Xerox 5735, 5740, 5755, 5775, 5745 User Manual

Xerox WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper
Version 2.0

Prepared by:

Larry Kovnat
Xerox Corporation
1350 Jefferson Road
Rochester, New York 14623

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

©2010 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of
Xerox Corporation in the United States and/or other counties.

Other company trademarks are also acknowledged.

Document Version: 1.00 (May 2010).

Ver. 2.00, March 2011 Page 2 of 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

1. INTRODUCTION ..................................................................................................................................5

1.1.

Purpose .................................................................................................................................................................................... 5

1.2.

Target Audience ................................................................................................................................................................... 5

1.3.

Disclaimer ............................................................................................................................................................................... 5

2. DEVICE DESCRIPTION .......................................................................................................................6

2.1.

Security-relevant Subsystems ......................................................................................................................................... 6

2.1.1. Physical Partitioning .......................................................................................................................................................................6

2.1.2. Security Functions allocated to Subsystems ........................................................................................................................7

2.2.

Controller ................................................................................................................................................................................ 8

2.2.1. Purpose ................................................................................................................................................................................................8

2.2.2. Memory Components ....................................................................................................................................................................8

2.2.3. External Connections .................................................................................................................................................................. 10

2.2.4. USB Ports ......................................................................................................................................................................................... 10

2.2.

Fax Module .......................................................................................................................................................................... 11

2.3.1. Purpose ............................................................................................................................................................................................. 11

2.3.2. Hardware ......................................................................................................................................................................................... 11

2.4.

Scanner ................................................................................................................................................................................. 11

2.4.1. Purpose ............................................................................................................................................................................................. 11

2.4.2. Hardware ......................................................................................................................................................................................... 11

2.5.

Graphical User Interface (GUI) ................................................................................................................................... 12

2.5.1. Purpose ............................................................................................................................................................................................. 12

2.5.2. Hardware ......................................................................................................................................................................................... 12

2.6.

Marking Engine (also known as the Image Output Terminal or IOT) .......................................................... 13

2.6.1. Purpose ............................................................................................................................................................................................. 13

2.6.2. Hardware ......................................................................................................................................................................................... 13

2.6.3. Control and Data Interfaces .................................................................................................................................................... 13

2.7.

System Software Structure ........................................................................................................................................... 13

2.7.1. Open-source components ......................................................................................................................................................... 13

2.7.2. OS Layer in the Controller ......................................................................................................................................................... 13

2.7.3. Network Protocols ........................................................................................................................................................................ 15

2.8.

Logical Access ..................................................................................................................................................................... 16

2.8.1. Network Protocols ........................................................................................................................................................................ 16

2.8.2. Ports ................................................................................................................................................................................................... 17

2.8.3. IP Filtering ....................................................................................................................................................................................... 21

3. SYSTEM ACCESS ................................................................................................................................ 22

3.1.

Authentication Model ..................................................................................................................................................... 22

Ver. 2.00, March 2011 Page 3 of 50

XEROX WorkCentre

3.2.

Login and Authentication Methods ........................................................................................................................... 24

3.2.1. System Administrator Login [All product configurations] ........................................................................................... 24

3.2.2. User authentication ..................................................................................................................................................................... 24

3.3.

System Accounts ............................................................................................................................................................... 26

3.3.1. Printing [Multifunction models only] .................................................................................................................................... 26

3.3.2. Network Scanning [Multifunction models only] .............................................................................................................. 26

3.4.

Diagnostics .......................................................................................................................................................................... 27

3.4.1. Service [All product configurations] ...................................................................................................................................... 27

3.4.2. Alternate Boot via Serial Port .................................................................................................................................................. 27

3.4.3. tty Mode ........................................................................................................................................................................................... 27

3.4.4. Diagnostics via Portable Service Workstation (PSW) Port ........................................................................................... 27

3.4.5. Summary .......................................................................................................................................................................................... 30

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

4. SECURITY ASPECTS OF SELECTED FEATURES ...................................................................... 31

4.1.

Audit Log .............................................................................................................................................................................. 31

4.2.

Xerox Standard Accounting .......................................................................................................................................... 39

4.3.

Automatic Meter Reads ................................................................................................................................................. 40

4.4.

Encrypted Partitions ........................................................................................................................................................ 40

4.5.

Image Overwrite ............................................................................................................................................................... 40

4.5.1. Algorithm ......................................................................................................................................................................................... 41

4.5.2. User Behavior ................................................................................................................................................................................. 41

4.5.3. Overwrite Timing .......................................................................................................................................................................... 41

5. RESPONSES TO KNOWN VULNERABILITIES ......................................................................... 42

5.1.

Security @ Xerox (www.xerox.com/security) .......................................................................................................... 42

6. APPENDICES ....................................................................................................................................... 43

6.1.

Appendix A – Abbreviations ......................................................................................................................................... 43

6.2.

Appendix B – Supported MIB Objects ....................................................................................................................... 45

6.3.

Appendix C –Standards .................................................................................................................................................. 48

6.4.

Appendix E – References ................................................................................................................................................ 50

Ver. 2.00, March 2011 Page 4 of 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

1. Introduction

The

WorkCentre 5735/5740/5745/5755/5765/5775/5790 multifunction systems

versions of Xerox copier and multifunction devices for the general office.

1.1. Purpose

The purpose of this document is to disclose information for the WorkCentre products with respect to device security.
Device Security, for this paper, is defined as how image data is stored and transmitted, how the product behaves in a
networked environment, and how the product may be accessed, both locally and remotely. Please note that the
customer is responsible for the security of their network and the WorkCentre products do not establish security for
any network environment.

The purpose of this document is to inform Xerox customers of the design, functions, and features of the WorkCentre
products relative to Information Assurance (IA).

This document does NOT provide tutorial level information about security, connectivity, PDLs, or WorkCentre
products features and functions. This information is readily available elsewhere. We assume that the reader has a
working knowledge of these types of topics. However, a number of references are included in the Appendix.

Information Assurance Disclosure Paper

are among the latest

1.2. Target Audience

The target audience for this document is Xerox field personnel and customers concerned with IT security.

1.3. Disclaimer

The information in this document is accurate to the best knowledge of the authors, and is provided without warranty
of any kind. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or
disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of
business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages.

Ver. 2.00, March 2011 Page 5 of 50

XEROX WorkCentre

(IIT)

Marking Engine (IOT)

feeder accessory

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

2. Device Description

This product consists of an in put document handler and scanner, marking engine including paper path, controller,
and user interface.

Paper Trays

Graphical User
Interface
(GUI)

Document Feeder & Scanner

High-volume finisher and

High-capacity

Figure 2-1 WorkCentre Multifunction System

booklet maker accessories

2.1. Security-relevant Subsystems

2.1.1. Physical Partitioning

The security-relevant subsystems of the product are partitioned as shown in Figure 2-2.

Ver. 2.00, March 2011 Page 6 of 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

interface

Optical

y

a

l

p

s

i

D

d

n

a

s

n

o

t

t

u

B

(proprietary)

Button and TOE internal wiring

s
u
B
I
C
P

l
a
n
r
e

e

t

c

x

a

e

f

l

r

a

e

t

c

i

n

i

s
y
h
P

Figure 2-2 System functional block diagram

2.1.2. Security Functions allocated to Subsystems

Security Function Subsystem

Image Overwrite

System Authentication

Network Authentication

Security Audit

Cryptographic Operations

User Data Protection – SSL

User Data Protection – IP Filtering

User Data Protection – IPSec

User Data Protection – Disk Encryption

Network Management Security

Fax Flow Security

Controller

Graphical User Interface

Controller

Graphical User Interface

Controller

Graphical User Interface

Controller

Controller

Controller

Controller

Controller

Controller

Controller

Fax Module

Controller

Graphical User Interface

Ver. 2.00, March 2011 Page 7 of 50

XEROX WorkCentre

Type (SRAM, DRAM,

Size User

Function or Use

Process to Sanitize

5735/5740/5745/5755/5765/5775/5790

Security Function Subsystem

Security Management

2.2. Controller

2.2.1. Purpose

The controller provides both network and direct-connect external interfaces, and enables copy, print, email, network
scan, server fax, internet FAX, and LanFAX functionality. Network scanning, server fax, internet fax, and LanFax, are
standard features.

NOTE: The Copier only version includes a hard drive which is used to hold Operating System software, printing
applications, and jam clearance videos. Job Image data is not stored on this disk.

Image Overwrite, which is included as a standard feature, enables both Immediate and On-Demand overwrite of any
temporary image data created on disk. The controller also incorporates an open-source web server (Apache) that
exports a Web User Interface (WebUI) through which users can submit jobs and check job and machine status, and
through which system administrators can remotely administer the machine.

The controller contains the image path, which uses proprietary hardware and algorithms to process the scanned
images into high-quality reproductions. Scanned images may be temporarily buffered in DRAM to enable electronic
pre-collation, sometimes referred to as scan-once/print-many. When producing multiple copies of a document, the
scanned image is processed and buffered in the DRAM in a proprietary format. Extended buffer space for very large
documents is provided on the network disk. The buffered bitmaps are then read from DRAM and sent to the Image
Output Terminal (IOT) for marking on hardcopy output. For long documents, the production of hardcopy may begin
before the entire original is scanned, achieving a level of concurrency between the scan and mark operations.

The controller operating system is Wind River Linux, kernel v. 2.6.20+. (Note: Consistent with Flaw Remediation, this
baseline may be updated as indicated by the ‘+’ sign. Unnecessary services such as rsh, telnet and finger are disabled
in the OS. FTP is used in client-only mode by the network scanning feature for the filing of scanned images and the
retrieval of Scan Templates; however the controller does not contain an FTP server.

The controller works with the Graphical User Interface (GUI) assembly to provide system configuration functions. A
System Administrator PIN must be entered at the GUI in order to access these functions.

Information Assurance Disclosure Paper

Controller

Graphical User Interface

Table 1 Security Functions allocated to Subsystems

2.2.2. Memory Components

Volatile Memory

etc)

DDR2 SDRAM

Upgradeable to

1GB

2GB

Additional Information:

manipulation (Reduce/Enlarge, etc.), and all have no data retention capability. When power is removed all data is lost.
These buffers are typically built into the ASICs. Typical bleed down time for all volatile memory is 10 seconds.

Ver. 2.00, March 2011 Page 8 of 50

Modifiable
(Y/N)

N Single Board Controller

(System and user image stored)

There are also a number of RAM buffers in the video path that are used for image

Subsequent jobs overwrite
the data and all images are
lost at power off or reboot.

XEROX WorkCentre

Type (Flash, EEPROM,

Size User

Function or Use

Process to Sanitize

Type (disk drives,

Removable

Size: User

Function:

Process to Sanitize:

5735/5740/5745/5755/5765/5775/5790

Non-Volatile Memory

Information Assurance Disclosure Paper

etc)

Modifiable
(Y/N)

Flash ROM 128MB N Single Board Controller

(Boot code and system file)

NVRAM 128KB N Single Board Controller

(Xerographic set points)

Additional Information:

low level I/O control. Some examples of this distributed control are:

• Power distribution, Photoreceptor and main drive motors control

• Raster Output Scanner (ROS)

• Paper Registration

•

Finisher

tape drives, CF/SD/XD
memory cards, etc.):

Disk drive N 80GB N Network Controller

There are other non volatile memory devices in the system, but these are used solely for

Table 2 Controller memory components

Y / N

Media and Storage

Modifiable:
Y / N

Application and Copy
Controller Application
software. Image
storage, processing and
Overflow EPC image
storage.

No user image data stored

No user image data stored.

On Demand Image
Overwrite

Fax Card N 512MB N User FAX image data

Ver. 2.00, March 2011 Page 9 of 50

stored

Table 3 Hard Disk Drives

User image data
overwritten at the
completion of each fax
job.

Overwritten by
Standard or Full
ODIO operation

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

2.2.3. External Connections

Interface Description / Usage

FAX line 1, RJ-11 Supports FAX Modem T.30 protocol only

FAX line 2, RJ-11 Supports FAX Modem T.30 protocol only

USB Host Port

PSW USB Target Port

Information Assurance Disclosure Paper

Figure 2-3 Back panel connections

Software upgrade

Direct-connect printing; Xerox diagnostic tools (PSW and CAT)
and Xerox copier assistant

Ethernet 10/100/1000 Network connectivity

Scanner Proprietary connection between the scanner and controller

Serial Port Engineering development debug; default state is disabled

Foreign Device Interface (FDI) Allows connection of optional access control hardware

2.2.4. USB Ports

The WorkCentre contains a host connector for a USB flash drive, enabling upload of software upgrades and
download of network logs or machine settings files.

Autorun is disabled on this port. No executable files will be accepted by the port.

Modifying the software upgrade, network logging or saved machine settings files will make the files unusable on a
WorkCentre .

The data in the network logging file is encrypted and can only be decrypted by Xerox service.

The machine settings that can be saved and restored by a service technician are limited to controller and fax
parameters that are needed for normal operation. For example, the fax address book can be saved and restored by a
service technician.

There is no method for a user, administrator or technician to move image data from the WorkCentre to a USB device.

carrying power and communications

Table 4 Controller External Connections

USB

USB port and location Purpose

USB Host ports Software upgrade

Ver. 2.00, March 2011 Page 10 of 50

XEROX WorkCentre

Type (SRAM, DRAM, etc)

Size User Modifiable

Function or Use

Process to Clear:

Additional Information:

Type (Flash, EEPROM, etc)

Size User Modifiable

Function or Use

Process to Clear:

Additional Information:

USB Target port Direct-connect printing; Xerox diagnostic tools (PSW and CAT) and Xerox copier assistant

5735/5740/5745/5755/5765/5775/5790

Table 5 USB Ports

Information Assurance Disclosure Paper

2.2. Fax Module

2.3.1. Purpose

The embedded FAX service uses the installed embedded fax card to send and receive images over the telephone
interface.

2.3.2. Hardware

The Fax module contains the fax modem and RJ-11 connector. The Fax modem implements the T.30 fax protocol.
The Fax module contains a CPU, BIOS, RAM, and Non-Volatile Memory.

Volatile Memory Description

(Y/N)

SDRAM 80MB N FAX Card volatile memory No user image data

stored

All memory listed above contains code for execution and configuration information. No user or job data is permanently stored
in this location.

Non-Volatile Memory Description

(Y/N)

Flash ROM

All memory listed above contains code for execution and configuration information. No user or job data is stored in this location.

4MB

N

Table 6 Fax Module memory components

FAX executable code.

No user image data
stored.

2.4. Scanner

2.4.1. Purpose

The purpose of the scanner is to provide mechanical transport of hardcopy originals and to convert hardcopy
originals to electronic data.

2.4.2. Hardware

The scanner converts the image from hardcopy to electronic data. An optional document handler moves originals
into a position to be scanned. The scanner provides enough image processing for signal conditioning and
formatting. The scanner does not store scanned images. All other image processing functions are in the copy
controller.

The DADF/Scanner contains a CPU, BIOS, RAM, and Non-Volatile Memory

.

Ver. 2.00, March 2011 Page 11 of 50

XEROX WorkCentre

Type (SRAM, DRAM, etc)

Size User Modifiable

Function or Use

Process to Clear:

Additional Information:

Type (Flash, EEPROM, etc)

Size User Modifiable

Function or Use

Process to Clear:

Additional Information:

Type (SRAM, DRAM, etc)

Size User Modifiable

Function or Use

Process to Clear:

Additional Information:

Type (Flash, EEPROM, etc)

Size User Mo

difiable

Function or Use

Process to Clear:

Additional Information:

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

Volatile Memory Description

(Y/N)

SRAM 6KB N Scanner volatile memory; no user

image data stored

All memory listed above contains code for execution and configuration information. No user or job data is permanently stored in this location.

Power Off System

Non-Volatile Memory Description

(Y/N)

Flash ROM 128MB N Scanner executable code No user image data

stored

All memory listed above contains code for execution and configuration information. No user or job data is stored in these locations.

Table 7 Scanner memory components

2.5. Graphical User Interface (GUI)

2.5.1. Purpose

The GUI detects soft and hard button actuations, and provides text and graphical prompts to the user. The GUI is
sometimes referred to as the Local UI (LUI) to distinguish it from the WebUI, which is exported by the web service
that runs in theccontroller. Images are not transmitted to or stored in the GUI. The Start hard button is located on
the GUI panel.

2.5.2. Hardware

The user interface contains a FPGA that contains RAM and Non-Volatile Memory

Volatile Memory Description

(Y/N)

DRAM 2KB N User Interface volatile memory; no

user image data stored

All memory listed above contains code for execution and configuration information. No user or job data is permanently stored in this location.

.

Power Off System

Non-Volatile Memory Description

Flash ROM 32KB N no user image data stored No user image data

All memory listed above contains code for execution and configuration information. No user or job data is stored in this location.

Ver. 2.00, March 2011 Page 12 of 50

(Y/N)

stored

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Table 8 User Interface memory components

Information Assurance Disclosure Paper

2.6. Marking Engine (also known as the Image

Output Terminal or IOT)

2.6.1. Purpose

The Marking Engine performs copy/print paper feeding and transport, image marking and fusing, and document
finishing. Images are not stored at any point in these subsystems.

2.6.2. Hardware

The marking engine is comprised of paper supply trays and feeders, paper transport, laser scanner, xerographics, and
paper output and finishing. The marking engine contains a CPU, BIOS, RAM and Non-Volatile Memory.

2.6.3. Control and Data Interfaces

Images and control signals are transmitted from the copy controller to the marking engine across a proprietary
interface.

2.7. System Software Structure

2.7.1. Open-source components

Open-source components in the connectivity layer implement high-level protocol services. The security-relevant
connectivity layer components are:

• Apache 2.2.11, with mod_ssl integrated (http and https)

• PHP 5.3.1

• OpenSSL 0.9.8l (SSL)

• SAMBA 3.0.30 (SMB)

• Netsnmp 5.0.9 (SNMPv3)

2.7.2. OS Layer in the Controller

The OS layer includes the operating system, network and physical I/O drivers. The controller operating system is
Wind River Linux, kernel v. 2.6.20+. Xerox may issue security patchesfor the OS, in which case the Xerox portion of
the version number (i.e.. after the ‘+’ sign) will be incremented.

The crypto library for IPSec is provided by the kernel.

IP Filtering is also provided by the kernel.

Ver. 2.00, March 2011 Page 13 of 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Paper

Figure 2-4 Controller Operating System layer components

Ver. 2.00, March 2011 Page 14 of 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

2.7.3. Network Protocols

Figure 2-5 is an interface diagram depicting the protocol stacks supported by the device, annotated according to the
DARPA model.

Information Assurance Disclosure Paper

Figure 2-5 IPv4 Network Protocol Stack

Ver. 2.00, March 2011 Page 15 of 50