How it Works
Xerox
Loading...
C70
User Manual
61 pgs506.9 Kb0
User Manual
3 pgs186.27 Kb0
User Manual
258 pgs12.66 Mb0
Administrator's Guide
178 pgs3.5 Mb0
Installation Guide
86 pgs4.92 Mb0
Quick Guide
1 pgs717.1 Kb0
Quick Guide
1 pgs1.08 Mb0

Xerox C70, C60 User Manual

Version 1.1 December 2014
Xerox® Color C60/C70
Security Function Supplementary Guide
Table of Contents
1. Before Using the Security Function ................................................................................... 1
Preface ....................... ...................................................................... ...................................................................... ......................................... 1
Security Features ..................................................................................................................................................................................... 2
Set tings f or the Se cure Operation ..................................................................................................... ..................................... 2
Data Restoration ..................................................................................................................................... .............................................. 3
Star ting U se of the Dat a Encrypt ion Feat ure and Ch anging the Se ttin gs .......................................... 4
Use of the Overwrite Hard Disk ............................................................................................................................................. ....... 4
Service Representative Restricted Operation ..................................................................................................................... 5
For Optimal Performance of the Security Features ....................................................................................................... 5
Confirm the Machin e ROM Version and the System Clock .................................................................................... 7
How to Check with Control Panel ............................................................................................................................... 7
How to Check with Print Report .................................................................................................................................... 7
How to Check the System Clock ................................................................................................................................ 7
2. Initial Settings Procedures Using Control Panel .......................................................... 9
Authentication for Entering the System Administration Mode ........................................................................... 9
Set Use Passcod e Entry for Control Panel ......................................................................................................................... 9
Set Overwrite Hard Disk .............................................................................................................................................................. 10
Set Data Encryption ............................................................................................................. ............................................................ 10
Set Authentication ............................................................................................................................................ .................................. 10
Set Private Print ................................................................................................................................................................................... 11
Set Software Download ................................................................................................................................................ ................ 11
Set Direct Fax ................................................................................................................................... ........................................................ 12
Set Auto Clear .............................................................................................................................................................. ......................... 12
Set Report Print .................................................................................................................................................... .................................. 13
Set Self Test ............................................................................................................................................................................................. 13
3. Initial Settings Procedures Using Xerox® CentreWare
Preparations for Settings on the Xerox
Change the System Administrator’s Passc ode ............................................................................................................. 14
Set Maximum Login Attempts ................................................................................................................................................ 15
Set Scheduled Image Overwrite ........................................................................................................................................... 15
Set Access Control ................................................................................................................................................. .............................. 15
Set User Passcode Minimum Length ................................................................................................................................ 16
Set SSL/TLS ............................................................................................................................... ................................................................ 16
Set WebDAV ........................................................................................................................................................................................... 16
Set Receive E-mail .............................................................................................................................................................................. 17
Set IPP .................................................................................................................................................. ........................................................ 17
Configuring M achine Ce rtificates ............................................. ............................................................................... ................ 17
Set IPSec ................................................................................................................................................................................... ................. 17
Set IPSec Address ................................................................................................................................................................. 18
Set SNMPv3 ............................................................................................................................................................................................ 18
Set S/MIME ............................................................................................................................................................................................. 19
®
Color C60/C70 Security Function Supplementary Guide
®
CentreWare
®
Interne t Services ........................................... ........ 14
®
Internet Services14
Set WSD (Scan) ................................................................................................................. ..................................................................... 20
Set SOAP .......................................................................................................................................................... ........................................... 20
Set CSRF ........................................................................................................................................................... ........................................... 20
Set USB ................................................................................................................................................ ........................................................ 20
Set LDAP Server ............................................................................................................................................. ...................................... 21
Set Kerberos Server .............................................................................................................................................................................. 21
Set Service Representative Restricted Operation ................................................................................................. ........ 22
Set Audit Log ........................................................................................................................................................ .................................. 22
Set Br owser Refresh ........................................................................................................................................................................... 22
Set Job Deletion .................................................................................................................. ................................................................ 22
4. Regular Review by Audit Log ............................................................................................... 24
Import the Audit Log File ................................................................................................................................... ............................. 24
5. Self Testing ....................................................................................................................................... 26
6. Authentication for the secure operation .................................................................... 27
Overview of Auth entication .................................................................................................................... ...................................... 27
Users Controlled by Authentication ............................................................................................................. ........ 27
Machine Administrat or ........................................................................................................................... ......................... 27
Authenticated Users (with System Administrator Privileges)................................................................ 27
Authenti cated Users (with No System Administrator Privileges) ....................................................... 28
Unauthenticated Users......................... ............................................................................................... .............................. 28
Local Machine Authentication (Login to Local Accounts) .................................................................................... 28
Remote Authentication (Login to Remote Accounts) ............................................................................... ............ 28
Functions C ontrol led by Auth entication ........................................................................................... .................................. 28
Authenti cation for Fol der..................... ............................................................ .................................................................. ............ 30
Types of Folder .................................................................................................................................................. ..................... 30
7. Operation Using Control Panel ........................................................................................... 32
User Authentication ......................................................................................................................................................... ................. 32
Create/View Us er Accounts ................................. .................................................................... ..................................................... 33
Change User Passcode by General User ............................................................................................................................ 34
Job Deletion by System Administrator ........................................................................................................... ..................... 34
Folder / Stored File Settings ................................................................................................................................ ......................... 35
Folder Service Settings ..................................................................................................................................................... 35
Stored File Settings.............................................................................................................................................................. 35
Create Folder ........................................................................................................................................ ................................................... 36
Send from Folder ............................................................................................................................ ................................................... 37
Pr ivate Charge P rint ......................................................................................................................................................................... 37
8. Operation Using Xerox
Accessing Xerox® CentreWare® Inter net Se rvic es .............................................................. ...................................... 39
Print ..................................................... ............. ............. ............. .............. ............. ............. ......................................................................... .... 40
Scan (Folder Operation) ............................................................................................................................................................... 41
Folder: List of Files ............................................................................................................................................ ..................... 42
Edit Folder ................................................................................................................................................................................... 43
Folder Setup .............................................................................................................................................................................. 43
Import the files ............................................................................................................................................... ......................... 44
Printing Job Deletion .................................................................................................................................... ...................................... 44
®
CentreWare
®
Color C60/C70 Security Function Supplementary Guide
®
Internet Services .................................. 39
Change User Passcode by System Administrator (Using Xerox® CentreWare® Internet Services)
................................................... ..... .... .... ..... .... .... ..... .... .... ..... .... .... ..... .... .... ..... .... . ... ........................................................................... ................ 44
9. Problem Solving ............................................................................................................................ 45
Fault Clearance Procedure ............................................................................................................................................................ 45
Fault Codes ....................................................................................................................................... ........................................................ 45
10. Security @ Xerox .......................................................................................................................... 54
11. Appe ndi x ......................................................................................................................................... 55
®
Color C60/C70 Security Function Supplementary Guide
1. Before Using the Security Function
This section describ es the certified security functions and the items to b e confirmed.
Preface
This guide is intended for the manager and system admi nistrator of the organization where the machine is installed, an d describes the setup procedures related to security.
For general users, this guide describ es the op erations related to security features.
For information on the other features available for the machine, refer to the following guidance.
®
Color C60/C70 System Administrator Guide:
Xerox Version 1.0
®
Color C60/C70 User Guide:
Xerox Version 1.0
The hash values of the PDF files are described in the Security Target disclosed at the Xerox (http://www.office.xerox.com/digital-printing-equipment/enus.html) and JISEC (http://www.ipa.go.jp/security/jisec/jisec_e/) website.
Please check that the hash values of your manuals are correct.
®
The securit y features of the Xerox
Controller Ver. 1.200.17
IOT ROM Ver. 67.20.0
ADF ROM Ver. 13.19.3
Important:
The machine has obtained IT security certification for Common Criteria EAL3+ALC_FLR.2.
This certifies that the target of evaluation has been evaluated based on the certain evaluation criteria and methods, and that it conforms to the security assurance requirements.
Your ROM and user documentation may not be the certified version b ecause they may have been updated along with machine improvements.
For the latest information concerning your device, do wnload the latest versions fr om http://www.support.xerox.com/support.
Please check the state of the delivered machine's packaging. If you could not confirm the packaging state at delivery and would like to know the details of the delivered state, please contact our sales representative or customer engineer.
Color C60/C70 are supported by the followi ng ROM versi ons.
®
Color C60/C70 Security Function Supplementary Guide
-.1.-
Also, if you have such inquiries as the following, please contact us:
- Inquiries about the machine's functions
- All other inquiries.
Security Features
®
Color C60/C70 has the following security features:
Xerox
Hard Disk Data Overwrite
Hard Disk Data Encryption
User Authentication
System Administrator’s Security Management
Customer Engineer Operation Restriction
Security Audit Log
Internal N etwork data protection
Self Test
Information Flow Security
Settings for the Secure Operation
For the effective use of the security feature s, the Syst em Administrator (Machine Administrator) must follow the instructions below:
Item Description
Passcode Entry from Control Panel Set to [Enabled].
Overwrite Hard Disk Default [3 Overwrites].
Data Encryption Default [On].
Authentication Set to [Login to Local Accounts] or [Login to Remote
Accounts].
Private Print Set to [Save as Private Charge Print].
Software Download Set to [Disabled].
Direct Fax Set to [Disabled]
Auto Clear Default [on].
Report Print Set to [Disabled].
Self Test Set to [on].
The System Administrator Passcode Change the default passcode to another passcode of 9 or
more characters.
Maximum Login Attempts Default [5] Times.
Scheduled Image Overwrite Set to [Enabled]. Access Control Set to [Locked] for Device Access and Service Access.
®
Color C60/C70 Security Function Supplementary Guide
-.2.-
tto
.
tto
.
f
r
tto
.
Item Description
User Passcode Minimum Length Set to [9] characters.
SSL/TLS Se
WebDAV Set to [Disabled].
Receive E-mail Default [Disabled].
IPP Default [Enabled].
IPSec Set to [Enabled].
SNMPv1/v2c Set to [Disabled].
SNMPv3 Set to [Enabled].
S/MIME Se
WSD (Scan) Set to [Disabled].
SOAP Set to [Disabled].
CSRF Set to [Enabled].
USB Set to [Disabled].
Service Representative Restricted Operation
Audit Log Set to [Enabled].
Browser Re
Job Deletion Set to [Administrator Only].
Important:
The security will not be effective if you do not correctly follow the above setting instructions. The Information Flow Security feature requires no special settings by System Administrator. When you set Data Encryption to [On] again, enter an encryption key of 12 characters.
esh Se
[Enabled]
[Enabled]
Set to [Enabled], and enter a passcode of 9 or more characters.
[Disabled]
Data Restoration
The enciphered data cannot be restored in the following conditions.
When a problem occurs in the hard disk.
Without the correct encryption key.
Without the correct System Administrator ID and passcode when setting [Service Rep. Restricted Operation] to
[On].
®
Color C60/C70 Security Function Supplementary Guide
-.3.-
Starting Use of the Data Encryption Feature and Changing the Settings
When data encryption is started or ended, or when the encryption key is changed, the machine must be restarted. The corresponding recording area (the Hard Disk) is reformatt ed when restarting. In this case, the previous data is not guaranteed.
The recording area stores the following data:
Spooled pri nt data
Print data including the secure print and sample print
Forms for the form overlay feature
Folder and Job Flow sheet set tings (Folder name, pa sscode, etc.)
Files in Folder
Addre ss bo ok data
Important:
Be sure to save all necessary settings and files before starting to use the data encryption feature or changing the settings.
An error occurs if the connected hard disk does not match the encryption settings.
Use of the Overwrite Hard Disk
In order to protect the data stored on the hard disk from unauthori zed retrieval, you can set the overwrite conditions to apply them to the data stored on the hard disk.
You can select the number of overwrite passes as one or three times. When [1 Overwrite] is selected, “0” is written to the disk area. [3 Overwrites] ensures higher security than [1 Overwrite].
The feature also overwrites temporarily sa ved data such as copy document s.
Important:
If the machine is powered off during the overwriting operation, unfinished files may remain on the hard disk. When the power is restored, the overwriting operation will resume with the unfinished files remaining on the hard disk.
®
Color C60/C70 Security Function Supplementary Guide
-.4.-
Service Representative Restricted Operation
Specifies whether the Service Representative has full access to the security features of the machine, including the ability to change System Administrator settings.
For the C60/C70, select [On] and then set [Maintenance Passcode] to restrict the Service Representative from entering the System Administration mode.
Important:
If the System Administrator’s ID and the passcode are lost when [Service Rep. Restricted Operation] is set to [On], neit her you nor the Xerox representative will be able to change any setting in the System Administration mode.
For Optimal Performance of the Security Features
The manager (of the organization that the machine is used for) needs to follow the instructions below:
The manager needs to assign appropriate people as system and machine administrators, and manage and
train them properly.
The system administrator need to train users about the machine operation and precautions according to the
policies of their organization and the product guidance.
The machine needs to be placed in a secure or monitored area where the machine is protected from
unmanaged physical access.
If the net work where the machine is installed is to be connected to external networks, configure the network
properly to block any unauthorized external access.
The users must set a user ID and a passcode in [Accounting Configuration] via the printer driver.
Users and administ rators need to set passcodes and an encryption key according to the follo wing rules for
the client PC login and the machine’s setup:
- Do not use easily guessed character strings for passcodes.
- A passcode needs to contain both numeric and alphabetic characters.
Users and administrators need to manage and operate the machine so that their user IDs and passcodes
may not be disclosed to another person.
Administrators need to set the account policies on the remote authentication server as follows:
- Set password policy to [9 or more characters].
- Set account lockout policy to [5 times].
For secure operation, all of the remote trusted IT products that communicate with the machine shall
implement the communication protoc ol in accordance with industry standard practice with respect to RFC/oth er standard compliance (SSL/TLS, IPSec, SNMPv3, S/MIME) and shall work as advertised.
The settings describe d below are required for both th e machine’s configuration and the client’s configuration.
®
Color C60/C70 Security Function Supplementary Guide
-.5.-
1) SSL/TLS
For the SSL/TLS client (Web browser) and the SSL/TLS server that communicate with the machine, select a data encryption suite from the following:
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256 (The recommended browser is Microsoft
®
Internet Explorer 7/8/9/10)
For secure operation, you should disable the SSL function of remote clients/servers.
2) S/MIME
For the machine and e-mail clients, select an Encryption Method/Message Digest Algorithm from the following:
- 3Key Triple-DES/168bit, AES/128bit, AES/192bit, AES/256bit, SHA1, SHA256
3) IPSec
For the IPSec host that communicates with the machine, select an Encryption Method/Message Digest Algorithm from the following:
- AES (128bit)/SHA1
- 3Key Triple-DES (168bit)/SHA1
4) SNMPv3
The encryption method of SNMPv3 is DES/56bit or AES128bit. Set [Message Digest Algorithm] to [SHA1].
Important:
For secure operation, while you are using the Xerox® CentreWare® Internet Services, do not access
other web sites, and do not use other applications.
For secure operation, when you change [Authentication Type] or prior to disposing of the
machine, initialize the hard disk by resetting [Data Encryption] and changing [encryption key].
For preventing SSL vulnerability, you should set the machine address in the proxy exclusion list of
browser. With this setting, secure communication will be ensured because the machine and the remote browser communicate directly without proxy server, and thus you can prevent man-in-the-middle attacks.
-.6.-
®
Color C60/C70 Security Function Supplementary Guide
Confirm the Machine ROM Version and the System Clock
Before making initial settings, the System Administrator ( Machine Admi nistrat or) needs to check the machine ROM version and system clock.
How to Check with Control Panel
1. Press the <Machine Status> button on the control panel.
2. Select [Device information] on the touch screen.
3. Select [Software Version] on the [Machine information] screen.
You can identify the software versions of the components of the machine on the screen.
How to Check with Print Report
1. Press the <Machine Status> button on the control panel.
2. Select [Print Reports] on the [Machine information] screen.
3. Select [Printer Reports] on the touch screen.
4. Select [Configuration Reports].
5. Press the <Start> button on the control panel.
You can identify the software versions of the components of the machine by Print Report.
How to Check the System Clock
1. Press the <Log In/Out> button on the control panel.
2. Enter the System Administrator’s Login ID and the passcode if prompted.
3. Select [Enter] on the touch screen.
4. Press the <Machine Status> button on the control panel.
5. Select [Tools] on the touch screen.
6. Select [System Settings].
7. Select [Common Service Settings].
8. Select [System Clock/Timers].
9. You can check the time and the date of the internal clock. If you need to change the time and the date, refer to the following procedures.
10. Select the required option.
11. Select [Change Settings].
®
Color C60/C70 Security Function Supplementary Guide
-.7.-
12. Change the required setting. Use the scroll bars to switch between screens.
13. Select [Save].
14. To exit the [Tools] screen, select [Close] twice.
-.8.-
®
Color C60/C70 Security Function Supplementary Guide
2. Initial Settings Procedures
Using Control Panel
This section describes the initial settings related to Security Features, and how to set them on the machine’s control panel.
Authentication for Entering the System Administration Mode
1. Press the <Log In/Out> button on the control panel.
2. Enter the system administrator’s ID with the keypad displayed.
3. Select [Next] .
4. Enter the system administrator’s passcode from the keypad.
5. Select [Enter].
6. Press the <Machine Status> button on the control panel. ?
7. Select [Tools].
Set Use Passcode Entry for Control Panel
1. Select [Authentication/Security Settings] on the [Tools] screen.
2. Select [Authentication].
3. Select [Passcode Policy].
4. Select [Passcode Entry from Control Panel].
5. Select [Change Settings].
6. Select [On].
7. Select [Save].
®
Color C60/C70 Security Function Supplementary Guide
-.9.-
Set Overwrite Hard Disk
1. Select [Authentication/Security Settings] on the [Tools] screen.
2. Select [Overwrite Hard Disk].
3. Select [Number of Overwrites].
4. Select [1 Overwrite] or [3 Overwrites].
5. Select [Save].
Set Data Encryption
1. Select [System Settings] on the [Tools] screen.
2. Select [Common Service Settings].
3. Select [Other Settings].
4. On the [Other Settings] screen, select [Data Encryption].
5. Select [Change Settings].
6. Select [On].
7. Select [New Encryption Key].
8. Enter a new encryption key of 12 characters by using the keyboard displayed, and then select [Save].
9. Select [Re-enter the Encryption Key]
10. Enter the same passcode, and then select [Save].
11. Select [Save].
12. Select [Yes] to apply the change.
13. Select [Yes] to reboot.
Set Authentication
1. Select [Authentication/Security Settings] on the [Tools] screen.
2. Select [Authentication].
3. Select [Login Type].
4. On the [Login Type] screen, select [Login to Local Accounts] or [Login to Remote Accounts].
5. Select [Save].
When [Login to Remote
6. Select [System Settings] on the [Tools] screen.
7. Select [Connectivity & Network Setup].
Accounts] is selected in step 4, proceed to steps 6 to 13
®
Color C60/C70 Security Function Supplementary Guide
-.10.-
8. Select [Remote Authentication Server Setting].
9. Select [Authentication System Setup].
10. Select [Authentication System].
11. Select [Change Settings].
12. On the [Authentication System] screen, select [LDAP] or [Kerberos].
13. Select [Save].
14. To exit the [Remote Authentication Server Setting] screen, select [Close].
Set Private Print
1. Select [Authentication/Security Settings] on the [Tools] screen.
2. Select [Authentication].
3. Select [Charge/Private Print Settings].
4. On the [Charge/Private Print Settings] screen, select [Received Control].
5. Select [Change Settings].
When [Login to Local Accounts] is selected
1) On the [Receive Control] screen, select [According to Print Auditron].
2) Select [Save As Private Charge Print Job] for [Job Login Success].
3) Select [Delete Job] for [Job Login Failure].
4) Select [Delete Job] for [Job without User ID].
When [Login to Remote Accounts] is selected
1) On the [Receive Control] screen, select [Save As Private Charge Print Job].
6. Select [Save].
7. To exit the [Charge/Private Print Settings] screen, select [Close].
Set Software Download
1. Select [System Settings] on the [Tools] screen.
2. Select [Common Service Settings].
3. Select [Other Settings].
4. On the [Other Settings] screen, select [Software Download].
5. Select [Change Settings].
6. Select [Disabled].
®
Color C60/C70 Security Function Supplementary Guide
-.11.-
7. Select [Save].
8. To exit the [Common Service Settings] screen, select [Close].
9. To exit the [Tools] screen, press the <Services> button on the control panel.
Set Direct Fax
1. Select [System Settings] on the [Tools] screen.
2. Select [Fax Service Settings].
3. Select [Fax Control].
4. Select [Direct Fax].
5. Select [Change Settings].
6. Select [Disabled].
7. Select [Save].
8. To exit the [Fax Control] screen, select [Close].
Set Auto Clear
1. Select [System Settings] on the [Tools] screen.
2. Select [Common Service Settings].
3. Select [System Clock/Timers].
4. Select [Auto Clear].
5. Select [Change Settings].
6. Select [On].
7. Select [Save].
8. To exit the [Machine Clock/Timers] screen, select [Close].
®
Color C60/C70 Security Function Supplementary Guide
-.12.-
Set Report Print
1. Select [System Settings] on the [Tools] screen.
2. Select [Common Service Settings].
3. Select [Reports].
4. Select [Print Reports Button].
5. Select [Disabled].
6. Select [Save].
7. To exit the [Reports] screen, select [Close].
Set Self Test
1. Select [System Settings] on the [Tools] screen.
2. Select [Common Service Settings].
3. Select [Maintenance].
4. Select [Power on Self Test].
5. Select [On].
6. Select [Save].
7. To exit the [Tools] screen, select [Close] twice.
8. Select [Reboot Now] on the confirmation screen.
®
Color C60/C70 Security Function Supplementary Guide
-.13.-
3. Initial Settings Procedures
®
Using Xerox
®
CentreWare
Internet
Services
This section describes the initial settings related to Security Features, and how to set them on Xerox CentreWare® Internet Services.
®
®
Preparations for Settings on the Xerox CentreWare® Internet Services
Prepare a computer supporting the TCP/IP protocol to use Xerox CentreWare
1. Open your Web browser, enter the TCP/IP address of the machine in the Address or Location field,
2. Enter the System Administrator’s ID and the passcode.
3. Display the [Properties] screen by clicking the [Properties] tab.
®
Internet Services supports the browsers that satisfy "SSL/TLS" conditions.
and press the <Enter> key.
®
CentreWare® Internet Services. Xerox®
Change the System Administrator’s Passcode
1. Click [Security] on the [Properties] screen.
2. Click [System Administrator Settings].
3. Enter the system administrator’s ID in the [Administrator’s Login ID] box.
4. Enter a new system administrator’s passcode of 9 or more characters in the [Administrator’s Passcode] box.
5. Enter the new system administrator’s passcode in the [Retype Administrator’s Passcode] box.
®
Color C60/C70 Security Function Supplementary Guide
-.14.-
6. Click [Apply].
Set Maximum Login Attempts
1. Click [Security] on the [Properties] screen.
2. Click [System Administrator Settings].
3. Enter the system administrator’s ID in the [Administrator’s Login ID] box.
4. Enter [5] in the [Maximum Login Attempts] box.
5. Click [Apply].
Set Scheduled Image Overwrite
1. Click [Security] on the [Properties] screen.
2. Click [On Demand Overwrite].
3. Click [Scheduled].
4. Check the [Enabled] box for [Scheduled Image Overwrite].
5. Select [Daily], [Weekly], or [Monthly] for [Frequency]
6. Set [Day], [Hour],and [Minutes],
7. Click [Apply].
Set Access Control
1. Click [Security] on the [Properties] screen.
2. Click [Authentication Configuration].
3. Click [Next].
4. Click [Configure] for [Device Access].
5. Select [Locked] for [Service Pathway], [Job Status Pathway], and [Machine Status Pathway].
6. Click [Apply].
7. Click [Authentication].
8. Click [Next].
9. Click [Configure] for [Service Access].
10. Click [Lock All].
11. Click [Apply].
12. Click [Reboot Machine].
®
Color C60/C70 Security Function Supplementary Guide
-.15.-
Loading...
+ 42 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use