Secure Installation and Operation of
Your CopyCentre
WorkCentre
TM
TM
C65/C75/C90 or
Pro 65/75/90
Document version 1.3
Last revised: 12/20/04
Secure Installation and Operation of Your CopyCentreTM C65/C75/C90 or
WorkCentre
Purpose and Audience
This document provides information on the secure installation and operation of a CopyCentre™ C65/C75/C90 Copier or
WorkCentre™ Pro 65/75/90 Advanced Multifunction System. All customers, but particularly those concerned with secure
installation and operation of these machines, should follow these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your CopyCentre™
C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90 Advanced Multifunction System is operated and maintained in a
secure manner.
Background
The CopyCentre™ C65/C75/C90 Copier and WorkCentre™ Pro 65/75/90 Advanced Multifunction System are currently
undergoing Common Criteria evaluation. The information provided here is consistent with the security functional claims
made in the Security Target. Upon completion of the evaluation, the Security Target will be available from the National
Information Assurance Partnership website (
representative.
Details
For secure installation, setup and operation of a CopyCentre™ C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90
Advanced Multifunction System please follow these guidelines:
TM
Pro 65/75/90
http://www.niap.nist.gov/), Validated Products list or from your Xerox
1. Change the Tools password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Tools password to a minimum length of eight digits and (2) change the Tools
password once a month. For directions on how to change the Tools password select the:
• Internet Services Æ Overview Æ How to Change the Administr ator Password tabs in the System
Administration (SA) CD
1
2. For customers concerned about document files on the Copy Controller and Network Controller hard disk drives, an
Image Overwrite Security package option containing the Immediate Image Overwrite and On Demand Image
Overwrite security features must be purchased and properly configured, installed and enabled. Please follow the
applicable instructions contained in the Optional Features Æ Image Overwrite Security tab in the System
Administration CD
Overwrite
2
.
1
for proper installation and enablement of Immediate Image Overwrite and On Demand Image
Notes:
• For a copy job ‘Overwriting’ may not appear as a status for that job on any Incomplete Job Queue screen while
the machine processes the job, even though Immediate Image Overwrite of that job is being performed.
• Immediate Image Overwrite, once enabled, automatically overwrites the image data created by a print, network
scan, scan-to-email, or network fax job on the Network Controller and Copy Controller Hard Disks or created by
a copy job on the Copy Controller Hard Disk. The machine will only print jobs with valid print types (Postscript,
PCL, TIFF, text or PDF). An illegal print job of any other type will not be printed. However, Immediate Image
Overwrite will attempt to execute for an illegal print job. This could result in an erroneous ‘unsuccessful’
Immediate Image Overwrite status in the Complete Job Log for the job in question.
1
WorkCentre Pro 65/75/90 System Administration CD1
2
On Demand Image Overwrite is either factory-installed or can only be installed in the field by a Xerox Customer
Service Engineer.
© 2004 Xerox Corporation. All rights reserved. Page 1 of 4
Secure Installation and Operation of
Your CopyCentre
WorkCentre
TM
TM
C65/C75/C90 or
Pro 65/75/90
Document version 1.3
Last revised: 12/20/04
Canceling of either a legal or illegal print job from a remote client, if done quickly after submission, could also
result in an erroneous ‘unsuccessful’ Immediate Image Overwrite status in the Complete Job Log for the job in
question. Finally, closing the connection to the Parallel Port or to the UCB Port (Port 9100) without sending any
data through the port could result in an erroneous ‘unsuccessful’ Immediate Image Overwrite status in the
Complete Job Log.
• If either an Immediate Image Overwrite fails or there is a power failure or system crash of the copy controller
while residual data still resides on the Copy Controller hard drive, an informational Immediate Overwrite Security
Failure screen will appear
3
on the graphical user interface on the CopyCentre™ C65/C75/ C90 Copier or
WorkCentre™ Pro 65/75/90 Advanced Multifunction System machine. This screen tells the user that (1) an
Immediate Image Overwrite has failed for a completed job and (2) the system administrator should be notified to
immediately run an On Demand Image Overwrite. The user closes this informational screen by pressing the
Close button. In addition, an Immediate Image Overwrite error message will appear at the top of the graphical
user interface indicating that an On Demand Image Overwrite should be run. This error message will remain at
the top of the graphical user interface until the On Demand Image Overwrite is initiated. The System
Administrator should immediately perform the On Demand Image Overwrite suggested on the Immediate
Overwrite Security Failure screen to ensure secure operation of the machine.
• If there is a power failure, a system crash of the copy controller or a fault in the copy controller hard disk a
message recommending that an On Demand Image Overwrite be run will appear on the Local UI screen. An
Immediate Image Overwrite Error Sheet may not be printed or may contain incomplete status information.
• On Demand Image Overwrite, once enabled, is manually invoked. Follow the instructions in the Optional
FeaturesÆ Image Overwrite Security Æ Perform an Image Overwrite tab in the SA CD
1
for invoking an On
Demand Image Overwrite from either the Local User Interface or the Web User Interface. Before invoking On
Demand Image Overwrite verify that there are no active or pending print or scan jobs, including Configuration
Reports and Error Sheets.
• Incomplete job queues do not show a status of ‘Overwriting’ for copy jobs. Completed job queues do sho w,
however, Immediate Image Overwrite completion status for copy jobs.
• If a System Administrator aborts an On Demand Image Overwrite, Xerox recommends that the machi ne be
allowed to complete its system reboot before a Software Reset is attempted from the Tools Pathway via the
Local User Interface. Otherwise, the Local UI will become unavailable. The machine will have to be powered off
and then powered on again to allow the system to properly resynchronize.
3. The certified configuration includes two patches, one for an HTTP problem and one for a Postscript problem, to
Network Controller software version 1.02.074.02. The patches can be obtained from
http://www.xerox.com/security
by linking to Xerox Security Bulletins XRX04-009 and XRX04-010, respectively. The two patches should be
installed in the following order – the HTTP patch (Bulletin XRX04-009) first and then the Postscript patch
documented in Xerox Security Bulletin XRX04-010. After loading these two patches, please check the system
Configuration Report to confirm that the Net Controller Software Version line lists 1.02.074.02.P17.P18. If the
System Configuration Report does not confirm that the Network Controller Software Version is this version, please
contact Xerox Customer Support for assistance in getting your machine to the secure configur ation. Further
information about the issue resolved by this patch can be found at
http://www.xerox.com/security.
4. Before upgrading software on a WorkCentre™ Pro 65/75/90 Advanced Multifunction System machine via the
Manual/Automatic Customer Software Upgrade, please check for the latest certified software versions. Otherwise,
the machine may not remain in its certified configuration. To maintain the certified configuration, it is recommended
that acceptance of customer software upgrades via the network be turned off/disabled on both the Local UI
(Customer Software Upgrade screen) and the Web UI (Auto Upgrade web page).
5. System Administrator login is required when accessing the security features of a WorkCentre™ Pro 65/75/90
Advanced Multifunction System machine via the Web User Interface. Xerox recommends that the ‘Remember my
password’ option not be checked so the password is not saved in the client machine’s Web Browser.
3
In the case of a power failure or system crash of the copy controller, this screen will appear when the machine powers
up.
© 2004 Xerox Corporation. All rights reserved. Page 2 of 4