Secure Installation and Operation of Your WorkCentre™
5735/5740/5745/5755/5765/5775/5790
Purpose and Audience
This
document provides information on secure installation and operation. All customers, but particularly those concerned with
secure installation and operation of these machines, should follow these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your device is operated and
maintained in a secure manner.
Background
These systems are Common Criteria certified. The information provided here is consistent with the security functional claims
made in the Security Target. The Security Target will be available from the Common Criteria Certified Product website
(
http://www.commoncriteriaportal.org/products.html
) list of evaluated products, from the Xerox security website
(http://www.xerox.com/information-security/common-criteria-certified/enus.html ) or from your Xerox representative.
1.
Please follow the guidelines below for secure installation, setup and operation of the evaluated configuration:
a).
The security functions in the evaluated configuration that should be set up by the System Administrator are:
•
Immediate Image Overwrite
•
On Demand Image Overwrite
•
Disk Encryption
•
FIPS 140-2 Encryption
•
IP Filtering
•
Audit Log
•
SSL
•
SNMPv3
•
IPSec
•
Local, Remote or Smart Card Authentication
•
Local Authorization and Personalization
•
802.1x Device Authentication
•
Session Inactivity Timeout
•
Hold All Jobs
System Administrator login is required when accessing the security features via the Web User Interface (Web UI) or when
implementing the guidelines and recommendations specified in this document. To log in to the Web UI as an authenticated
System Administrator, follow the instructions under “Accessing Internet Services as System Administrator” located on page
24 in the System Administration Guide (SAG)
1
.
To log in to the Local User Interface (Local UI) as an authenticated System Administrator, follow the “Access Tools Pathway
as a System Administrator” instructions located on page 18 in the SAG.
Follow the instructions located in the SAG in Chapter 8, Security to set up these security functions except as noted in the
items below. Note that whenever the SAG
requires that the System Administrator provide an IPv4 address, IPv6 address or
port number the values should be those that pertain to the particular device being configured.
b).
The following services are also considered part of the evaluated configuration and should be enabled when needed by the
System Administrator - Copy, Embedded Fax, Fax Forwarding on Receive (for Embedded Faxes), Scan to E-mail, Workflow
Scanning, Scan to Mailbox, Internet Fax, and ID Card Copy.
Secure acceptance, once device delivery and installation is completed, should be done by:
•
Printing out a Configuration Report by following the instructions located in the
SAG
in the
Print a Configuration
Report
section on page 18.
•
Comparing the software/firmware versions listed on the Configuration Report with the Evaluated Software/Firmware
versions listed in Table 2 of the Xerox WorkCentre™ 5735/5740/5745/5755/5765/5775/5790 Security Target, Version
1.0 and make sure that they are the same in all cases.
c).
Change the Administrator password as soon as possible. Reset the Tools password periodically.
(1) Set the Administrator password to a minimum length of eight alphanumeric characters, (2) change the Administrator
password once a month and (3) ensure that all passwords are strong passwords (e.g., passwords use a combination of
alphanumeric and non-alphanumeric characters; passwords don’t use common names or phrases, etc.).
TP
1
Xerox
®
®
WorkCentre 5735/5740/5745/5755/5765/5775/5790 System Administrator Guide, Version 2.0, December 2010
