The Security Guide provides the information needed to perform
system administration tasks for maintaining the Xerox FreeFlow®
Print Server.
This guide is intended for network and system administrators
responsible for setting up and maintaining Xerox printers with
Xerox FreeFlow Print Server soft wa re. System administrators
should have an understandi ng of the Sun works ta tion, a famili arity
with Solaris, and with basic UNIX commands. This includes the
use of text editors such as vi or textedit and the ability to
maneuver within the Solaris environment. To enable them to
setup a customer site, sys tem administrators are expected to have
a working knowledge of Local Area Networks (LANs),
communication protocols, and the applicabl e cli ent platforms.
Contents
Conventions
In general, this docum ent covers information about the Xerox
FreeFlow Print Server that is not covered in the Online Help or
other available guides.
This guide includes the following conventions:
•Angle brackets - Variable information that is displayed on your
screen is enclosed within angle brackets; for example, “Unable to
copy <filename>.”
•Square brackets - Names of options you select are shown in square
brackets; for example, [OK] and [Cancel].
•Notes are hints that help you perform a task or understand the text.
Notes are found in the following format:
NOTE: This is an example of a note.
Security Guide1
Customer support
To place a customer service call, dial the dire ct TTY n umb er for
assistance. The number is 1-800-735-2988.
For additional assistance, dial the following numbers:
•Service and software support: 1-800-821-2797
•Xerox documentation and software services: 1-800-327-9753
2Security Guide
Security
This section describes the Xerox FreeFlow® Print Server systemsupplied security profil es. It outlines the characteristics of each
profile and indicates how each can be customized to create userdefined profiles. The enhanced security fea tur es in the Xerox
FreeFlow Print Server protect the system against unauthorized
access and modification.
This section also addresses the options available to the
administrator in setting up and managing user accounts.
Finally this section offers general guidelines to security-related
procedures that can be impl emented to imp rove the securi ty of the
Xerox FreeFlow Print Server controller and the Solaris OS.
System supplied security profiles
The four system-supplied profiles are: default operating system
only, low, medium, and high. The following table describes the
characteristics of each s ecur ity l evel and t he confi gur able set tings
that restrict access to various devices and operating system
services.
NOTE: Customers have the option to setup and use cust om
profiles. Custom profiles are copied from one of the systemsupplied profiles and provides the abili ty to enable/disable any of
the default settings. Multiple custom profiles can be saved on the
system.
Table 2-1 Security Profiles
ProfileCharacteristicsUserCompatibilityComments
Default
Operati
ng
System
Only
All ports are open.
Walkup users can repr int
anything.
Full workspace menu is
available.
Auto logon is enabled.
Physically
closed
environments.
Close to
DocuSP 2.1
and 3.1.
Similar to
DocuSP 3.X
“Medium”.
Anonymous FTP is
read-only and
restricted.
The Solaris
desktop is removed
from all settings
except none.
Security Guide3
ProfileCharacteristicsUserCompatibilityComments
LowFTP is enabled.
Telnet, rsh is disabled.
NFS client is enabled.
AutoFS is enabled.
Walkup users can repr int
from “Saved Jobs” and
CD-ROM.
Terminal window is
password protected.
Auto-login is enabled.
MediumFTP is disabled.
telnet, rsh is disabled.
NFS client is disabled.
AutoFS is disabled, e.g.; /
net/<hostname>and
home/<username> are
not automatically
mounted).
NFS server is filtered via
RPC tab.
Walkup user can reprint
from CD_ROM.
Terminal window is
password protected.
Auto-login is enabled.
First choice
setting for
most
environments.
Environments
requiring high
security but
with a need to
integrate
FreeFlow/
Digipath.
Similar to
DocuSP 3.x
“High”.
Supports
FreeFlow®
workflow.
Supports
FreeFlow
workflow and
legacy
DigiPath
workflow.
Anonymous FTP is
ready-only and
restricted.
T o enable telnet , go
to [Setup], [FTP/
Remote
Diagnostics].
Anonymous FTP is
ready-only and
restricted.
T o enable telnet , go
to [Setup], [F T P /
Remote
Diagnostics].
HighFTP is disabled.
telnet, rsh is disabled.
NFS client is disabled.
AutoFS is disabled, e.g.; /
net/<hostname>and
home/<username> are
not automatically
mounted.
NFS server is disabled on
customer network.
Walkup users cannot
reprint anything.
Terminal window is
password protected.
Auto login is disabled
(login is always required
from GUI).
CustomAny profile can be edited
to adjust to user needs
NOTE: Regardless of the security profile, anonymous FTP is
Read-only with restricted access to /export/home/ftphome only.
For
government
market.
Does not
support legacy
DigiPath
workflow.
Supports
FreeFlow
workflow.
File FTP is
disabled.
File transfer can be
done via Secure
FTP.
For CFA support,
that is FTP upload
of outload, go to
[Setup], [FTP/
Remote
Diagnostics] menu,
select enable FTP.
4Security Guide
Enable and d is a b le se rvices
The following tables provide a list of the ser vices that can be
enabled and disabled from the Xerox FreeFlow Print Server
“Setup > Security Profiles” menu options.
NOTE: Services list may vary , depending on the product.
Table 2-2 “System” tab
System ServiceDescription
Allow_host.equiv_plusBackground: The /etc/hosts. equiv and /.rhost s files provide the remote
authentication database for rlogin, rsh, rcp, and rexec. The fil es
specify remote hosts and users that are considered to be trusted.
Trusted users are allowed to access the local system without
supplying a password. These files can be removed or modified to
enhance security. The Xerox FreeFlow Print Server is provided with
both of these files deleted entirely. The setting All_host.equiv_plus is
set to disabled, then anytime that security settings are applied, the +
will be removed from host.equi v. IMPORT ANT NOTE: Removing the +
from the hosts.equiv file will prev ent the use of the Xerox command
line client print from remote client s. An alternative woul d be to remove
the + and add the name of each trusted host that requires this
functionality. Leaving the + will allow a user from any remote host to
access the system with the same username
Anonymous FTP
BSMEnable or disable the Basic Security Module (BSM) on Solaris
Executable StacksSome security exploits take advantage of the Solaris OE kernel
executable system stack to attack the system. Some of these exploits
can be avoided by making the system stack non-executable. The
following lines are added to /etc/system/fP file:set
noexec_user_stack=1s et noexec_user_stack_log=1
Hide Info Banners
Multicast Rout in g
Remote CDE LoginsDeny all remote access (direct/broadcast) to the X server running on
the Xerox FreeFlow Print Server by installing an appropriate /etc/dt/
config/Xaccess file.
Restrict DFS tab
Restrict NFS Portmon
RouterDisable router mode by creating an empty the empty file: /etc/
notrouter.
Secure File
Permissions
Security Guide5
System ServiceDescription
Secure Network
Settings
Secure SendmailForce sendmail to only handle outgoing mail. No incomin g mai l wi ll b e
handled by sendmail.
Security Warning
Banners
Enable security warning banners to be displayed when a user logins
or telnets into t he Xerox FreeFl ow Print Se rver. The warning message
explains that only authorized users sh ould be using the system and
that any others face the possibility of being monitored by law
enforcement official s.
Table 2-3 “INIT” tab RC2 section
RC2 ServiceDescription
S40LLC2Class II logical link control driver
S47ASPPPAsynchronous PPP link manager. This service is re-enabled via
enable-remote-diagnostics command.
S70UUCPUUCP server
S71LDAP.CLIENTLDAP daemon to cache server and client information for NIS lookups.
S72AUTOINSTALLScript executed during stub JumpStart or AUTOINSTALL JumpStart
S72SLPDService Location Protocol daemon
S73cachefs.daemonStarts cachefs file systems
S73NFS.CLIENTNFS client service. Disables the statd service which is only required if
your system is an NFS server or a client.
S74XNTPD
S74AUTOFSThe automountd service is only required if your system uses NFS to
automatically mount file systems. Stopping the autofs subsystem will
kill the running automountd daemon and unmount any autofs file
systems currently mounted.
S80SPCSunSoft Print Client daemon
S88SENDMAILThe sendmail daemon is used to send mail over the internet. If
sendmail is not required, it can be disabled.
S89bdconfigSolaris serial device.
S90WBEMCIM Boot Manager. Disables WBEM clients from accessing the Xer ox
S15NFS.SERVERNFS Server. Disable ability to export Xerox FreeFlow Print Server file
systems. This service is enabled if legacy DigiPath/FreeFlow® and
Decomposition Services (NetAgent) are enabled.
S17HCLNFS.DAEMON
S25openssh.serverOpenSSH server.
S17BWNFS.DAEMONSecure mounted file systems. There are two shared file sys tems that
are exported by the Xerox FreeFlow Print Server. The two directories
are only required for anyone with XDOD version 3.0 or below. With the
release of DigiPath Version 1.0, it is not necessary to export these file
systems.
S76SNMPDXSun Solstice Enterprise Master Agent. Solaris SNMP services are
disabled. This does not prevent Xerox FreeFlow Print Server SNMP
services from operating.
S77DMISun Solstice Enterprise DMI Service Provider
S80MIPAGENTMobile IP agent
S82initsma
S92VOLMGTSolaris volume management daemon.
Table 2-5 “INETD” tab
INETD ServiceDescription
amiservRPC Smart Card
Not used by the Xerox FreeFlow Print Server.
Interface
cachefsCached File System
Not used by the Xerox FreeFlow Print Server.
server
chargenCharacter Generator
Protocol server
Sends revolving pattern of ASCII characters.
Sometimes used in packet debugging and can
be used for denial of service attack s. Not used
by the Xerox FreeFlow Print Server.
comsat Biff servercomsat is the server process which listens for
reports of incoming mail and notifies users who
have requested to be told when mail arrives . Not
used by the Xerox FreeFlow Print Server.
Security Guide7
INETD ServiceDescription
daytimeDaytime Protocol
server
Displays the date and time. Used primarily for
testing. Not used by the Xerox FreeFlow Print
Server.
discardDiscard Protocol serverDiscards everything sent to it.Use d primarily for
testing. Not used by the Xerox FreeFlow Print
Server.
dtspc CDE sub-process
Control Servic e
CDE sub-process Control Service (dtspcd) is a
network daemon that accepts requests from
clients to execute commands and launch
applications remotely. Not used by the Xerox
FreeFlow Print Server.
echo Echo Protocol serverEchoes back any character sent to it. Someti mes
used in packet debugging and can be used for
denial of service attacks. No t used by the Xerox
FreeFlow Print Server.
execRemote execution
server
Used by rexec(1) command. Potentially
dangerous— passwords and subsequent
session is clear text (not encrypte d). Not used by
the Xerox FreeFlow Print Server.
finger Remote user
information server
Display information about local and remot e
users. Gives away user information. Not used by
the Xerox FreeFlow Print Server.
fs X font serverUsed by CDE to dynamically render fonts. The
Xerox FreeFlow Print Server uses bit-map fonts.
ktkt_warndKerberos warning
daemon
ktkt_warnd is a daemon on Kerberos clients that
can warn users when their Kerberos tickets are
about to expire. It is invoked by inetd when a
ticket-granting ticket (TGT) is obtained for the
first time, such as after using the kini t command.
ftpFile transfer proto col
server
This can be used to enable/disable the ftp
server. This does not affect using the ftp client
from the Xerox FreeFlow Print Server to anot her
host running an FTP server. Note that
FreeFlow® requires this servic e to be enabled.
gssdRPC program
authentication
kcms_serverKCMS library service
daemon
Generates and validates GSS-API tokens for
kernel RPC.
Allows the KCMS library to access profiles on
remote machines. Not used by the Xerox
FreeFlow Print Server.
login Remote login serverUsed by the rlogin(1) command. Potentially
dangerous— uses ~/.rhosts file for
authentication; passwords and subsequent
session is clear text (not encrypted).
8Security Guide
INETD ServiceDescription
nameDARPA trivial name
server
in.tnamed is a server that supports the DARPA
Name Server Protoco. Seldom used anymore.
Not used by Xerox FreeFlow Print Server.
ocfservOCF serverThe OCF server , ocfserv, is a per-host daemon
that acts as the central point of communicat ions
with all smartcards connected to the host.
Applications that need to u se a smartcard can do
so by using the APIs in libsmartcard.so or
smartcard.jar. The internal implementation of
these APIs communicates with ocfserv to
perform the requested function.
inetd(1M)
automatically starts the ocfserv command when
it is needed. Once started, ocfserv runs forever.
If ocfserv is killed or crashes, it restarts
automatically, there is not a reason to run it
manually. Must have root privileges to execute
this utility.
rpc.cmsdCalendar manager
service daemon
rpc.cmsd is a small database manager for
appointment and resource-scheduling data. Its
primary client is Calendar Manager. Not used by
Xerox FreeFlow Print Server.
rpc.rusersdnetwork username
server
Gives intruder information about accounts. Not
used by Xerox FreeFlow Print Server.
rpc.rwalld Network rwall serverServer that handles rwall(1M) command
requests. Can be used for spoofing attacks. Not
used by Xerox FreeFlow Print Server.
rpc.sprayd Spray serverRecords the packets sent by the spray(1M)
command. Can be used in denial of service
attacks. Not used by Xerox FreeFlow Print
Server.
rcp.ttdbserverdRPC-based ToolTalk
database server
The RPC-based tooltalk database server is
required for CDE action commands. In particular ,
the CDE front panel has various menu i tems that
rely on CDE actions. Late i n the CP3.1 release,
the Server UI team disabled t he front p anel. With
the panel disabled, the need for the tooltalk
database server no longer exists
rpc.rstatdrstatd-kernel statistics
server
rpc.rstatd is a server which returns performance
statistics obt ained from the kernel.
rup(1) uses
rpc.rstatd to collect the uptime information that it
displays. rpc.rstatd is an RPC service.
rquotadRemote quota serverUsed by the quota (1 M) command to display
user quotas for remote file systems. Not used by
the Xerox FreeFlow Print Server.
Security Guide9
INETD ServiceDescription
sadmindDistributed system
administration daemon
shellRemote execution
server
Sun-dr (DCS)Domain configuration
server
talkServer for talk programThe talk utility is a two-way, screen oriented
Used by Solstice AdminSuite applications to
perform distributed system administration. Not
used by the Xerox FreeFlow Print Server.
Used by rsh(1) and rcp(1) commands. The
Xerox print command line client relies on the
remote shell internet service being enabled
since it uses the rcp(1) command to transfer files
onto the Xerox FreeFlow Print Server. However,
this service represent s a security risk. Not used
by the Xerox FreeFlow Print Server.
The Domain Configuration Serv er (DCS) is a
daemon process that runs on Sun servers that
support remote Dynamic Reconfiguration (DR)
clients. It is started by the Service Management
Facility when the first DR request is received
from a client connecting to the network service
sun-dr.
communication program. Not used by the Xerox
FreeFlow Print Server.
telnet TELNET protocol
server
timeTime Protocol serverOutdated time service. Seldom used anymore.
uucp UUCP serverUNIX to UNIX system copy over networks.
This can be used to enable/disable the telnet
server . This does not af fect using the t elnet client
from the Xerox FreeFlow Print Server to anot her
host running on TELNET server.
Not used by the Xerox FreeFlow Print Server.
UUCP is not securely set up and can be
exploited in many ways. Not used by the Xerox
FreeFlow Print Server.
User level changes
The following user-level changes are made:
•all users for at, cron, and batch are disallowed
•nuucp account is disabled
•listen account is disabled
•password entry locked for bin, sys, adm, uucp, nobody,
noaccess, nobody4, and anonymous
10Security Guide
Solaris file permissions
Secure File Permission options can be enabled or disabled
through the Xerox FreeFlow Print Server interface. Fix-modes
include:
•fixmodes-xerox: fix file permissions for all packages to
make them more secure. Available under the System tab
under the “Secure File Permissions” drop-down menu.
•fixmodes-solaris: fix file permissions only for Solaris
packages to make them more secure. Available under the
System tab under the “Secure File Permissions” dropdown menu.
The fix-modes utility (from the Solaris Secur ity Toolkit) adjusts
group and world write permissions. It is run with the '-s' option to
secure file permissions for Solaris files that were created at install
time only. Customer-generated files are not affected.
NOTE: When this command is run, a file called /var/sadm/install/
content.mods is left. Do not delete this file. It contains valuable
information needed by fix modes to revert the changes to the
system file permissions if the security setting is changed back to
medium.
Disabling secure name service databases
The following databases are disabled when security is invoked:
•passwd(4)
•group(4)
•exec_attr(4)
•prof_attr(4)
•ser_attr(4)
Multicast routing disabled
Multicast is used to send data to many systems at the same time
while using one address.
OS and host information hidden
The ftp, telnet and sendmail banners are set to nul l so that users
in cannot see the hostname and OS level.
Security Guide11
NOTE: All of these services are prohibited with a 'high' security
setting, but if they are re-enabled manually the hostname
information will remain hidden.
Sendmail daemon secured
Sendmail is forced to perform only outgoing mail. No incoming
mail will be accepted.
Network paramete rs secured
Sun's nddconfig security tool is run. For additional information,
view Sun's document, Solaris Operating Environment Network
Settings for Security, at
The system stack is made non-executable. This is done so
security exploitation programs cannot take advantage of the
Solaris OE kernel executable system st ack and thereby att ack the
system.
NFS port monitor restricted
The NFS server normally accepts requests fr om any port number.
The NFS Server is altered to process only those request s from
privileged ports. Note that wit h the high security setting, NFS is
disabled; however if the service is re-enabled manually, the port
restriction will still apply.
Remote CDE login disabled
The Remote CDE login is disabled.
Xerox FreeFlow Print Server router capabilities disabled
The Xerox FreeFlow Print Server router cap abilities is disabled
(empty/etc / n otrouter file cre a t ed ).
12Security Guide
Security warning banners
Security warning banners are displayed when a user logs in or
telnets into the Xerox FreeFlow Print Server. This message
explains that only authorized users should be using the system
and that any others face the possibilit y of being monitored by law
enforcement officials.
NOTE: DRW (Xerox FreeFlow Print Server Remote Workflow) is
not impacted by security settings.
Disabling LP anonymous printing
You can choose to disable anonymous printing on all existing LP
printer queues that are associated with the Xerox FreeFlow Print
Server virtual printers. When anonymous LP is disabled, only
systems that have their IP address in the Xerox FreeFl ow Print
Server controller /etc/hosts table are authorized to submit LP
requests. Answer “y” for yes to disable this printing option.
Remote shell internet service
If you are using the legacy Xerox print command line client (the
software is not distrib uted with this release), you will need to use
the remote sh e ll in te rnet service to tr ansfer files to th e Xe r o x
FreeFlow Print Server controll er. However, if you are not us ing the
Xerox print command line client, it is strongly recommended that
the remote shell internet service is disabled. When these three
questions are answered, all remaining aspects of the "High"
security setting are implemented.
enable-ftp and disable-ftp
These options allow for temporary enabling and disabling FTP
alone. Will not persist through reboot s. You must have FTP
enabled when using a Continuous Feed system, or FreeFlow®
Production Print and NetAgent.
FTP is also required for the Call fo r Assistan ce (CF A) feat ure. This
uses FTP to push IOT logs and a Xerox FreeFlow Print Server
outload back to the Print Server controller.
NOTE: Temporar ily e nable FTP t hro ugh the Xer ox Fr eeFlow Pri nt
Server Setup > FTP/Remote Diagnostics menu option.
Security Guide13
Creating user-defined profiles
To create a customized profile, the administr ator can copy and edit
any security profile according to the needs of the customer
environment. This new user prof ile can be select ed, edited, set as
current, set as default, or deleted.
Setting the current and default profiles
The administrator can select any profile and set it as the Current
Profile. This Current Profile persists throughout Xerox FreeFlow
Print Server restarts and system reboot until it is changed by the
administrator. Similarly, the administrator can specify a security
profile as a Default Profile.
Speci fying a profile as default does not enable the profile, but
indicates that it will be the profile set ting across Xerox FreeFlow
Print Server upgrades. By cl icking the Restore Default Profi le, the
Default profile can be selected as the Current prof ile (this
operation will take several minutes to complete).
Account management
Local users and groups
Any interaction between a user and the Xerox FreeFlow Print
Server is associated with a user account and is done via a logon
session, which is the basis for granting access.
Xerox FreeFlow Print Server user account s are defined either
locally at the device or remotely at a trusted network location like
ADS. The local user account is composed of a logon user name
and an assigned user group. A user account can be a member of
only one user group. It is the user group that is associated with a
security profile that defi nes the privileges of the group.
Default user accounts are provided to allow easy transition from
legacy Xerox FreeFlow Print Server versions. For customers that
do not require authentica tion, the Xerox Fr eeFlow Print Server c an
be configured to have the system automatically log on using a
default user account.
Local user accounts are constructed based on the Solaris
operating system model, with its limitations and restrictions, using
the [Users & Groups] selection on the Xerox FreeFlow Print
Server interface.
•Each local user account has an associated user name
14Security Guide
between 2-8 characters in length and is case sensitiv e.
Figure 1: Assignment to Groups
Figure 1: Assignment to Groups
•The user name is a string of characters from the set of
alphabetic characters (a-z, A-Z), numeric characters (0-9),
period (.), underscore (_), and hyphen (-); the fi rst character
must be alphabetic and the string must contain at least one
lower case alphabetic character.
•Each account has the following attributes: user name,
password, user group, account disabled/enabled, and
comments.
•The maximum number of user accounts is 25,000.
•Each local user account has an associated user p assword that
is a sequence of characters that is case sensiti ve and between
0 - 8 characters in length.
•User accounts are organized into groups. Each user account
is a member of only one group.
Default user groups and user accounts
The Xerox FreeFlow Print Server provides three default user
groups: Users, Operat ors, and System Administrators. It also
supplies four default user accounts: User, Operator, SA and
CSE. User and Operator accounts correspond to User and
Operator User Groups while SA and CSE both correspond to the
System Administrators group.
User Accounts
User Accounts
Users
Users
Operators
Operators
System Administrator
System Administrator
CSEs
CSEs
Security Guide15
The User , Operator and SA user accounts cannot be edited,
deleted, disabled, or removed from the assigned group. The CSE
account can be removed from the System Administrator group
and assigned to another group or disabled.
NOTE: It is the group that a user is associated with that defines
the privileges of the user, not the current security profile.
User Groups
User Groups
Users
Users
Operators
Operators
System Administrators
System Administrators
Creating user accounts
The Xerox FreeFlow Print Server user interface enables the
Administrator to manage accounts easily by selecting [Setup],
[Users & Groups], and the [Users] tab.
When the administrator selects the Users tab, a pop-up window
appears that enables the administ rator to cr eate, edit, or delete an
account and indicate whether the account should be enabled or
disabled.
Group authorization
Job Management and Customer Diagnostics are two functions of
the Xerox FreeFlow Print Server that the administrator may
choose to restrict. Fr om the Setup > Users & Gr oups menu option,
select the “Group Authorizations” tab in the interface. The
administrator can choose to enable or disable the service for a
particular user gr oup.
NOTE: The following table describes the functions allowed for the
three built-in groups. The column labeled as Changeable via
Graphical User Interface (GUI) implies that the function/service
can be enabled/disabled from the Users & Groups / Group
Authorization tab.
Table 2-6 Enable/disable from the “Group Authorizations” tab
Service Paths” in
Security Profile
controls the
directories that users
can reprint. The
defaults are:
DEFAUL T - Operating
System Only, Saved
Jobs, and CD-ROM
(Removal Media).
LOW - Saved Jobs
and CD-ROM
(Removable Media).
MED - CD-ROM
(Removable Media).
HIGH - Nothing.
CUSTOM - User
Defined.
The Automatic Logon feature enables or disables the ability of
users to directly acces s the Xerox FreeFlow Print Server , includi ng
Web UI (HTTP) access to the Print Server, without having to
manually log on. It is “enabled” in the ‘Default Operati ng System
Only’, ‘Low’, and Medium security profi les, and “disabled” in the
High security profile. The feature can be configured by any
member of the System Administrators group. To configure the
Automatic Logon feature, a custom profile must be created under
Security Profiles by copyi ng one of the default securi ty profiles . An
administrator must then set the new profile as current and enable
the Automatic Logon feature by selecting the checkbox under the
General tab. When Automatic Logon is enabled, a user account
must be specified. The default is set to automatically log on as
“user”. When Automatic Logon is disabled, the Xerox FreeFlow
Print Server will not launch completely until users log on via a
logon window . This window will appear befor e the Xerox FreeFlow
Print Server UI is displayed and will require users to manually log
on before accessing the Xerox FreeFlow Print Server.
NOTE: When the Automatic Logon feature is enabled, users are
not required to log on to gain access to the system. In this case,
the allowed access to the Xerox FreeFlow Print Server is
established by the privileges of the user account in Automatic
Logon. For example, if Automatic Logon is enabled and the user
account is Administrators, then the Xerox FreeFl ow Print Server
will be open and all access to t he Xerox FreeFlow Pr int Server wi ll
be granted.
18Security Guide
Default Screen/Auto-Logoff
Under [Setup/System Preferences/Default Scr een], any member
of the operator or sys tem administ rators group can se lect which of
the Xerox FreeFlow Print Server screens (Job or Print) the UI
should return to after a specified amount of time (1-10 minutes) of
inactivity (i.e. no movement from the keyboard or mouse). When
the time-out occurs, the user will also be changed to the user
account specified for auto-logon. If auto-logon is disabled, a user
will be forced to log in again before the Xerox FreeFlow Print
Server UI is displayed.
Password security
When the system is installed, the Change System Password
dialog box appears and prompts users to est ablish all System
Default Accounts with new passwords. For security reasons, all system passwordsmustbe changed.
•root: has super user access to the workstation. The initial
password for this account i s s et during installation of the
operating system and should be obtained from the Xerox
service personnel.
NOTE: For security reasons, the root account passwor d should be
changed as soon as the Xerox ser vice personnel have completed
the installation.
•The Xerox user name is the account from which the Xerox
software runs. Enter the Xerox user password for this account.
Contact your Customer Service Representative if this is
unknown.
NOTE: The administrator should verify access to the Xerox
application for all levels before the service installation personnel
leave the site
•ftp: an account to permit some clients to retrieve their software
from the Xerox FreeFlow Print Server controlle r using the
TCP/IP communication protocol. This account wil l be set to
Read-only access to the
NOTE: To maintain system security, it is recommended that any
restricted access login be terminated as soon as the session has
been completed.
NOTE: The user and group identifications, uid and gid, for the
Xerox accounts that are listed above cannot be arbitrarily changed
in the password and group files to new values because the
software is based on the proper access to the Xerox supplied fi les.
/export/home/ftp directory
Security Guide19
NOTE: Please be aware that Xerox Customer Support Personnel
must have access to the new root password for service and
support. It is the customer's responsi bility to ensure that the root
and system administrator passwords are available for them.
Strong Passwords
The Xerox FreeFlow Print Server provides additional security for
users required to adhere to strict security guidelines. It provides a
means in which a strong password policy can be enforced.
Strong Passwords can be Enabled and Disabled (default setting)
via the Password Policies window.
Strong passwords must consist of ALL of the following
•A minimum of 8 characters in length
•Contain at least one capital letter
•Contain at least one number
•Contain at least one special character {!, @, #, $, %, ^, &, *},
including open and close parentheses { ( ) }, hyphen{ - },
underscore{ _ }, and period{ . }.
NOTE: The strong password requirements cannot be modified. A
strong password cannot be set for roo t or any other Solaris user
accounts that are not created by the Xerox FreeF low Print Server.
NOTE: Remote Network Server: If running NIS+ name service,
strong passwords would be enforce d via the NIS + serv er.
This policy can be set by using the -a <# of allowed attempts>
argument with rpc.nispasswdd. For example, to limit users to no
more than four attempts (the default is 3) , you would type:
rpc.nispasswd -a 4.
How to Enable/Disable Strong Password
•From the Setup menu select [Users and Groups]
•From the Policies drop down menu select [Password]
•Enable/Disable Strong Password from the Password Policies
window . The default setting is “Disable”.
Login Attempts Allowed
The Xerox FreeFlow Print Server has provide d a means to lockout
users after reaching the maximum number of consecutive
attempts. Once this is done, the user will need to apply (reset) a
security policy and reboot the system.
The number of failed attempts and enable/disable is configurable
via the Password Policy screen. When enabled, login attempts
can be set from 1-6 attempts before the user is locked out. This
20Security Guide
function will only apply to failed l ogin attempts via the Xerox
FreeFlow Print Server UI and does not apply to the root (su) user.
How to Enable/Disable Login Attempts
•From the Setup menu select [Users and Groups]
•From the Policies drop down menu select [Password]
•Enable/Disable Login Attempts from the Password Policies
window . The default setting is “Disable”.
Password Expiration
The System Administrator can set a password expirat ion via the
Solaris Management Control.
NOTE: SMC (Solaris Management Control) has replaced
AdminTool. AdminT ool has been retired in Solaris 10.
1. Open a terminal window and login as root
2. Type: smc &
3. Go to: System Configuration -> Users -> User Accounts->
<select user> -> Password Options tab
4. Enter values in the drop down menus associated with each
password expiration parameter.
Audit Logs
GUI Logging
The Xerox FreeFlow Print Server UI does not handle password
expiration. Thus, the Print Server will not prompt the user to enter
a new password if his/her password has expired. Instead, a
message is posted indicating un known user name or password. It
is up to the customer to determine that the password has expired.
To do so, the customer should open a terminal window and
attempt to login as the user in question. If the password has
expired, the system will prompt for the user to enter a new
password.
Mouse clicks within the Xerox FreeFlow Print Server UI can be
monitored via the Log Console. These activities are associated
with the current user . This featur e can only be enabled/disabled by
members of the System Administrators group.
Security Guide21
User Activity on the System
When the High security profile is enabled, the Solar is Basic
Security Module (BSM) is activated.
Date/Time User Login/Logout
This information is kept in the authlog and syslog in the /var/log
directory. Login/Logout to the Xerox FreeFlow Print Server is
tracked as well as Network Login/Logout.
Changing individual passwords
There are two ways to change passwords : Users can change their
own passwords using the selection on the Logon menu and the
administrator can change the password by double clicking on the
user name in the User tab of [Users and Groups Management] .
Accessing the Xerox FreeFlow Print Server through ADS
If the Xerox FreeFlow Print Server has been configured to join a
Windows 2000 ADS domain, users may log onto the printer using
their Microsoft Active Dire ctory Services (ADS) user names.
To provide this option, the administrator must first configure the
Xerox FreeFlow Print Server appropriat ely for the DNS gateway
(see the “Gateway and Network Configuration” section o f thi s
guide). Additionally, the administrator must access the [ADS
Groups] tab thro ugh [Users and Gr oups Management] and specify
or edit the mapping of the ADS groups to the Xerox FreeFlow Prin t
Server user groups having permissi on to log on to the printer.
Configure Print Server to Join the ADS Domain
To enable the ADS user accounts, the Xerox FreeFlow Print
Server must have DNS enabled and joined to the appropri ate ADS
domain.
1. Logon to the Xerox FreeFlow Print Server as a member of the
System Administrators. From the Network Configuration
option, select the DNS tab, make sure that the Enable DNS
check box is checked. Ensure that the DNS Server li st is filled
in with the IP addresses of up to three DNS servers to search
when resolving host names to IP addresses. (This is part of
the network configuration procedure).
22Security Guide
2. Select the ADS tab, and enter in the fully qualified domain
name of the ADS domain.
3. Click “Join…” button to jo in the Xerox FreeFlow Print Serv er to
the ADS domain specified.
NOTE: If DNS is not enabled, the “Join...” button will not be
available.
Map the ADS groups to the Print Server user groups
From the Setup menu, Users & Groups option, select the ADS
Groups tab. A member of the System Administrators group can
specify, view and edit the mapping of ADS G roups to the three
Xerox FreeFlow Print Server user groups (Administrators,
Operator, Users) permitted to log on to the printer.
Log on to the system with ADS user names
From the Logon menu, select ADS for authentication, then log on
to the system with your ADS user name and password.
NOTE: For this feature to work, Administrators must ensure that
DNS is enabled, the Xerox FreeFlow Print Server is configured to
join the ADS domain, and ADS groups are mapped to the Xerox
FreeFlow Print Server user groups.
Limiting access
IP Filtering
Troubleshoot ADS
Refer to the online help feature when troubleshooting ADS.
The Xerox FreeFlow Print Server provides options that allow the
administrator to block or limit access to the system.
IP Filtering allows the administrator to block IP addresses and
provides access to services such as: LPR, IPP, HTTP, HTTPS,
SMB Printing, Raw TCP Printing, and FTP Connections.
The administrator can limit access through the Xerox FreeFlow
Print Server interface [Setup > IP Filtering menu option]. The filter
allows the blocking of specific IP addresses or a range of
addresses from accessing the system. Available options include:
Enable All Connections, Disable All Connections, Enable
Security Guide23
Speci fied Connections. Additional subnet mask can also be
specified.
Refer to online help for detail ed descriptions of IP Filtering
property tabs such as: General tab, System t ab, INIT tab, INETD
tab, RPC tab.
Remote Workflow
Remote Workfl ow allows for a remo te connection to th e X e ro x
FreeFlow Print Server controller.
The administrator can limit access through the Xerox FreeFlow
Print Server interface [Setup > System Pref erenc es menu opti on].
Remote Workflow options include: Enable All Connections,
Disable All Connections, Enable Specified Connections (by
specific IP Address).
NOTE: The default is Enable All Connections.
Secure Socket Layer
Using the Print Server SSL/TLS Security Feature
The Xerox FreeFlow Print Server implements Secure Socket
Layer technology using encryption, a secure po rt, and a signed
digital certificat e.
Secure Socket Layer (SSL) and Transport Layer Security (TLS)
are two network security protocols that encrypt and transmit data
via HTTP and IPP over the TCP/IP network. SSL is a protocol
layer placed between a reliable connection- oriented networ k layer
protocol and the application protocol layer.
The network client and the web server (printing system) decide
which protocol to use for data transfer and communicat ion.
The encryption level can be either secure or normal. Normal
security in the SSL/TLS tab means that the user can access IPP
or HTTP via http or https.
The Secure Socket Layer (SSL) and Transport Layer Security
(TLS) are two protocols used to provide a reliable end-to-end
secure and authenticated connection between two points over a
network. The Xerox FreeFlow Print Server SSL/TLS feature
allows a System Administrator to do the following:
1. Create and use a self-signed SSL/TLS certificate
24Security Guide
2. Use an existing certificate obtained from a certificate authority
(i.e. VeriSign, Thawte, etc.)
When SSL is disabled
When SSL is disabled (off), other web-based logins provided by
the Xerox FreeFlow Print Server may not be secure (encrypted) .
To guarantee a secure connection with Xerox FreeFlow Print
Server, do one of the following:
•Enable SSL optionally via the GUI and connect to the Xerox
FreeFlow Print Server via https://
•Require SSL as mandatory via the GUI and connect to the
ISGW
Creating and Using a Self-Signed Certificate
–Logon to the Xerox FreeFlow Print Server as System
Administrator or as a user who belongs to the System
Administrator group.
–Go to Setup -> SSL/TLS
–If not already enabled, click the 'OK' button in the "Informat ion"
pop-up box
–Click on the 'Add Certificate Button'. This will launch the "Add
Certificate Wizard".
Step 1 - Select "Self-Signed Certificate"
Step 2 - Select and enter either the server
•Domain Name
•IP Address
•Other
Step 3 - Enter the requested information:
•Organization (required)
•Organizational Unit (optional)
•E-mail (optional)
•Locality (optional)
•State/Province (optional)
•Country (required)
Step 4 - Enter the l ength of ti me that the cer tificat e will be va lid
for.
Step 5 - Verify information entered in previous step s.
Step 6 - A message will appear indicating that the self-signed
certificate has been installed.
Security Guide25
NOTE: During steps 2-5, the user may go back and correct any
mistakes made in previous steps .
–Click on the 'Enable SSL/TLS' checkbox at the top of the SSL/
TLS window.
–Select a SSL/TLS mode of operation:
•Normal (Encrypted and Unencrypted Access)
•Secure (Encrypted Access Only)
–Select encryption strength:
•Normal (DES-MD5-56-bit)
•Normal (DES-MD5-40-bit)
•Normal (DES-MD5-128-bit)
•Normal (3DES-MD5-128bit)
•High (RC4-MD5-128-bit)
•High (3DES-MD5-128-bit)
Using an Existing Signed Certificate from a Certificate Authority
–If SSL/TLS is not already enabled
–Click 'Add Certificate'
Step 1 - Select "Signed Certificate from a Certificate Authority"
Step 2 - Select and enter either the server
•Domain Name
•IP Address
•Other
Step 3 - Enter the requested information:
•Organization (required)
•Organizational Unit (optional)
•E-mail (optional)
•Locality (optional)
•State/Province (optional)
•Country (required)
Step 4 - Browse to the location of the signed certificate (.pem
file).
Step 5 - Verify information entered in previous step s.
Step 6 - A message will appear indicating that the certificate
has been installed.
NOTE: During steps 2-5, the user may go back and correct any
mistakes made in previous steps .
26Security Guide
Digital Certi ficates
SSL/TLS cannot be enabled unless a digital certifi cate has been
installed on the syst em, using the Add Cer tificate but ton. Inst alli ng
a digital certificat e can only be done by someone with
administrator privileges.
The administrator selects SSL/TLS from the [Setup] Menu and
clicks on the [Add Certificate] button. This invokes the Add
Certificate wizard. There are two option s regarding digital
certificates. One option is “Self-si gned certificate”. This is selected
when no third party Certificate Authority is being used.
Another option is “Signed Certificate from a Certificate Authority”.
In this case, the adm inistrator needs to supply the fully qualified
domain name, IP address, organization and country of the
Certificate Authority.
If the choice is to use a Certificate Authority, all Certificate
information needs to be held in a file and sent to the Certifi cate
Authority. The Authority returns a valid certificate that must be
installed on the system.
NOTE: A self-signed certificate is not as secure as a certificate
signed by a Certificate Authority. A self-signed certificate is the
most convenient way to begin using SSL/TLS and does not
require the use of a server functioning as a Certificate Authorit y or
a third party Certif icate Authority.
Network Protocol
Network
Protocol
Samba (SMB)Network sharing protocol required for Hot Folders and SMB
Once the Digital Certificate has been installed, the Enable SSL/
TLS selection becomes available among the [Setup] options. At
that time the administrator can selec t the mode of oper ation,
Normal or Secure, from a drop-down menu.
This section addresses Network Protocol, name service changes
and the changes that occur when security is invoked.
The table below addresses the list of Network Prot ocols that are
used by the Xerox FreeFlow Print Server software or Xerox client
operations.
Table 2-7 Network Protocols
Required
filing (Nuvera only).
XSunRequired for functionality of Xerox FreeFlow Print Server
diagnostics software.
Security Guide27
Network
Protocol
Required
HTTPUsed when connecting to the server via the HTTP gateway.
Connections can also be filtered using the IP Filter feature
under Setup -> IP Filter.
NOTE: When SSL is disabled (off) other web-based logins
provided by the Xerox FreeFlow Print Server may not be
secure. Use the HTTPs qualifier to guarantee a secure
interaction.
Tomcat web
server
Required for the functionality of the Xerox FreeFl ow Print
Server Internet Services gateway and the Xerox Remote
Services application.
IPPRequired for job submissions from the FreeFlow® Print
Manager and/or a Digipath (FreeFlow 2.0+) client. The IPP
gateway can be enabled/disabled under Setup -> Gateways ->
IPP tab. Connections can also be filtered usi ng the IP Filter
feature under Setup -> IP Filter.
Sun RPCUsed by many different clients, including DigiPath/F reeFlow
and Xerox FreeFlow Print Server Remote WorkFlow (DRW),
and network services such as NIS+. T ypically used to establish
a connection to the server, which then redirects the connection
to another open port using OS level port management. This
service is shutdown when Xerox FreeFlow Print Server securit y
is set to high. Connections can also be filtered usi ng the IP
Filter feature under Setup -> Security Profil es -> <Any Prof ile> > RPC tab
SNMPUsed for SNMP message exchange and traps. The SNMP
gateway can be enabled/disabled under Setup -> Gateways ->
SNMP.
WINS Required when in an env ir onment where connecti on to a WINS
server is necessary. WINS service can be enabled/disabled
under Setup -> Network Configuration -> WINS tab.
Socket (Raw
TCP/IP)
Printing
Required if jobs will be submitted via the socket gateway. The
socket gateway can be enabled/disabled under Setup ->
Gateways -> Socket. Connections can also be f iltered using the
IP Filter feature under Setup -> IP Filter.
LPD (LP/LPR)Required for job submissio ns via t he LP/LPR gateway (LP/ LPR
client, Xerox FreeFlow Print Server Print Service (Reprint),
etc.). The port assigned to the LPD can be changed and/or the
gateway can be enabled/disabled under Setup -> Gateways ->
LPD.
SSHAccess the server via a secure shell (SSH, SFTP, etc.).
28Security Guide
Network
Protocol
FTPAccess the server via FTP and/or submit jobs from a DigiPath/
FreeFlow client via the Digipath/FreeFlow Print Manager. This
service (ftpd) is shutdown when Xerox FreeFlow Print Server
security is set to high. I n FreeFlow v2.0, the client has the abil ity
to use secure FTP (sFTP) when Xerox FreeFlow Print Server
security is set to high and FTP is not available. Connections
can also be filtered using the IP Filter feature under Setup ->
Security Profiles -> <Any Profile> -> RPC tab.
SSLRequired when using the TLS/SSL security feature and/or a
FreeFlow 2.0+ client with Xerox FreeFlow Print Server security
is set to high. Connections can also be filtered usi ng the IP
Filter feature under Setup -> IP Filter.
NFSNecessary when using NFS mounted directories. This servic e
is disabled when Xerox FreeFlow Print Server secur ity is set to
high. Connections can also be fil tered using the IP Filt er feature
under Setup -> Security Profiles -> <Any Profile> -> RPC tab.
NOTE: The IP Filtering (Setup->IP Filter) feature can also help in
limiting access to the server. This is the Xerox FreeFlow Print
Server's GUI interface to the SunScreen L ite fi rewall th at is p ar t of
the Solaris 8 Operating System. This feature allows the user to
limit the number of clients who are allowed to access the server
via services such as LPR, IPP, HTTP, HTTPS, SMB Printing, and
FTP. By default, the fire wall is disabl ed (all ports open), but can be
enabled to either only al low specified connections ( by IP address,
IP address range, or subnet mask) or to close al l ports. For DRW
clients, this mechanism exists under System Preferences ->
Remote Workflow -> "Enable Specified Connections".
Required
NOTE: FreeFlow® v2.0 and newer allows users to select whether
or not the Xerox FreeFlow Print Server server they connecting to
will have high security enabled. If so, the client will use other
communication paths such as sIPP (via SSL) for job submissions
and sFTP for decomposition services (NetAgent).
Secure Print
MICR mode
The MICR mode disables all Xerox FreeFlow Print Server featu res
that allow additional prints to be produced (such as Sample Print,
Reposition Output, etc.).
Security Guide29
Prevent Unauthorized Queue Changes
Queue Lock
•Queues can be locked and unlocked by the System
Administrator.
•Properties of a locked queue cannot be changed without first
unlocking the queue.
•Locked queues can only be deleted by the System
Administrator.
•Locked queues can be copied by an Operator. The resulting
new queue will not be locked.
•An Operator can change the Accept/Do Not Accept Jobs and
Release/Do Not Release Jobs attributes on a locked queue.
•Placing the cursor on the tool tip accesses the date and time
the queue was last locked.
Roles and responsibilities
Xerox will make every effort to assist the administrator in ensur ing
that the customer environment is secure.
Xerox responsibilities
Xerox is committed to providing a level of security which will allow
the Xerox FreeFlow Print Server controller to be a good network
citizen in response to current securit y intrusions. Additional
security beyond this remains the responsi bility of the customer.
Xerox is constantly evaluati ng the security of the Xerox FreeFlow
Print Server controller and the Sun Solaris operating system.
Xerox is committed to providing the late st Solaris secur ity pat ches
provided by Sun Microsystems in each major Xerox FreeFlow
Print Server release. The Xerox FreeFlow Print Server
development team will also add Solaris security patches in
between major release cycles. All OS security patches for
applications that are added during a Xerox FreeFlow Print Server
install will be included, even if the application code is not normally
used by Xerox FreeFlow Print Server users. Securi ty patches for
applications that are not loaded by a Xerox FreeFlow Print Server
install will not be evalu ated or included. Only the version of a patch
impacting securi ty wi l l be inc luded. If a sec uri ty p atc h has a newer
version that is not security related, then this patch will not be
30Security Guide
updated to the newer version. Any security patch that is
determined to have a negative impact to Xerox FreeFlow Print
Server operation will not be added.
Customer Responsibilities
The administrator has the primary responsibility for maintaining
the security of the network within the customer's site. It is
important that network security is continuously monitored and
maintained, and that appropr iate security policies are est ablished
and followed.
The procedures outlined in this document assume a basic
knowledge of UNIX, the vi editor, and general computing
concepts. It is expected that the network administrator or system
administrator responsible f o r network security understands the
base commands (cd, chmod, cp, grep, kill, l n , ls, man, more, ps,
etc.), and the UNIX directory path and filename structures shown
in this document.
There is information within the text and in the appendix sections
for reference to those who may not use UNIX often.
The Xerox FreeFlow Print Server operates on a Solaris OS.
Enhancements have been made to increase security over the
default OS configuration. Additional Solaris patches required by
the Xerox FreeFlow Print Server are included as well. Several
scripts are used to provide additional security for the Print Server.
Not all scripts are publi c knowl edge, only t hose that ar e public are
defined in this document and these can be performed by the
customer.
Xerox FreeFlow Print Server engineering will evaluate the latest
Sun Security Alert Packs issued by Sun Microsystems and
integrate these patches into the Print Server releases. Local
customer support will be responsible for loading the latest Print
Server software.
Xerox strongly recommends that the customer change passwords
from the default settings since the ultima te security of the printing
system resides with the customer.
NOTE: Please be aware that the Xerox Customer Support
Personnel must have access to the new root password for service
and support. It is the customer's responsibility to ensure that the
root password is available for them.
Security tips
The following recommendations will enhance security.
Security Guide31
Virus Scan
The Xerox FreeFlow Print Server runs on the Solari s 10 Operating
System (OS). This OS makes the Xerox FreeFlow Print Server
less susceptible to virus and worms.
Online Help for security
A great deal of helpful security information can be found in Onli ne
Help. Sun's security tools and blueprints may be found at:
http://www.sun.com/solutions/blueprints/
Other security information, including alerts, may be found at: