Xerox 701P46740 User Manual
Version 6.0, January 2007
701P46740
Xerox FreeFlow® Print Server
Security Guide
Prepared by:
Xerox Corporation
Global Knowledge and Language Services
800 Philips Road Bldg. 845-17S
Webster, New York 14580
USA
©2007 by Xerox Corporation. All rights reserved.
Copyright protection claimed includes all forms and matters of copyrightable material and information
now allowed by statutory judicial law or hereinafter granted, including without limitation, material generated
from the software programs displayed on the screen such as icons, screen displays, or looks.
Printed in the United States of America.
XEROX® and all Xerox product names mentioned in this publication are trademarks of XEROX CORPORATION.
Other company trademarks are also acknowledged.
Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in
subsequent editions.
Table of contents
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Customer support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2
System supplied security profiles. . . . . . . . . . . . . . . . . . . . . . . 2-3
Enable and disable services. . . . . . . . . . . . . . . . . . . . . . . . 2-5
User level changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10
Solaris file permi ssions. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11
Disabling secure name service databases . . . . . . . . . . . . 2-11
Multicast routing disabled . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 1
OS and host information hidde n. . . . . . . . . . . . . . . . . . . . 2-11
Sendmail daemon secured. . . . . . . . . . . . . . . . . . . . . . . . 2-12
Network parameters secured . . . . . . . . . . . . . . . . . . . . . . 2-12
Executable stac ks disabled. . . . . . . . . . . . . . . . . . . . . . . . 2-12
NFS port monitor restricted. . . . . . . . . . . . . . . . . . . . . . . . 2-12
Remote CDE login disabled . . . . . . . . . . . . . . . . . . . . . . . 2-12
Xerox FreeFlow Print Server router capabilities disabled. 2-12
Security warning banners. . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Disabling LP anonymous printing. . . . . . . . . . . . . . . . . . . 2-13
Remote shel l in te r ne t se rv ice . . . . . . . . . . . . . . . . . . . . . . 2-13
enable-ftp and disabl e-ftp . . . . . . . . . . . . . . . . . . . . . . . . . 2-13
Creating user-defined profiles. . . . . . . . . . . . . . . . . . . . . . 2-14
Setting the current and default profiles. . . . . . . . . . . . . . . 2-14
Account management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Local users and groups. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-14
Default user groups and user account s . . . . . . . . . . . . . . 2-15
Creating user accounts. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Group authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16
Auto-Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-18
Default Screen/Auto-Logoff (Nuvera Only). . . . . . . . . . . . . . . 2-19
Password security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19
Strong Passwords. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20
Xerox FreeFlow Print Server Security Guide
i
Table of contents
Audit Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
GUI Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-21
User Activity on the System . . . . . . . . . . . . . . . . . . . . . . . 2-22
Date/Time User Login/Logout. . . . . . . . . . . . . . . . . . . . . . 2-22
Changing individual pass words . . . . . . . . . . . . . . . . . . . . 2-22
Accessing the Xerox FreeFlow Print Server through ADS. . . 2-22
Limiting access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23
IP Filtering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23
Remote Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24
Secure Socket Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24
Using the Print Server SSL/TLS Security Feature . . . . . . 2-24
Creating and Using a Self-Signed Certificate . . . . . . . . . . 2-25
Using an Existing Signed Certificate from a Certificate Author-
ity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-26
Digital Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-27
Secure Print . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29
MICR mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29
Prevent Unauthorized Queue Changes . . . . . . . . . . . . . . . . . 2-30
Queue Lock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Roles and responsibilitie s. . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Xerox responsibiliti e s . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-30
Customer Responsibilities . . . . . . . . . . . . . . . . . . . . . . . . 2-31
Security tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-31
Virus Scan. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
Online Help for security. . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
Xerox FreeFlow Print Server Security Guide
ii
About this guide
Introduction
The Security Guide provides the information needed to perform
system administration tasks for maintaining the Xerox FreeFlow®
Print Server.
This guide is intended for network and system administrators
responsible for setting up and maintaining Xerox printers with
Xerox FreeFlow Print Server soft wa re. System administrators
should have an understandi ng of the Sun works ta tion, a famili arity
with Solaris, and with basic UNIX commands. This includes the
use of text editors such as vi or textedit and the ability to
maneuver within the Solaris environment. To enable them to
setup a customer site, sys tem administrators are expected to have
a working knowledge of Local Area Networks (LANs),
communication protocols, and the applicabl e cli ent platforms.
Contents
Conventions
In general, this docum ent covers information about the Xerox
FreeFlow Print Server that is not covered in the Online Help or
other available guides.
This guide includes the following conventions:
• Angle brackets - Variable information that is displayed on your
screen is enclosed within angle brackets; for example, “Unable to
copy <filename>.”
• Square brackets - Names of options you select are shown in square
brackets; for example, [OK] and [Cancel].
• Notes are hints that help you perform a task or understand the text.
Notes are found in the following format:
NOTE: This is an example of a note.
Security Guide 1
Customer support
To place a customer service call, dial the dire ct TTY n umb er for
assistance. The number is 1-800-735-2988.
For additional assistance, dial the following numbers:
• Service and software support: 1-800-821-2797
• Xerox documentation and software services: 1-800-327-9753
2 Security Guide
Security
This section describes the Xerox FreeFlow® Print Server systemsupplied security profil es. It outlines the characteristics of each
profile and indicates how each can be customized to create userdefined profiles. The enhanced security fea tur es in the Xerox
FreeFlow Print Server protect the system against unauthorized
access and modification.
This section also addresses the options available to the
administrator in setting up and managing user accounts.
Finally this section offers general guidelines to security-related
procedures that can be impl emented to imp rove the securi ty of the
Xerox FreeFlow Print Server controller and the Solaris OS.
System supplied security profiles
The four system-supplied profiles are: default operating system
only, low, medium, and high. The following table describes the
characteristics of each s ecur ity l evel and t he confi gur able set tings
that restrict access to various devices and operating system
services.
NOTE: Customers have the option to setup and use cust om
profiles. Custom profiles are copied from one of the systemsupplied profiles and provides the abili ty to enable/disable any of
the default settings. Multiple custom profiles can be saved on the
system.
Table 2-1 Security Profiles
Profile Characteristics User Compatibility Comments
Default
Operati
ng
System
Only
All ports are open.
Walkup users can repr int
anything.
Full workspace menu is
available.
Auto logon is enabled.
Physically
closed
environments.
Close to
DocuSP 2.1
and 3.1.
Similar to
DocuSP 3.X
“Medium”.
Anonymous FTP is
read-only and
restricted.
The Solaris
desktop is removed
from all settings
except none.
Security Guide 3
Profile Characteristics User Compatibility Comments
Low FTP is enabled.
Telnet, rsh is disabled.
NFS client is enabled.
AutoFS is enabled.
Walkup users can repr int
from “Saved Jobs” and
CD-ROM.
Terminal window is
password protected.
Auto-login is enabled.
Medium FTP is disabled.
telnet, rsh is disabled.
NFS client is disabled.
AutoFS is disabled, e.g.; /
net/<hostname>and
home/<username> are
not automatically
mounted).
NFS server is filtered via
RPC tab.
Walkup user can reprint
from CD_ROM.
Terminal window is
password protected.
Auto-login is enabled.
First choice
setting for
most
environments.
Environments
requiring high
security but
with a need to
integrate
FreeFlow/
Digipath.
Similar to
DocuSP 3.x
“High”.
Supports
FreeFlow®
workflow.
Supports
FreeFlow
workflow and
legacy
DigiPath
workflow.
Anonymous FTP is
ready-only and
restricted.
T o enable telnet , go
to [Setup], [FTP/
Remote
Diagnostics].
Anonymous FTP is
ready-only and
restricted.
T o enable telnet , go
to [Setup], [F T P /
Remote
Diagnostics].
High FTP is disabled.
telnet, rsh is disabled.
NFS client is disabled.
AutoFS is disabled, e.g.; /
net/<hostname>and
home/<username> are
not automatically
mounted.
NFS server is disabled on
customer network.
Walkup users cannot
reprint anything.
Terminal window is
password protected.
Auto login is disabled
(login is always required
from GUI).
Custom Any profile can be edited
to adjust to user needs
NOTE: Regardless of the security profile, anonymous FTP is
Read-only with restricted access to /export/home/ftphome only.
For
government
market.
Does not
support legacy
DigiPath
workflow.
Supports
FreeFlow
workflow.
File FTP is
disabled.
File transfer can be
done via Secure
FTP.
For CFA support,
that is FTP upload
of outload, go to
[Setup], [FTP/
Remote
Diagnostics] menu,
select enable FTP.
4 Security Guide
Enable and d is a b le se rvices
The following tables provide a list of the ser vices that can be
enabled and disabled from the Xerox FreeFlow Print Server
“Setup > Security Profiles” menu options.
NOTE: Services list may vary , depending on the product.
Table 2-2 “System” tab
System Service Description
Allow_host.equiv_plus Background: The /etc/hosts. equiv and /.rhost s files provide the remote
authentication database for rlogin, rsh, rcp, and rexec. The fil es
specify remote hosts and users that are considered to be trusted.
Trusted users are allowed to access the local system without
supplying a password. These files can be removed or modified to
enhance security. The Xerox FreeFlow Print Server is provided with
both of these files deleted entirely. The setting All_host.equiv_plus is
set to disabled, then anytime that security settings are applied, the +
will be removed from host.equi v. IMPORT ANT NOTE: Removing the +
from the hosts.equiv file will prev ent the use of the Xerox command
line client print from remote client s. An alternative woul d be to remove
the + and add the name of each trusted host that requires this
functionality. Leaving the + will allow a user from any remote host to
access the system with the same username
Anonymous FTP
BSM Enable or disable the Basic Security Module (BSM) on Solaris
Executable Stacks Some security exploits take advantage of the Solaris OE kernel
executable system stack to attack the system. Some of these exploits
can be avoided by making the system stack non-executable. The
following lines are added to /etc/system/fP file:set
noexec_user_stack=1s et noexec_user_stack_log=1
Hide Info Banners
Multicast Rout in g
Remote CDE Logins Deny all remote access (direct/broadcast) to the X server running on
the Xerox FreeFlow Print Server by installing an appropriate /etc/dt/
config/Xaccess file.
Restrict DFS tab
Restrict NFS Portmon
Router Disable router mode by creating an empty the empty file: /etc/
notrouter.
Secure File
Permissions
Security Guide 5
System Service Description
Secure Network
Settings
Secure Sendmail Force sendmail to only handle outgoing mail. No incomin g mai l wi ll b e
handled by sendmail.
Security Warning
Banners
Enable security warning banners to be displayed when a user logins
or telnets into t he Xerox FreeFl ow Print Se rver. The warning message
explains that only authorized users sh ould be using the system and
that any others face the possibility of being monitored by law
enforcement official s.
Table 2-3 “INIT” tab RC2 section
RC2 Service Description
S40LLC2 Class II logical link control driver
S47ASPPP Asynchronous PPP link manager. This service is re-enabled via
enable-remote-diagnostics command.
S70UUCP UUCP server
S71LDAP.CLIENT LDAP daemon to cache server and client information for NIS lookups.
S72AUTOINSTALL Script executed during stub JumpStart or AUTOINSTALL JumpStart
S72SLPD Service Location Protocol daemon
S73cachefs.daemon Starts cachefs file systems
S73NFS.CLIENT NFS client service. Disables the statd service which is only required if
your system is an NFS server or a client.
S74XNTPD
S74AUTOFS The automountd service is only required if your system uses NFS to
automatically mount file systems. Stopping the autofs subsystem will
kill the running automountd daemon and unmount any autofs file
systems currently mounted.
S80SPC SunSoft Print Client daemon
S88SENDMAIL The sendmail daemon is used to send mail over the internet. If
sendmail is not required, it can be disabled.
S89bdconfig Solaris serial device.
S90WBEM CIM Boot Manager. Disables WBEM clients from accessing the Xer ox
FreeFlow Print Server.
S93cacheos.finish Starts cachefs file systems.
S94ncalogd
S95ncad Solaris network cache and accelerator.
6 Security Guide
RC2 Service Description
slp
uucp
Table 2-4 “INIT” tab RC3 section
RC3 Service Description
S15NFS.SERVER NFS Server. Disable ability to export Xerox FreeFlow Print Server file
systems. This service is enabled if legacy DigiPath/FreeFlow® and
Decomposition Services (NetAgent) are enabled.
S17HCLNFS.DAEMON
S25openssh.server OpenSSH server.
S17BWNFS.DAEMON Secure mounted file systems. There are two shared file sys tems that
are exported by the Xerox FreeFlow Print Server. The two directories
are only required for anyone with XDOD version 3.0 or below. With the
release of DigiPath Version 1.0, it is not necessary to export these file
systems.
S76SNMPDX Sun Solstice Enterprise Master Agent. Solaris SNMP services are
disabled. This does not prevent Xerox FreeFlow Print Server SNMP
services from operating.
S77DMI Sun Solstice Enterprise DMI Service Provider
S80MIPAGENT Mobile IP agent
S82initsma
S92VOLMGT Solaris volume management daemon.
Table 2-5 “INETD” tab
INETD Service Description
amiserv RPC Smart Card
Not used by the Xerox FreeFlow Print Server.
Interface
cachefs Cached File System
Not used by the Xerox FreeFlow Print Server.
server
chargen Character Generator
Protocol server
Sends revolving pattern of ASCII characters.
Sometimes used in packet debugging and can
be used for denial of service attack s. Not used
by the Xerox FreeFlow Print Server.
comsat Biff server comsat is the server process which listens for
reports of incoming mail and notifies users who
have requested to be told when mail arrives . Not
used by the Xerox FreeFlow Print Server.
Security Guide 7
INETD Service Description
daytime Daytime Protocol
server
Displays the date and time. Used primarily for
testing. Not used by the Xerox FreeFlow Print
Server.
discard Discard Protocol server Discards everything sent to it.Use d primarily for
testing. Not used by the Xerox FreeFlow Print
Server.
dtspc CDE sub-process
Control Servic e
CDE sub-process Control Service (dtspcd) is a
network daemon that accepts requests from
clients to execute commands and launch
applications remotely. Not used by the Xerox
FreeFlow Print Server.
echo Echo Protocol server Echoes back any character sent to it. Someti mes
used in packet debugging and can be used for
denial of service attacks. No t used by the Xerox
FreeFlow Print Server.
exec Remote execution
server
Used by rexec(1) command. Potentially
dangerous— passwords and subsequent
session is clear text (not encrypte d). Not used by
the Xerox FreeFlow Print Server.
finger Remote user
information server
Display information about local and remot e
users. Gives away user information. Not used by
the Xerox FreeFlow Print Server.
fs X font server Used by CDE to dynamically render fonts. The
Xerox FreeFlow Print Server uses bit-map fonts.
ktkt_warnd Kerberos warning
daemon
ktkt_warnd is a daemon on Kerberos clients that
can warn users when their Kerberos tickets are
about to expire. It is invoked by inetd when a
ticket-granting ticket (TGT) is obtained for the
first time, such as after using the kini t command.
ftp File transfer proto col
server
This can be used to enable/disable the ftp
server. This does not affect using the ftp client
from the Xerox FreeFlow Print Server to anot her
host running an FTP server. Note that
FreeFlow® requires this servic e to be enabled.
gssd RPC program
authentication
kcms_server KCMS library service
daemon
Generates and validates GSS-API tokens for
kernel RPC.
Allows the KCMS library to access profiles on
remote machines. Not used by the Xerox
FreeFlow Print Server.
login Remote login server Used by the rlogin(1) command. Potentially
dangerous— uses ~/.rhosts file for
authentication; passwords and subsequent
session is clear text (not encrypted).
8 Security Guide
Loading...