How it Works
Xerox
Loading...
9201
User Manual
8 pgs4.42 Mb0
User Manual [ru]
44 pgs2.21 Mb0
User Manual
14 pgs326.18 Kb0
User Guide
9 pgs1.87 Mb0
Administrator Guide
360 pgs3.78 Mb0
User Manual
28 pgs3.54 Mb0
User Guide
40 pgs917.3 Kb0
User Manual
256 pgs1.74 Mb0
User Manual
328 pgs2.51 Mb0

Xerox 9201, 9202, 9203 User Manual

Version 1.1
Apr 29, 2011
Secure Installation and Operation of Your ColorQube™ 9201/9202/9203
Secure Installation and Operation of Your ColorQube™ 9201/9202/9203
Purpose and Audience
This document provides information on the secure installation and operation of a ColorQube™ 9201/9202/9203 Multifunction System. All customers, but particularly those concerned with secure installation and operation of these machines, should follow these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your ColorQube™ 9201/9202/9203 Multifunction System is operated and maintained in a secure manner.
Background
The ColorQube™ 9201/9202/9203 Multifunction System is currently undergoing Common Criteria evaluation. The information provided here is consistent with the security functional claims made in the Security Target. Upon completion of the evaluation, the Security Target will be available from the Common Criteria Certified Product website (http://www.commoncriteriaportal.org/products.html) list of evaluated products, from the Xerox security website (http://www.xerox.com/information-security/common-criteria-certified/enus.html ), or from your Xerox representative.
1. Please follow the guidelines below for secure installation, setup and operation of the evaluated configuration1 for a
ColorQube™ 9201/9202/9203 Multifunction System:
a). The security functions in the evaluated configuration of the ColorQube™ 9201/9202/9203 that should be set up by the
System Administrator are:
Immediate Image Overwrite
On Demand Image Overwrite
Disk Encryption
IP Filtering
Audit Log
SSL (for protection of management data)
IPSec
SNMP v3
Trusted Certificate Authorities
Local, Remote or CAC/PIV Authentication
Local Authorization and Personalization
802.1x Device Authentication
Session Inactivity Timeout
System Administrator login is required when accessing the security features of a ColorQube™ 9201/9202/9203 machine via the Web User Interface (Web UI) or when implementing the guidelines and recommendations specified in this document. To log in to the Web UI as an authenticated System Administrator, follow the instructions under “CentreWare Internet Services” located on page 2-6 in the System Administration Guide (SAG)2.
To log in to the Local User Interface (Local UI) as an authenticated System Administrator, follow the “Administrator Access” instructions located on page 2-4 in the SAG.
Follow the instructions located in the SAG in Chapter 8, Security to set up these security functions except as noted in the items below. Note that whenever the SAG requires that the System Administrator provide an IPv4 address, IPv6 address or port number the values should be those that pertain to the particular device being configured.
b). The following services of the ColorQube™ 9201/9202/9203 are also considered part of the evaluated configuration and
should be enabled when needed by the System Administrator - Copy, Embedded Fax, Scan to E-mail, Workflow Scanning, Scan to Mailbox and Internet Fax.
The following services of the ColorQube™ 9201/9202/9203 are to be disabled as part of the evaluated configuration - Network Accounting, Copy/Print Store and Reprint (may also called “Save for Reprint”/“Reprint Saved Jobs”) and the Extensible Interface Platform (may also called “Extensible Services” or “Custom Services”).
1
The term “evaluated configuration” will be used throughout this document to refer to the configuration of the ColorQube™ 9201/9202/9203
Multifunction System that is currently undergoing Common Criteria evaluation.
2
ColorQube™ 9201/9202/9203 System Administration Guide, Document Version : 1.0 (05/09)
2
c). Secure acceptance of the ColorQube™ 9201/9202/9203, once device delivery and installation is completed, should be done
by:
Printing out a Configuration Report by following the “How to Print a Configuration Report” instructions located on page
3-2 of the SAG.
Comparing the software/firmware versions listed on the Configuration Report with the Evaluated Software/Firmware
versions listed in Table 2 of the Xerox ColorQube™ 9201/9202/9203 Multifunction Systems Security Target, Version 1.0 and make sure that they are the same in all cases.
d). The System Administrator should establish or ensure that unique user accounts are established for all users of the
ColorQube™ 9201/9202/9203 and that no ‘Guest’ users are allowed to access any services on the device. Follow the “User Information Database” instructions starting on page 8-2 in the SAG to set up local user accounts on the device.
The System Administrator should also ensure that the ‘Minimum Length’ passwords for any unique user accounts established for all users of the ColorQube™ 9201/9202/9203 should be set to at least 8 (alphanumeric) characters unless applicable internal procedures the System Administrator must comply with require a minimum password of a greater length. The ‘Maximum Length’ can be set to any value between 8 and 63 (alphanumeric) characters consistent with the same internal procedures. Follow the “User Information Database Password Settings” instructions on page 8-3 in the SAG to set the minimum and maximum password lengths.
e). For establishing remote authentication access to network accounts follow the “Authentication Configuration” instructions
located on page 7-3 of the SAG to set up an Authentication Server. Follow the “Configuring Common Access Card” instructions starting on page 14 of the Common Access Card (CAC) Guide3 to set up user authentication via a Common Access Card.
f). For customers concerned about document files on the hard disk drive(s)4 or Embedded Fax card memory the Immediate
Image Overwrite and On Demand Image Overwrite security features, which comes installed on the ColorQube™ 9201/9202/9203 Multifunction System, must be properly configured and enabled. Please follow the “Immediate Image Overwrite” instructions starting on page 8-17 in the SAG and the “On Demand Overwrite” instructions starting on page 8-19 in the SAG for proper enablement, setup and initiation of Immediate Image Overwrite and On Demand Image Overwrite, respectively.
Notes:
Immediate Image Overwrite of a delayed or secure print job will not occur until after the machine has printed the job.
If an Immediate Image Overwrite fails, an error message will appear at the top of the screen indicating that there is an
Immediate Image Overwrite error and that an On Demand Image Overwrite should be run. This error message will persist until an On Demand Image overwrite is initiated by the System Administrator. In the case that the copy controller is reset at the same time a copy job is being processed by the device, this same error message may also appear when the copy controller has completed its reset.
If there is a power failure or system crash while a network scan job is being processed, an Immediate Overwrite of the
residual data will occur upon job recovery. However, the network scan job may not appear in the Completed Job Log.
If there is a power failure or system crash of the network controller while processing a print job, residual data might still
reside on the hard disk drive(s). The System Administrator should immediately invoke an On Demand Image Overwrite once the machine has been restored.
Two forms of On Demand Image Overwrite are manually invoked – a Standard On Demand Image Overwrite that will
overwrite all image data except data stored by the Reprint Save Job feature and data stored in Embedded Fax dial directories and mailboxes and a Full On Demand Image Overwrite that will overwrite all image data including data stored by the Reprint Save Job feature and data stored in Embedded Fax dial directories and mailboxes. Follow the instructions starting on page 8-19 the SAG for invoking a Standard or Full On Demand Image Overwrite from either the Local UI or the Web UI.
Once an On Demand Image Overwrite has been initiated by the System Administrator from either the Local UI or Web
UI it can not be aborted by the System Administrator.
The System Administrator also has the option of scheduling either a Standard or Full On Demand Image Overwrite from the Web UI. Follow the instructions starting on page 8-21 in the SAG to schedule an On Demand Image Overwrite.
3
Xerox Common Access Card Xerox
4
The ColorQube™ 9201/9202/9203 Multifunction System comes in two configurations – a multi-board configuration with separate Network
Controller and Copy Controller boards and separate hard disk drives and a single board configuration with one board containing both the Network and Copy Controllers and with two hard disk drives.
ColorQube™ 9201/9202/9203, Version 1.0, 09/09, 604E53830
3
Before invoking an On Demand Image Overwrite verify that:
There are no active or pending print or scan jobs.
There are no new or unaccounted for Dynamic Loadable Modules (DLMs) or other software running on the
machine.
There are no active processes that access the hard disk drive(s).
No user is logged into a session via network accounting, Xerox Standard Accounting, or the internal auditron, or
into a session accessing a directory on the hard disk drive(s) 3.
After a power on of the machine all subsystems must be properly synced and, if printing of Configuration Reports is
enabled on the device, the Configuration Report must have printed.
For any previously initiated On Demand Image Overwrite request the confirmation sheet must have printed.
The Embedded Fax card must have the correct software version and must be properly configured.
When invoked from the Web UI the status of the completed On Demand Image Overwrite will not appear on the Local
UI but can be ascertained from the On Demand Overwrite Confirmation Report that is printed after the Network Controller reboots.
If an On Demand Image Overwrite fails to complete because of an error or system crash, Xerox recommends that first a
system reboot or software reset be initiated by the System Administrator from either the Local UI or the Web UI and be allowed to complete; otherwise, the Local UI may become unavailable. If the Local UI does become unavailable the machine will have to be powered off and then powered on again to allow the system to properly resynchronize. Once the system reboots or software reset has completed the System Administrator should immediately perform another On Demand Image Overwrite.
If there is a failure in the hard disk drive(s) a message recommending that an On Demand Image Overwrite be run will
appear on the Local UI screen. An Immediate Image Overwrite Error Sheet will also be printed or may contain incomplete status information. The System Administrator should immediately perform the requested On Demand Image Overwrite.
The time shown on the On Demand Overwrite progress screen displayed on the Local UI may not reflect Daylight
Savings Time.
If an On Demand Image Overwrite is successfully completed, the completion (finish) time shown on the printed On
Demand Overwrite Confirmation Report will be the time that the system shuts down.
The System Administrator should perform an On Demand Image Overwrite immediately before a ColorQube™
9201/9202/9203 Multifunction System is decommissioned, returned, sold or disposed of.
g). The ColorQube™ 9201/9202/9203 Multifunction System supports the use of SSLv2.0, SSLv3.0, RC4 and MD5. However,
customers are advised to set the cyrpto policy of their clients to request either SSLv3.1 or TLSv1.0 and to disallow the use of RC4 and MD5.
h). For SSL to work properly the machine must be assigned a valid, fully qualified machine name and domain. To set the
machine name and domain:
Follow the “Access Internet Services” instructions on page 2-6 of the SAG to access the Web UI.
At the Web UI, select the Properties tab.
Select the following entries from the Properties 'Content menu’: Connectivity Protocols IP.(Internet Protocol)
Enter the domain name in the ‘Domain Name’ text box and the machine name in the ‘Host Name’ text box inside the
General group box.
Select the [Apply] button to save the domain and host names entered.
i). Xerox recommends the following when utilizing Secure Sockets Layer (SSL) on a ColorQube™ 9201/9202/9203:
Any self-signed digital certificate or digital certificate signed by a Trusted Certificate Authority should have a maximum
validity of 180 days.
If a self-signed certificate is to be used the generic Xerox root CA certificate should be downloaded from the device and
installed in the certificate store of the user's browser.
4
j). Xerox recommends that HTTPS be enabled in the evaluated configuration. To enable HTTPS (SSL):
At the Web UI5, select the Properties tab.
Follow the “Machine Digital Certificate Management” instructions starting on page 8-9 of the SAG to install on the
device either a self-signed digital certificate or a digital certificate signed by a Certificate Authority (CA).
Select the following entries from the Properties 'Content menu’: Connectivity Protocols HTTP.
Select the Secure HTTP (SSL) Enabled checkbox in the Configuration group box and enter the desired HTTPS port
number in the Port Number text box.
Select the [Apply] button. This will save the indicated settings. After saving the changes the Web UI will become
disabled; the System Administrator will have to access the Web UI again.
k). Xerox recommends the following when utilizing Secure Sockets Layer (SSL) for secure scanning on a ColorQube™
9201/9202/9203:
SSL should be enabled and used for secure transmission of scan jobs from a ColorQube™ 9201/9202/9203.
When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority
certificate should be uploaded to the device so the device can verify the certificate provided by the remote repository.
When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted
and not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job status reported in the Completed Job Log for this job will read: “Job could not be sent as a connection to the server could not be established”.
l). In the evaluated configuration for a ColorQube™ 9201/9202/9203, when ‘Device User Interface Authentication” is set to
[Remotely on the Network] the only authentication protocols options recommended to be used are [Kerberos (Solaris)], [Kerberos (Windows 2000/2003)] or [LDAP]. However, use of other authentication protocol options is allowable.
In the case of LDAP/LDAPS the System Administrator should ensure that SSL is enabled as discussed in Step 19 on page 7-9 in the SAG.
m). In the evaluated configuration for a ColorQube™ 9201/9202/9203, when setting up authorization only the [Locally on the
Device (Internal Database)] option is recommended to be used. However, use of the [Remotely on the Network] authorization option is allowable.
n). In viewing the Audit Log the System Administrator should note the following:
Deletion of a file from Reprint Saved Job folders or deletion of a Reprint Saved Job folder itself is recorded in theAudit
Log.
Deletion of a print or scan job or deletion of a scan-to-mailbox job from its scan-to-mailbox folder may not be recorded
in the Audit Log.
Extraneous process termination events (Event 50) may be recorded in the Audit Log when the device is rebooted or
upon a Power Down / Power Up.
o). In downloading the Audit Log the System Administrator should ensure that Audit Log records are protected after they have
been exported to an external trusted IT product and that the exported records are only accessible by authorized individuals.
p). Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set to 80;
this will disable the Web UI.
IP Filtering is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport. Also, IP
Filtering will not work if IPv6 is used instead of IPv4.
q). To enable disk encryption:
At the Web UI, select the Properties tab.
Select the following entries from the Properties 'Content menu’: Security User Data Encryption.
Select the Enabled checkbox in the User Data Encryption Enablement group box.
Select the [Apply] button. This will save the indicated setting. After saving the changes the Network Controller will
reboot; once this reboot is completed the System Administrator will have to access the Web UI again.
Xerox recommends that before enabling disk encryption the System Administrator should make sure that the ColorQube™ 9201/9202/9203 is not in diagnostics mode and that there are no active or pending scan jobs.
5
From here on the directions assume that the Web UI has been accessed already by following the “Access Internet Services” instructions on page 2-6 of the SAG.
Loading...
+ 9 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use