S/MIME ................................................................................17

 

SNMPv3  17

 

Network Access Control .............................................................................................................................. 18

 

802.1x 

18

 

Cisco Identity Services Engine (ISE) ............................................................................................18

 

Cisco ISE allows you to deploy the following controls and monitoring of Xerox products: .............. 18

 

Contextual Endpoint Connection Management .......................................................................................... 19

 

FIPS140-2 Compliance Validation .............................................................................................................. 19

 

Additional Network Security Controls .......................................................................................................... 19

 

Endpoint Firewall Options .............................................................................................................19

 

IP Whitelisting (IP Address Filtering) ................................................................................................ 20

 

Stateful Firewall (Advanced IP Filtering) .......................................................................................... 20

 

5

 

Device Security: BIOS, Firmware, OS, Runtime, and Operational security controls ...............21

 

Fail Secure Vs Fail Safe .............................................................................................................................. 22

 

Pre-Boot Security ........................................................................................................................................ 22

 

BIOS 

22

 

Embedded Encryption ...................................................................................................................22

 

Boot Process Security ................................................................................................................................. 22

 

Firmware Integrity..........................................................................................................................22

 

Содержание AltaLink B8045

Страница 1: ...Products Single Function Printers AltaLink Multi Function Products VersaLink Multi Function Products VersaLink Printers B8045 B8055 B8065 B8075 B8090 B405 B605 B615 B7025 B7030 B7035 B400 B600 B610 C8...

Страница 2: ...ledged Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or judicial law or hereinafter granted including without limitatio...

Страница 3: ...10 100 1000 MB Ethernet RJ 45 Network Connector 8 Rear USB Type B Target port 8 Optional Equipment 8 RJ 11 Analog Fax and Telephone 8 Wireless Network Connector 8 Near Field Communications NFC Reader...

Страница 4: ...15 Trusted Certificates 16 Certificate Validation 17 Email Signing and Encryption using S MIME 17 SNMPv3 17 Network Access Control 18 802 1x 18 Cisco Identity Services Engine ISE 18 Cisco ISE allows y...

Страница 5: ...the following authentication mode 26 Local Authentication 26 Password Policy 26 Network Authentication 27 Smart Card Authentication 27 Convenience Authentication 27 Simple Authentication non secure 28...

Страница 6: ...Xerox Security Guide for Office Class Products AltaLink VersaLink November 2018 Page 4 Appendix B Security Events 49 Xerox AltaLink Security Events 49 VersaLink Security Events 65...

Страница 7: ...Information Assurance This document does not provide tutorial level information about security connectivity or the product s features and functions This information is readily available elsewhere We a...

Страница 8: ...nt to security and are not discussed 1 Stabilizer 2 Bypass paper feed tray 3 Front USB Port s 4 Touch screen user interface 5 Upper paper tray 6 Lower paper tray 7 Paper feed trays 8 Caster wheels 9 R...

Страница 9: ...s may be equipped with additional storage options such as magnetic Hard Disk Drive HDD Solid State Disk SSD SD Card or Flash media For model specific details please see Appendix A Product Security Pro...

Страница 10: ...communication cannot write or change any settings on the system The data exchanged is not encrypted and may include information including system network status IP address and product location NFC fun...

Страница 11: ...latform Module TPM The TPM is compliant with ISO IEC 11889 the international standard for a secure cryptoprocessor dedicated to secure cryptographic keys The TPM is used to securely hold the product s...

Страница 12: ...ption The Xerox Global Print Driver supports document encryption when submitting Secure Print jobs to enabled products Simply check the box to Enable Encryption when adding the Passcode to the print j...

Страница 13: ...171 Image Overwrite All models use magnetic HDD Models with magnetic HDD See Appendix A Product Security Profiles Models with magnetic HDD See Appendix A Product Security Profiles Print Submission IPP...

Страница 14: ...a client to external network services Inbound Listening Services Out Bound Network Client Print Services LPR IPP Raw IP etc Management Services SNMP Web interface WebServices etc Infrastructure Discov...

Страница 15: ...ersaLink products support IPSec for both IPv4 and IPv6 protocols AltaLink Multifunction VersaLink Multifunction VersaLink Printers B8045 B8055 B8065 B8075 B8090 C8030 C8035 C8045 C8055 C8070 B405 B605...

Страница 16: ...WPA2 Enterprise CCMP AES TKIP TKIP CCMP AES PEAPv0 MS CHAPv2 EAP TLS EAP TTLS PAP EAP TTLS MS CHAPv2 EAP TTLS EAP TLS CCMP AES TKIP PEAPv0 MS CHAPv2 EAP TLS EAP TTLS PAP EAP TTLS CHAP EAP TTLS MS CHAP...

Страница 17: ...For protocols such as HTTPS the printer is the server and must prove its identity to the client Web browser For protocols such as 802 1X the printer is the client and must prove its identity to the au...

Страница 18: ...this requirement a message appears The message alerts the user that the certificate they are attempting to upload does not meet the key length requirement AltaLink Multifunction VersaLink Multifuncti...

Страница 19: ...B600 B610 C400 C500 C600 C7000 C8000 C9000 Email S MIME Versions v3 v2 v3 v3 2 Not Applicable Digest SHA1 SHA256 SHA384 SHA512 MD5 SHA1 SHA256 Not Applicable Encryption 3DES AES128 AES192 AES256 3DES...

Страница 20: ...SE under product families such as AltaLink and VersaLink enabling Cisco ISE to automatically detect and profile new Xerox products from the day they are released Customers who use Cisco ISE find that...

Страница 21: ...manage endpoints contextually Connectivity of AltaLink and VersaLink devices can be fully managed contextually by Cisco TrustSec TrustSec uses Security Group Tags SGT that are associated with an endp...

Страница 22: ...ately If IP Filter and IPsec are both enabled IPsec is evaluated first Up to 25 addresses can be enabled for IPv4 and an additional 25 for IPv6 Addresses include IP and subnet allowing individual syst...

Страница 23: ...Firmware is digitally signed Firmware is verified against a whitelist using cryptographic hashing Runtime Intrusion Prevention Detection Runtime Executable Control McAfee Embedded Control prevents una...

Страница 24: ...are applied by device firmware updates Firmware is protected from tampering by use of digital signatures discussed later in this section The BIOS is designed to fail secure An integrity check is perf...

Страница 25: ...that the event happened in mm dd yy format Time The time that the event happened in hh mm ss format ID The type of event The number corresponds to a unique description Description An abbreviated desc...

Страница 26: ...tion is required while servicing a Xerox device service technicians will remove the device from any connected networks The technician will then connect directly to the device using an Ethernet cable c...

Страница 27: ...d Xerox CentreWare Web available as a free download centrally manage Xerox Devices Additionally AltaLink products come with McAfee built in and can be managed with McAfee ePO providing an enhanced sec...

Страница 28: ...owing authentication mode Local Authentication Network Authentication Smart Card Authentication CAC PIV SIPR Net Convenience Authentication Local Authentication The local user database stores user cre...

Страница 29: ...elf Support for the SIPR network is provided using the XCP Plug in architecture and a Smart Card authentication solution created by 90meter under contract for Xerox Details regarding 90meter can be fo...

Страница 30: ...ote that Xerox products are designed to be customizable and support various workflows as well as security needs User permissions include security related permissions and non security related workflow...

Страница 31: ...ulnerabilities in Xerox software and hardware It can be downloaded from this page http www xerox com information security information security articles whitepapers enus html Additional Resources Below...

Страница 32: ...rox Security Guide for Office Class Products AltaLink VersaLink November 2018 Page 30 Appendix A Product Security Profiles This appendix describes specific details of each AltaLink and VersaLink produ...

Страница 33: ...Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Ty...

Страница 34: ...oard HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 SDRAM Executable code Printer contr...

Страница 35: ...or C Release Lever Security Related Interfaces Ethernet 10 100 1000 MB Ethernet interface Optional Wi Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printi...

Страница 36: ...oard HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 SDRAM Executable code Printer contr...

Страница 37: ...Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print...

Страница 38: ...d HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control d...

Страница 39: ...pe B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print fr...

Страница 40: ...HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2 4GB DDR3 DRAM Executable code Printer control...

Страница 41: ...Wi Fi Dongle Supports optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0...

Страница 42: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Страница 43: ...s optional 802 11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users...

Страница 44: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Страница 45: ...11 Dongle Rear USB 3 0 Type B USB target connector used for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a U...

Страница 46: ...gnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2 4GB DDR3 DRAM Executable code Printer control data te...

Страница 47: ...for printing Note This port can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to P...

Страница 48: ...agnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 2GB DDR3 DRAM Executable code Printer control data tem...

Страница 49: ...t can be disabled completely by a system administrator Front Panel Optional USB2 0 Type A port s Users may insert a USB thumb drive to print from or store scanned files to Physical security of this in...

Страница 50: ...d HDD Magnetic Hard Disk Drive SSD Solid State Disk SD Card Secure Digital Card Controller Volatile Memory Size Type Use User Data How to Clear Volatile 4GB DDR3 DRAM Executable code Printer control d...

Страница 51: ...verwrite Status 5 Print job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID 6 Network scan job Job name User Name Completion Status IIO status Accounting User...

Страница 52: ...Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 14 Lan Fax Job Job name User Name Completion Status IIO status...

Страница 53: ...pts Exceed 5 Time Remaining Hrs Remaining for next attempt Min Remaining for next attempt 27 Postscript Passwords Device name Device serial number StartupMode enabled disabled System Params Password c...

Страница 54: ...enabled disabled 41 IP Filtering Rules UserName Device name Device serial number Completion Status Configured enabled disabled 42 Network Authentication Enable Disable Configure UserName Device name D...

Страница 55: ...Logout Device Name Device Serial Number Interface Web LUI User Name who was logged out Session IP if available 58 Session Timer Interval Change Device Name Device Serial Number Interface Web LUI Time...

Страница 56: ...Mode Enable Disable Configure UserName Device name Device Serial Number Enable Disable Configure 69 Xerox Secure Access Login UserName Device Name Device Serial Number Completion Status Success Faile...

Страница 57: ...request 79 Scan to Web Service Job Remote Scan Job Competed TWAIN driver Job name UserName Accounting User ID Name Accounting Account ID Name Completion status Destination 80 SMTP Connection Encryptio...

Страница 58: ...e managing passwords Device name Device serial number Folder Name Completion Status Password was Changed 93 EFax Mailbox Passcode UserName managing passcodes Device name Device serial number Completio...

Страница 59: ...evice name Device serial number Completion Status Success if Passcode is ok Failed if Passcode is not ok Locked out if Max Attempts Exceed 5 Time Remaining Hrs Remaining for next attempt Min Remaining...

Страница 60: ...abled Configured 112 Billing Impression Mode UserName Device name Device serial number Mode Set to A4 Mode A3 Mode Completion Status Success Failed Impression data 113 Airprint Enable Disable Configur...

Страница 61: ...etion status Success Fail 124 Invalid Login Attempt Lockout Device name Device serial number Interface Web UI Local UI Session IP Address if available 125 Protocol audit Log enable Disable UserName De...

Страница 62: ...evice serial number Completion status accept reject request 134 Airprint Mopria Scan Job Completed Job name UserName if available Completion status 136 Remote Services NVM Write Device Name Device Ser...

Страница 63: ...n Password Policy Configure User name Device name Device serial number 147 Local user account password policy User name Device name Device serial number 148 Restricted admin login User name Device nam...

Страница 64: ...Clone Files UserName if available Device name Device serial numberCompletion status Enabled Disabled 161 Network Troubleshooting Start Stop User name Device Name Device Serial Number Completion Status...

Страница 65: ...umber Completion Status Success Failed 173 Device File Distribution Trust Operations User name Device name Device serial number Member name Member serial number TC Lead Device Name TC Lead Serial Numb...

Страница 66: ...Beaconing for iBeacon for AirPrint Discovery User Name Device name Device serial number Completion Status Enabled Disabled 181 Network Troubleshooting Install Uninstall User Name Device name Device s...

Страница 67: ...me Completion Success Failed Invalid User ID Failed Invalid Password Failed Host Name or IP Address Method Local Remote Convenience Custom Role System Administrator Customer Engineer Casual Operator 2...

Страница 68: ...ompletion Success Failed 501 Add User User name User Role 501 Edit User User name User Role ID Password CardID Name Permission Role ICCardID Other 501 Delete User User Name 501 Create Mailbox Host Nam...

Страница 69: ...ge Billing Impression Mode Completion Success Failed Designated Mode A3 Mode A4 Mode Billing Meter Values 601 Import Certificate User name Completion Success Failed Category RootCA DeviceEE SSCEE Key...

Страница 70: ...ectivity Permissions System 601 Import Cloning Data 701 Important Parts Completion Replaced 701 Hard Disk Completion Replaced Installed Removed 701 Software Completion Updated ROM Type IOT UI Controll...

Отзывы:

Нет отзывов