background image

XEROX WorkCentre 

5735/5740/5745/5755/5765/5775/5790 

Information Assurance Disclosure Paper 

 

 

Ver. 2.00, March 2011 

        

Page 

 28 of 50 

3.4.4.1.

 

Access 

The Xerox Service Technician must be authenticated twice: 

1.

 

The  first  password,  called  the 

PSW  Lock  Facility, 

is  obtained  by  calling  a  Xerox  service  location  and 

providing the CSE employee number and the serial number of the PSW.  The password is then given to 
the  Xerox  Service  Technician,  and  is  valid  for  90  days.    When  the  password  expires,  the  Xerox  Service 
Technician must call in again. This password is unique to the client application running on that particular 
PSW, and is required to log onto the PSW prior to initiating communications with the machine. 

2.

 

Once  the  application  is  running,  the  PSW  supplies  the  second  password  (different  from  the  first)  to 
authenticate  the  session  to  the  device.  This  embedded  password  is  automatically  passed  from  the 
application to the machine, and is never seen by anyone.  It is hardcoded in the software of the Marking 
Engine  and  the  PSW  application,  and  is  common  to  all  products.  It  is  not  encrypted.    Many  of  the 
diagnostic routines will require this password in order to function.  

3.4.4.2.

 

Communication Protocol 

The communication process uses a Xerox proprietary protocol. Each packet passing back and forth will 
have a unique identifier (session key) with it for authentication and tracking purposes.  All protocols are 
API based – very little information is directly transferred.  For example, in order to run any given 
diagnostic test, the ‘Start Test XXX’ command is sent to the Marking Engine.  The Marking Engine runs 
the test and responds with a “Test XXX passed (or failed)’ reply.  This is illustrated in the following 
diagram: 

 

3.4.4.3.

 

Network Diagnostics executed from the PSW 

The PSW allows the technician to execute certain Network diagnostic tests by connecting directly to the 
serial port on the controller.  These tests are executed with the device disconnected from the customer’s 
LAN.  

The tests that are available are echo tests for the various protocols (e.g. IP, IPX), where the controller 
sends a dummy message to itself to test the transmit and receive capabilities of its own connectivity 
stacks.  Each protocol is tested individually and each test must be invoked separately.  The diagnostic 
sequence is as follows: 

1)

 

After  the  PSW  and  Marking  Engine  have  established  a  connection,  the  PSW  must  send  the  expected 
synchronization message to the machine.

 

2)

 

The Marking Engine will respond with an acknowledge message containing its serial number. 

Network Controller

Marking Engine

PSW (Laptop computer)

Network

Marking Engine information may be

retrieved; no image data may be accessed

Содержание WORKCENTRE 5735

Страница 1: ...Xerox WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Version 2 0 Prepared by Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester New York 14623...

Страница 2: ...Paper Ver 2 00 March 2011 Page 2 of 50 2010 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and or other cou...

Страница 3: ...onnections 10 2 2 4 USB Ports 10 2 2 Fax Module 11 2 3 1 Purpose 11 2 3 2 Hardware 11 2 4 Scanner 11 2 4 1 Purpose 11 2 4 2 Hardware 11 2 5 Graphical User Interface GUI 12 2 5 1 Purpose 12 2 5 2 Hardw...

Страница 4: ...figurations 27 3 4 2 Alternate Boot via Serial Port 27 3 4 3 tty Mode 27 3 4 4 Diagnostics via Portable Service Workstation PSW Port 27 3 4 5 Summary 30 4 SECURITY ASPECTS OF SELECTED FEATURES 31 4 1...

Страница 5: ...m Xerox customers of the design functions and features of the WorkCentre products relative to Information Assurance IA This document does NOT provide tutorial level information about security connecti...

Страница 6: ...ngine including paper path controller and user interface Figure 2 1 WorkCentre Multifunction System 2 1 Security relevant Subsystems 2 1 1 Physical Partitioning The security relevant subsystems of the...

Страница 7: ...bsystems Security Function Subsystem Image Overwrite Controller Graphical User Interface System Authentication Controller Graphical User Interface Network Authentication Controller Graphical User Inte...

Страница 8: ...processed and buffered in the DRAM in a proprietary format Extended buffer space for very large documents is provided on the network disk The buffered bitmaps are then read from DRAM and sent to the...

Страница 9: ...low level I O control Some examples of this distributed control are Power distribution Photoreceptor and main drive motors control Raster Output Scanner ROS Paper Registration Finisher Table 2 Contro...

Страница 10: ...ol hardware Table 4 Controller External Connections 2 2 4 USB Ports The WorkCentre contains a host connector for a USB flash drive enabling upload of software upgrades and download of network logs or...

Страница 11: ...d configuration information No user or job data is permanently stored in this location Non Volatile Memory Description Type Flash EEPROM etc Size User Modifiable Y N Function or Use Process to Clear F...

Страница 12: ...nd hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is exported by the web service...

Страница 13: ...erfaces Images and control signals are transmitted from the copy controller to the marking engine across a proprietary interface 2 7 System Software Structure 2 7 1 Open source components Open source...

Страница 14: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 14 of 50 Figure 2 4 Controller Operating System layer components...

Страница 15: ...ation Assurance Disclosure Paper Ver 2 00 March 2011 Page 15 of 50 2 7 3 Network Protocols Figure 2 5 is an interface diagram depicting the protocol stacks supported by the device annotated according...

Страница 16: ...tween a client and the device A shared secret is used to encrypt the traffic flowing through this tunnel SSL must be enabled in order to set up the shared secret When an IPSec tunnel is established be...

Страница 17: ...SLP 443 TCP SSL 515 TCP LPR 631 TCP IPP 1900 UDP SSDP 3003 TCP http SNMP reply 9100 TCP raw IP Table 9 Network Ports Please note that there is no ftp port in this list ftp is only used to export scann...

Страница 18: ...ly host the web pages resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networ...

Страница 19: ...h time someone could reverse engineer the authentication and gain access to the network With the 5 minute timeout the person has just 5 minutes to reverse engineer the authentication and the key befor...

Страница 20: ...tandard LDAP port used for address book queries in the Scan to Email feature 2 8 2 10 Port 396 Netware This configurable port is used when Novell Netware is enabled to run over IP 2 8 2 11 Port 427 SL...

Страница 21: ...this port can only open when the http server is active The machine replies back to the http server via this port It sends the reply to the loopback address 127 0 0 0 which is internally routed to the...

Страница 22: ...ccess one or any combination of the following services Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Also users can be authorized to access one or any combination...

Страница 23: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 23 of 50 Figure 3 1 Authentication and Authorization schematic...

Страница 24: ...2000 Windows 2003 This is an option that must be enabled on the device and is used in conjunction with all Network Scanning features Scan to File Scan to E mail internet fax and Scan to Fax Server Th...

Страница 25: ...h the router using the IP address of the Domain Controller 2 The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated If 2 is success...

Страница 26: ...tication is detailed in subsequent sections 3 3 2 1 Device log on Scanning feature Device behavior Scan to File Public Template The device logs in to the scan repository as set up by the SA in User To...

Страница 27: ...ue serial protocol is used to communicate to the alt boot code All commands are DOS type menu driven i e type in a number to start a command If a PSW is connected the application on the PSW cannot be...

Страница 28: ...ox proprietary protocol Each packet passing back and forth will have a unique identifier session key with it for authentication and tracking purposes All protocols are API based very little informatio...

Страница 29: ...will collect data about the network it is on and transmit the data The CSE is expected to seek permission from the customer before connecting the device to the LAN and performing this diagnostic The N...

Страница 30: ...per Ver 2 00 March 2011 Page 30 of 50 3 4 5 Summary As stated above accessibility of customer documents files or network resources is impossible via the PSW In the extremely unlikely event that someon...

Страница 31: ...omma separated file format The log does not clear when it is disabled and will persist through power cycles The following table lists the events that are recorded in the log Event ID Event description...

Страница 32: ...atus IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 13 Efax Job name User Name Completion Status IIO status Accounting User ID Accoun...

Страница 33: ...ice name Device serial number StartupMode enabled disabled System Params Password changed or failed Start Job Password changed or failed Completion Status Success Failed 29 Network User Login UsereNam...

Страница 34: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed...

Страница 35: ...ion Status Success Failed 63 IPv6 Enable Disable Configure UserName Device Name Device Serial Number Completion Status Success Failed 64 802 1x Enable Disable Configure UserName Device Name Device Ser...

Страница 36: ...er net destination net destination 7 Server fax job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbe...

Страница 37: ...Status 20 Scan to Mailbox job Job name or Dir name User Name Completion Status IIO status 21 Delete File Dir Job name or Dir name User Name Completion Status IIO status 22 USB Thumbdrive UserName Devi...

Страница 38: ...number IIO Status enabled or disabled 35 SA pin changed UserName Device name Device serial number Completion status 36 Audit log Transfer UserName Device name Device serial number Completion status 3...

Страница 39: ...ice XSA tracks copy scan including filing and email print and fax usage by individual user1 The system administrator can enable disable the feature via the LUI or Web UI add or delete users and set us...

Страница 40: ...xy server on the customer s network The proxy server address is set up using the WebUI 4 4 Encrypted Partitions When enabled by the customer the controller disk is encrypted using the AES algorithm wi...

Страница 41: ...successfully status is displayed in the Job Queue However if IIO fails a popup will appear on the Local UI recommending that the user run ODIO and a failure sheet will be printed ODIO may be invoked e...

Страница 42: ...losure Paper Ver 2 00 March 2011 Page 42 of 50 5 Responses to Known Vulnerabilities 5 1 Security Xerox www xerox com security Xerox maintains an evergreen public web page that contains the latest secu...

Страница 43: ...tocol GB Gigabyte HP Hewlett Packard HTTP Hypertext transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax...

Страница 44: ...tive for PSW RFC Required Functional Capability SA System Administrator SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Disco...

Страница 45: ...ensors hence can only support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be su...

Страница 46: ...veats limited local UI messaging captured within table C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver...

Страница 47: ...w type 2 enumerations from next generation Host Resources MIB supported optional not support because Host Resources MIBv2 has NOT entered the standards track New type 2 enumerations from next generati...

Страница 48: ...tworks 894 Standard for the transmission of IP datagrams over IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Pro...

Страница 49: ...Page 49 of 50 Function RFC Standard Document Printing Application DPA 10175 Appletalk Inside Appletalk Second Edition Printing Description Languages Postscript Language Reference Third Edition PCL6 P...

Страница 50: ...65 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 50 of 50 6 4 Appendix E References Kerberos FAQ http www nrl navy mil CCS people kenh kerberos faq html IP port numbers htt...

Отзывы: