Xerox WorkCentre 7220 Скачать руководство пользователя страница 2

Страница: 2 / 61

WorkCentre 7220-7225 Information Assurance Disclosure Paper

Ver. 1.0, January 2013

Page

2 of 61

Contributors:

Michael Barrett
Steve Beers
Bob Crumrine
Mike Faraoni
Gordon Farquhar
Mirelsa Fontanes
Tim Hunter
Larry Kovnat
Tom Pierce
Roger Rhodes
Steve Sydorowicz
R. Ben Wilkie
Bob Zolla
Ralph H. Stoos Jr.

Содержание WorkCentre 7220

Страница 1: ...x Corporation 800 Phillips Road Webster New York 14580 2012 2013 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United Sta...

Страница 2: ...sure Paper Ver 1 0 January 2013 Page 2 of 61 Contributors Michael Barrett Steve Beers Bob Crumrine Mike Faraoni Gordon Farquhar Mirelsa Fontanes Tim Hunter Larry Kovnat Tom Pierce Roger Rhodes Steve S...

Страница 3: ...2 Hardware 15 2 4 Scanner 16 2 4 1 Purpose 16 2 4 2 Hardware 16 2 5 Graphical User Interface GUI 16 2 5 1 Purpose 16 2 6 Marking Engine Image Output Terminal or IOT 16 2 6 1 Purpose 16 2 6 2 Hardware...

Страница 4: ...ns Role Based Access Control RBAC 47 4 5 SMart eSolutions 48 4 6 Encrypted Partitions 48 4 7 Image Overwrite 49 4 7 1 Algorithm 49 4 7 2 User Behavior 49 4 7 3 Overwrite Timing 50 4 7 4 Overwrite Comp...

Страница 5: ...ign functions and features of the products relative to Information Assurance IA This document does NOT provide tutorial level information about security connectivity PDLs or products features and func...

Страница 6: ...Description This product consists of an in put document handler and scanner marking engine including paper path controller and user interface Figure 2 1 WorkCentre 7220 7225 Multifunction System Docum...

Страница 7: ...ler Power Interface TOE internal wiring proprietary TOE internal wiring proprietary PCI Bus TOE Physical Boundary Original Documents Optical interface Human Interface Hardcopy Finisher Paper output in...

Страница 8: ...uthentication Controller Graphical User Interface Security Audit Controller Cryptographic Operations Controller User Data Protection SSL Controller User Data Protection IP Filtering Controller User Da...

Страница 9: ...pre collation sometimes referred to as scan once print many When producing multiple copies of a document the scanned image is processed and buffered in the DRAM in a proprietary format Extended buffe...

Страница 10: ...in System memory while the job is being processed Once the job is complete the memory is reused for the next job Likewise Image memory holds job data in a proprietary format while the job is being pr...

Страница 11: ...do not remain stored on this disk One exception is Print From Saved Jobs feature Customer jobs saved on the machine s hard disk using this feature must be manually deleted by the customer If On Deman...

Страница 12: ...al connections available at the right rear of the machine The tray contains a single controller board An optional fax board may also be installed Disk s are mounted on the underside of the tray Below...

Страница 13: ...aders SW upgrade USB Printing Scan to USB Debug Port Troubleshooting and Monitoring Ethernet Network Connectivity Diagnostic LED Readout Displays status codes for Diagnostics Foreign Device Interface...

Страница 14: ...rt and location Purpose Front panel 1 Host port User retrieves print ready files from Flash Media or stores scanned files on Flash Media Physical security of this information is the responsibility of...

Страница 15: ...Fax Card is a printed wiring board assembly containing a fax modem and the necessary telephone interface logic It connects to the controller via a serial communications interface The Fax Card is respo...

Страница 16: ...pose The GUI detects soft and hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is...

Страница 17: ...m Software Structure 2 7 1 Open source components Open source components in the connectivity layer implement high level protocol services The security relevant connectivity layer components are Apache...

Страница 18: ...ork and physical I O drivers The controller operating system is Wind River Linux kernel v 2 6 34 Xerox may issue security patches for the OS in which case the Xerox portion of the version number i e a...

Страница 19: ...2013 Page 19 of 61 2 7 3 Network Protocols Figure 2 5 and Figure 2 6 are interface diagrams depicting the IPv4 and IPv6 protocol stacks supported by the device annotated according to the DARPA model F...

Страница 20: ...up the shared secret When an IPSec tunnel is established between a client and the machine the tunnel will also be active for administration with SNMPv2 tools HP Open View etc providing security for S...

Страница 21: ...P ISAKMP 515 TCP LPR 631 TCP IPP 1900 TCP UDP SSDP 1901 UDP SSDP 3003 TCP http SNMP reply 3702 TCP UDP WSD Discovery 4500 TCP UDP IKE Negotiation Port for IPSec 5353 TCP UDP Multicast DNS 5354 TCP Mul...

Страница 22: ...o E mail or Internet Fax I Fax is exporting images to an SMTP server or when email alerts are being transmitted SMTP messages images are transmitted to the SMTP server from the device 2 8 2 4 Port 53...

Страница 23: ...resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networks or web servers outs...

Страница 24: ...s to most destinations and purchasers without the need for previous approval from or notification to BXA At the time of the opinion restricted destinations and entities included terrorist supporting s...

Страница 25: ...o a remote repository using an https connection the device must verify the certificate provided by the remote repository A Trusted Certificate Authority certificate should be uploaded to the device in...

Страница 26: ...e 2 8 2 21 Port 3702 WSD Discovery WS Discovery Multicast This is the default port for WS Discovery the discovery of services in an ad hoc network with a minimum of networking services for example no...

Страница 27: ...t 61502 WS Web Service interface s used to get set services available on the device 2 8 2 32 Port 61503 WS Web Service interface s used to get session information applicable to the current active sess...

Страница 28: ...he available services such as Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Extensible Interface Platform Services Also users can be authorized to access one or an...

Страница 29: ...WorkCentre 7220 7225 Information Assurance Disclosure Paper Ver 1 0 January 2013 Page 29 of 61 Figure 3 1 Authentication and Authorization schematic...

Страница 30: ...in and as many as 8 additional alternate authentication domains 3 2 2 1 Kerberos Authentication Solaris or Windows The authentication steps are 1 A User enters a user name and password at the device i...

Страница 31: ...the Domain Controller 2 The Domain Controller responds back to the device whether or not the user was successfully authenticated If 2 is successful steps 3 5 proceed as described in steps 4 6 of the K...

Страница 32: ...1 The device sends the Domain Controller hostname to the DNS Server 2 The DNS Server returns the IP Address of the Domain Controller 3 The device sends an authentication request directly to the Domain...

Страница 33: ...Cosmo v7 0 128K with ActivIdentity Applets GnD SmartCafe Expert v3 2 144KB with ActivIdentity Applets Gemalto TOP DL GX4 FIPS with ActivIdentity Applets GnD SCE 3 2 80K with ActivIdentity Applets Obe...

Страница 34: ...enticate a user The device can also take in additional information about the user to allow for two factor authentication The Web Service interface allows the 3rd party to tell the device that someone...

Страница 35: ...nto bind to _ the LDAP server The device uses a simple bind to the LDAP server unless the device was able to obtain a TGS for the LDAP server from the Kerberos Servier In this case a SASL GSSAPI bind...

Страница 36: ...re is installed and with it a new whitelist for the new version The digital signature prevents corrupted files from being installed by verification that the file is genuine Xerox software and has not...

Страница 37: ...The following table lists the events that are recorded in the log Event ID Event description Entry Data 1 System startup Device name Device serial number 2 System shutdown Device name Device serial n...

Страница 38: ...IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 14 Lan Fax Job Job name User Name Completion Status IIO status Accounting User ID Acco...

Страница 39: ...Passwords Device name Device serial number StartupMode enabled disabled System Params Password changed Start Job Password changed 29 Network User Login UsereName Device name Device serial number Comp...

Страница 40: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed 4...

Страница 41: ...onfigured Interface Web Local CAC SNMP Session IP address if available 60 Device Clock NTP Enable Disable Device Name Device serial number Enable Disable NTP NTP Server IP Address Completion Status Su...

Страница 42: ...vailable File names downloaded Destination IP address or USB device Completion status Success failed 74 Scan to USB Job Job Name User Name Completion Status IIO Status Accounting User ID Name Accounti...

Страница 43: ...ent Device name Device serial number Type Read Modify Execute Deluge McAfee message text 87 McAfee Agent User name Device name Device serial number Completion Status Enabled Disabled 88 Digital Certif...

Страница 44: ...Wired 100 Address Book Permissions UserName Machine Name Machine serial number Completion Status SA Only Open Access Enabled WebUI SA Only Open Access Enabled LocalUI 101 Address Book Export UserName...

Страница 45: ...atus Success or Failed 108 Convenience Authentication Enable Disable Configure UserName Device name Device serial number Completion Status Enabled Disabled Configured 109 Efax Passcode Length UserName...

Страница 46: ...cific services to zero for users that should not have rights to use the feature After each job is performed the user s balance is updated by the number of impressions or scans performed Services becom...

Страница 47: ...device may be used In addition users can be assigned multiple roles Through the Web UI on the Xerox device the SA may perform the following functions Configure Job Types which will be allowed such as...

Страница 48: ...ending the meter reads back to the server Supplies Assistant Once the connection with the Xerox Communication Server has been established the Supplies Assistant service will be automatically enabled b...

Страница 49: ...emporary files IIO or to the entire spooling area of the disks ODIO hex value 0xCA ASCII compliment of 5 Step 3 Pattern 3 is written to the sectors containing temporary files IIO or to the entire spoo...

Страница 50: ...Reporting Immediate Image Overwrite When an Immediate Image Overwrite is performed at the completion of each job the user may view the Completed Jobs Log at the Local UI In each Job entry there will...

Страница 51: ...rinter is the server in the client server relationship An SSL certificate for HTTPS is an example Validates certificates for features where the printer is the client in the client server relationship...

Страница 52: ...nd encrypting emails when the user is authenticated to the device using a CAC NET or PIV smart card containing appropriate signing and encryption certificates The device allows signing to multiple rec...

Страница 53: ...that contains the latest security information pertaining to its products Please see http www xerox com security Xerox has created a document which details the Xerox Vulnerability Management and Disclo...

Страница 54: ...t transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax IIO Immediate Image Overwrite IIT Image Input Term...

Страница 55: ...Secure File Transfer Protocol SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Discovery Protocol SSL Secure Sockets Layer TCP...

Страница 56: ...support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be supported Therefore this...

Страница 57: ...e C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver LED is supported the other LEDs were not implemented...

Страница 58: ...ered the standards track New type 2 enumerations from next generation Printer MIB supported supported New Printer MIBv2 objects implemented optional not support because Printer MIBv2 has NOT entered t...

Страница 59: ...ver IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Protocol RARP 903 Bootstrap Protocol BOOTP 951 Clarifications...

Страница 60: ...ance Disclosure Paper Ver 1 0 January 2013 Page 60 of 61 Printing Description Languages Postscript Language Reference Third Edition PCL6 PCL5C PCL XL class 3 0 emulation TIFF 6 0 JPEG Portable Documen...

Страница 61: ...e Disclosure Paper Ver 1 0 January 2013 Page 61 of 61 Appendix E References Kerberos FAQ http www cmf nrl navy mil krb kerberos faq html IP port numbers http www iana org assignments service names por...

Результаты поиска

Содержание WorkCentre 7220

Отзывы:

Похожие инструкции для WorkCentre 7220

Бренды по названию

Популярные бренды

Xerox WorkCentre 7220, Информация

Результаты поиска

Содержание WorkCentre 7220

Отзывы:

Похожие инструкции для WorkCentre 7220

Бренды по названию

Популярные бренды