Xerox®
VersaLink®
B7025/30/35
Multifunction
Color Printer
Information Assurance Disclosure and
Statement of Volatility
Version 2.0
Month 00, 0000
<Part Number>
© 2017 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United
States and/or other countries. BRXXXXX
Other company trademarks are also acknowledged.
Document Version: 1.1 (January 2017).
Copyright protection claimed includes all forms and matters of copyrightable material and information now allowed by statutory or
judicial law or hereinafter granted including without limitation, material generated from the software programs which are displayed
on the screen, such as icons, screen displays, looks, etc.
Changes are periodically made to this document. Changes, technical inaccuracies, and typographic errors will be corrected in
subsequent editions.
Contents
1 Introduction ................................................................................................................................... 1-1
1.1 Purpose ............................................................................................................................... 1-1
1.2 Target Audience .................................................................................................................. 1-1
1.3 Disclaimer............................................................................................................................ 1-1
2 Device Description ........................................................................................................................ 2-2
2.1 Major Components .............................................................................................................. 2-2
2.2 Volatile and Nonvolatile Memory ........................................................................................ 2-3
2.2.1 Marking Engine ........................................................................................................... 2-4
2.2.2 Controller ..................................................................................................................... 2-4
2.3 Updating Device Firmware .................................................................................................. 2-5
2.3.1 Local Firmware Update ............................................................................................... 2-5
2.3.2 Network Firmware Update .......................................................................................... 2-5
2.3.3 Remote Services Firmware Update ............................................................................ 2-5
2.3.4 Update File Security .................................................................................................... 2-5
2.4 CSE Access Restriction ...................................................................................................... 2-5
2.5 Backup & Restore ............................................................................................................... 2-6
2.6 Feeders and Finishers ........................................................................................................ 2-6
3 System Access .............................................................................................................................. 3-7
3.1 Physical Access .................................................................................................................. 3-7
3.1.1 User Interface .............................................................................................................. 3-7
3.1.2 10/100/1000 MB Ethernet RJ-45 Network Connector ................................................ 3-7
3.1.3 Optional Wireless Network Connector ........................................................................ 3-7
3.1.4 USB Port ..................................................................................................................... 3-8
3.1.5 Maintenance (Debug Serial) ....................................................................................... 3-8
3.1.6 RJ-11 Analog Fax and Telephone .............................................................................. 3-8
3.1.7 Foreign Device Interface ............................................................................................. 3-8
3.2 Logical Access .................................................................................................................... 3-8
3.2.1 Network Protocols ....................................................................................................... 3-8
3.2.2 Near Field Communications ........................................................................................ 3-9
3.2.3 Wi-Fi Direct ................................................................................................................ 3-10
September 2018 i
3.2.4 Network Ports ............................................................................................................ 3-10
3.3 User Authentication ........................................................................................................... 3-11
3.4 User Permissions Role Based Access Control (RBAC) ................................................... 3-12
3.5 Device Authentication Method .......................................................................................... 3-12
3.5.1 802.1x Authentication ................................................................................................ 3-13
4 Data Flow ..................................................................................................................................... 4-14
4.1 Print Service ...................................................................................................................... 4-14
4.1.1 Direct Print ................................................................................................................. 4-14
4.1.2 EPC Print ................................................................................................................... 4-14
4.2 Fax Service ....................................................................................................................... 4-15
4.2.1 Storage of Scanned Image ....................................................................................... 4-15
4.2.2 Fax Send ................................................................................................................... 4-15
4.2.3 Fax Receive .............................................................................................................. 4-15
4.2.4 Fax Print .................................................................................................................... 4-16
4.2.5 Direct Fax Service ..................................................................................................... 4-16
5 Security Aspects of Selected Features..................................................................................... 5-18
5.1 TPM Chip .......................................................................................................................... 5-18
5.2 Data Encryption ................................................................................................................. 5-18
5.2.1 Algorithm ................................................................................................................... 5-18
5.2.2 IPsec ......................................................................................................................... 5-18
5.3 Email Signing and Encryption ........................................................................................... 5-18
5.4 FIPS140-2 ......................................................................................................................... 5-19
5.5 Legacy Protocol Restriction .............................................................................................. 5-20
5.6 Image Overwrite ................................................................................................................ 5-20
5.6.1 Algorithm ................................................................................................................... 5-20
5.6.2 Overwrite Timing ....................................................................................................... 5-20
5.7 Xerox Diagnostic Data Collection ..................................................................................... 5-20
5.8 Security Audit Log ............................................................................................................. 5-20
5.9 Self-Test ............................................................................................................................ 5-21
5.10 Remote Services Upload .................................................................................................. 5-21
5.11 IP Address Filtering ........................................................................................................... 5-21
5.12 Domain Name Filtering ..................................................................................................... 5-21
5.13 Device Certificate Requirements ...................................................................................... 5-21
6 Responses to Known Vulnerabilities ........................................................................................ 6-23
6.1 Security @ Xerox® ............................................................................................................ 6-23
September 2018 ii
September 2018 iii
1 Introduction
1.1 Purpose
The purpose of this document is to disclose information for the Xerox ® B7020/25/30 product (hereinafter called as
“the product” or “the system”) with respect to device security. Device Security, for this paper, is defined as how
image data is stored and transmitted, how the product behaves in a network environment, and how the product may
be accessed both locally and remotely. The purpose of this document is to inform Xerox customers of the design,
functions, and features of the product with respect to Information Assurance. This document does not provide tutorial
level information about security, connectivity, or the product’s features and functions. This information is readily
available elsewhere. We assume that the reader has a working knowledge of these types of topics.
1.2 Target Audience
The target audience for this document is Xerox field personnel and customers concerned with IT security.
1.3 Disclaimer
The information in this document is accurate to the best knowledge of the authors, and is provided without warranty
of any kind. In no event shall Xerox be liable for any damages whatsoever resulting from user's use or disregard of
the information provided in this document including direct, indirect, incidental, consequential, loss of business profits
or special damages, even if Xerox has been advised of the possibility of such damages.
September 2018 1-1
2 Device Description
Configuration
Marking Engine
Controller
MFP
Included
Included
SFP
Included
Included
2.1 Major Components
The product provides the copy and network printer functions and features, and consists of a controller module and
marking engine.
Table 1 Major Elements of the product.
September 2018 2-2
1. Stabilizer.
2. Bypass paper feed tray.
3. USB3.0 (A).
4. Touch screen user interface.
5. Upper paper tray.
6. Lower paper tray.
7. Paper feed trays.
8. Caster wheels.
9. USB3.0 (B).
10. Optional Wi-Fi dongle port.
11. RJ45 Ethernet connection.
12. Debug serial port.
13. AC Power.
2.2 Volatile and Nonvolatile Memory
This section describes details of the memory devices that are contained within the product. The memory devices are
shown below:
This 4GB or 320GB disk reserves approximately 600MB for the device firmware.
The rest of the 4GB or 320GB disk contains executables, fonts, and settings files. During normal
operation, job files do not remain stored on this partition. One exception is “Print From” “Saved
Jobs” feature. Customer jobs saved on the machine’s hard disk using this feature must be
manually deleted by the customer. If On Demand Overwrite and full is selected all saved jobs will
be erased.
The device stores images in a proprietary encoded format in non-contiguous blocks. Customer
image data is only stored to the partition if EPC memory is full. User data and image data may be
completely erased with a full Overwrite using a three-pass algorithm which conforms to U.S.
Department of NIST Special Publication 800-88 Rev1, and the entire partition is erased and
checked.
September 2018 2-3
Size
Type
Use
User
Data
How to Clear
Volatile
128kB
Flash ROM
Marking Alignment
No
N/A
No
256kB
EEPROM
Marking Engine OS
No
N/A
No
1kB
EEPROM
Marking Alignment
No
N/A
No
Size
Type
Use
User
Data
How to Clear
Volatile
2/4GB
DDR3 DRAM
Controller Memory
Yes
Power Cycle
Yes
Size
Type
Use
User
Data
How to Clear
Volatile
128kB
Flash ROM
Controller Boot
No
Service Call
No
8MB
Flash ROM
Controller OS
No
Service Call
No
4GB
SD
Device
Configuration,
Temporary
Memory, Device
Firmware
Yes
Reset to Factory
Defaults, Image
Overwrite
No
Optional
320GB
replaces 4GB
in operation.
HDD
Device
Configuration,
Temporary Memory,
Device Firmware
Yes
Reset to Factory
Defaults, Image
Overwrite
No
2.2.1 Marking Engine
The marking engine has its own control processor running VxWorks 6.8.2. The marking engine is only accessible to
the Controller via inter-chip communication with no other access.
2.2.1.1 MARKING ENGINE MEMORY – NON-VOLATILE
Please note that no user or job data is stored in these locations.
2.2.2 Controller
The controller has its own control processor running Wind River Linux 6.0.
2.2.2.1 CONTROLLER MEMORY – VOLATILE
2.2.2.2 CONTROLLER MEMORY – NONVOLATILE
This 4GB or 320GB disk reserves approximately 600MB for the device firmware.
September 2018 2-4
Loading...