Page 1
Version 1.6
April 16, 2008
Secure Installation and
Operation of Your
WorkCentre™ 5030/5050
Page 2
Secure Installation of Your WorkCentre™ 5030/5050
Purpose and Audience
This document provides information on the secure installation and operation of a WorkCentre™ 5030/5050 Multifunction
System. All customers, but particularly those concerned with secure installation and operation of these machines, should follow
these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your WorkCentre™ 5030/5050
Multifunction System is operated and maintained in a secure manner.
Background
The WorkCentre™ 5030/5050 Multifunction System is currently undergoing Common Criteria evaluation. The information
provided here is consistent with the security functional claims made in the Security Target. Upon completion of the evaluation,
the Security Target will be available from the Common Criteria Consumer’s website
(www.commoncriteriaportal.org/public/consumer) list of evaluated products or from your Xerox representative.
Details
For secure installation, setup and operation of a WorkCentre™ 5030/5050 Multifunction System please follow these guidelines:
1. Change the Tools password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Tools password to a minimum length of eight digits and (2) change the Tools
password once a month. For directions on how to change the Tools password select either the:
• Reference Æ Machine Tools Æ Password tabs in the System Administration (SA) CD
• Tutorials Æ Machine Administration Æ Accessing Tools Pathway tabs in the User’s Guide
The only allowable characters from the machine keyboard that can be used for the Tools password are the following: digits
‘0’ through ‘9’, ‘#’ and ‘*’
2. For customers concerned about document files on the network controller hard disk drive, the Image Overwrite Security
(IOS) option containing the Immediate Image Overwrite and On Demand Image Overwrite security features must be
purchased and properly configured, installed and enabled. Please follow the applicable instructions in the Installation Æ
Options Æ Installation tab in the System Administration (SA) CD
1
for proper installation and enablement of Immediate
Image Overwrite and On Demand Image Overwrite.
1
or
2
.
Notes:
• Immediate Image Overwrite, once enabled, automatically overwrites the image data created by a print or scan job on
the Network Controller Hard Disk. The machine will only print jobs with valid print types (Postscript, PCL, TIFF, text of
PDF). An illegal print job of any other type will not be printed. However, Immediate Image Overwrite will attempt to
execute for an illegal print job. This could result in an erroneous ‘unsuccessful’ Immediate Image Overwrite status in
the Complete Job Log for the job in question.
• The following could result in an erroneous ‘unsuccessful’ Immediate Image Overwrite status reported in the Complete
Job Log for the job in question – (1) canceling of either a legal or illegal print job from a remote client, if done quickly
after submission, (2) closing the connection to Port 9100 without sending any data through the port could result in an
erroneous ‘unsuccessful’ Immediate Image Overwrite status in the Complete Job Log or (3) cancelling at the Local
User Interface (Local UI) a secure print, delayed print or print job held for any other reason.
• Immediate Image Overwrite of a delayed print job will not occur until after the machine has printed the job.
• If an Immediate Image Overwrite fails, an informational Immediate Image Overwrite Error screen will appear on the
graphical user interface on the WorkCentre™ 5030/5050 Multifunction System machine. This screen tells the user that
(1) an Immediate Image Overwrite in the network controller has failed for a completed job, (2) the System
Administrator should be notified that this error has occurred, and (3) an On Demand Image Overwrite should be run.
The user closes this informational screen by pressing the Confirm button.
• If there is a power failure or system crash of the network controller while processing a large print job, residual data
might still reside on the Network Controller hard drive. In that case an error sheet will be printed indicating that there
is an Immediate Overwrite Failure and requesting that an On Demand Image Overwrite be run.
• On Demand Image Overwrite, once enabled, is manually invoked. Follow the instructions in the Installation Æ
OptionsÆ Installation Æ On Demand Image Overwrite tab in the SA CD
1
for invoking an On Demand Image
Overwrite from either the Local User Interface or the Web User Interface (WebUI). Before invoking On Demand
Image Overwrite verify that (1) there are no active or pending print or scan jobs, (2) after a power on of the machine
all subsystems must be properly synced and the Configuration Report must have printed, (3) for any previously
1
WorkCentre 5030/5050 System Administration CD1, Document Number 538E11390
2
WorkCentre 5030/5050 Training and Information CD2, Document Number 538E11400
Page 3
initiated On Demand Image Overwrite request the confirmation sheet must have printed and (4) the Embedded Fax
card must have the correct software version and must be properly configured.
• If a System Administrator aborts an On Demand Image Overwrite, Xerox recommends that the machine be allowed to
complete its system reboot before a Software Reset is attempted from the Tools Pathway via the Local User Interface.
Otherwise, the Local UI will become unavailable. The machine will have to be powered off and then powered on again
to allow the system to properly resynchronize. The System Administrator may cancel an On Demand Image Overwrite
only at the Local UI if it was initiated at that interface. If an On Demand Image Overwrite was initiated from the
WebUI, it cannot be aborted from either the WebUI or Local UI.
• If an On Demand Image Overwrite fails to complete because of an error or system crash, Xerox recommends that the
System Administrator immediately perform another On Demand Image Overwrite, but only after completion of a
system reboot or software reset initiated from the Local User Interface or the Web User Interface.
3. Xerox recommends that the System Administrator change the SNMP v1/v2c public/private community strings from their
default string names to random string names.
4. Xerox recommends that any TCP/IP hostnames should only use alphanumeric characters; special characters such as the
underscore (‘_’) should not be used at all in TCP/IP hostnames.
5. The system administration should ensure that the Embedded Fax Card and fax software is installed in accordance with the
instructions in the Installation Æ OptionsÆ Installation Æ Embedded Fax -> View Instructions tab in the SA CD
System Administrator can then set Embedded Fax parameters and options via the Local User Interface on the machine.
Follow the instructions in the Tutorials Æ Machine Administration Æ Tools Pathway Æ Fax Setups tabs in the User
2
Guide
.
6. Before upgrading software on a WorkCentre™ 5030/5050 Multifunction System machine via the Manual/Automatic
Customer Software Upgrade or, please check for the latest certified software versions. Otherwise, the machine may not
remain in its certified configuration. To maintain the certified configuration, it is recommended that acceptance of
customer software upgrades via the network be turned off/disabled on both the Local UI (Customer Software Upgrade
screen) and the Web UI (Auto Upgrade web page).
7. The WorkCentre™ 5030/5050 Multifunction System should be installed in a standard office environment. Office personnel
should be made aware of authorized service calls (for example through appropriate signage) in order to discourage
unauthorized physical attacks such as attempts to remove the internal hard disk.
8. Xerox recommends that customers sign up for the RSS
(Security@Xerox) at www.xerox.com/security
that permits customers to view the latest Xerox Product Security Information
3
subscription service available only via the Xerox Security Web Site
and receive timely reporting of security information about Xerox products, including the latest security patches that apply
to the WorkCentre™ 5030/5050 Multifunction System.
1
. The
9. Customers who encounter or suspect software problems against a WorkCentre™ 5030/5050 Multifunction System should
immediately contact the Xerox Customer Support Center to report the suspected problem and initiate the SPAR (Software
Problem Action Request)
4
process for addressing problems found by Xerox customers.
10. System Administrator login is required when accessing the security features of a WorkCentre™ 5030/5050 Multifunction
System machine via the Web User Interface. Xerox recommends that the ‘Remember my password’ option not be
checked so the password is not saved in the client machine’s Web Browser.
11. A reboot of the system software for a WorkCentre™ 5030/5050 Multifunction System machine is necessary before a
change made to the System Administrator password from the Local User Interface will be synced with and accepted by
the Web User Interface. Until this system software reboot occurs, System Administrator functions from the Web User
Interface should not be accessed.
12. Caution: A WorkCentre™ 5030/5050 Multifunction System allows an authenticated System Administrator to disable
functions like Image Overwrite Security that are necessary for secure operation. System Administrators are advised to
periodically review the configuration of all installed machines in their environment to verify that the proper secure
configuration is maintained.
13. The following windows are available from the Local User Interface to a WorkCentre™ 5030/5050. These windows provide
standard system configuration capability (with System Administrator login and authentication) or security-related user
functions:
• Connectivity and Network Setup - Allows access to screens to set the various parameters associated with network
connectivity; if a change is made to the Ethernet speed the system will automatically reboot. Is accessible by selecting
the ‘Connectivity and Network Setup’ button from the Tools Mode Screen 1 of 3 screen.
3
RDF Site Summary, or Rich Site Summary, or Really Simple Syndication – A lightweight XML format for distributing news headlines and other content on the Web.
Details for signing up for this RSS Service are provided in the Security@Xerox RSS Subscription Service guide posted on the Security@Xerox site at
http://www.xerox.com/go/xrx/template/009.jsp?view=Feature&ed_name=RSS_Security_at_Xerox&Xcntry=USA&Xlang=en_US
4
A SPAR is the software problem report form used internally within Xerox to document customer-reported software problems found in products in the field.
.
2
Page 4
• Delete Job Confirmation – Allows a user or System Administrator to confirm deletion of a job other than an Internet
Fax job from an active (incomplete) job queue. Is accessible by selecting the {Job Status} hard button on the machine,
selecting the desired job from the displayed Job Queue and then selecting the ‘Delete’ button from the displayed Job
Status Job Monitor window.
• Pausing an active job being processed by the device – Allows the user to pause an active scan or print job while it is
being processed by the WorkCentre™ 5030/5050. Is accessible by selecting the ‘Stop’ machine hard button while a job
is being processed by the device. Depending on the type of job being processed by the device, one of the following
Pause windows will be displayed as appropriate to allow the user to determine whether to delete or continue
processing of the job: Scanning Pause window, Printing Pause window, Scanning/Printing (Two Jobs) Pause window,
Resume Marking/Incomplete Scan Job Pause window, Marking/Scanning Job Pause window, Build Job/No
Marking Pause window, Build Job/ Marking Pause window, Build Job Sample Printing/ One Segment Scanned
Pause window or Build Job Sample Printing/More Than One Segment Scanned Pause window.
• Job Details (Completed Jobs) - Allows a user to view the details of a selected completed job. Is accessible by (1)
selecting the {Job Status} hard button on the machine, (2) selecting the {Other Queues} button on the displayed Job
Queue window, (3) selecting the desired Completed job queue from the three such “Completed” job queues available,
and then finally (4) selecting the desired job from the displayed “Completed” Job Queue window.
14. The following page is available from the Web User Interface to a WorkCentre™ 5030/5050 with System Administrator
login and authentication. This page provide standard system configuration capability:
• Image Settings - Allows the System Administrator to determine what TIFF JPEG Compression version to use. Is
accessible by selecting the General Setup -> Image Settings tabs from the Properties Content Menu.
15. The following page is available from the Web User Interface to a WorkCentre™ 5030/5050 with no System Administrator
login and authentication required:
• Index – Provides a user with hyperlink pointers to each Web User Interface screen. Is accessible by selecting the Index
button on the top of every Web User Interface page.
16. The following Special Purpose pages are available from the Web User Interface with System Administrator login and
authentication: These pages provide additional system configuration capability as follows:
• Exported Scan Files - Allows the setting of the PDF encoding format for scanned files. Is accessible by typing
http://{IP Address}
5
/diagnostics/index.dhtml and then selecting ‘Exported Scan Files’ from the Diagnostics Content
Menu.
• Raw TCP/IP Printing - Allows the user to enable/disable and modify several attributes for Raw TCP/IP Printing. Is
accessible by typing in either (1) http://{IP Address}
Printing] from the Diagnostics Content Menu or (2) http://{IP Address}
• LDAP - Allows the user to set desired LDAP Server search filters. Is accessible by typing http://{IP
Address}
5
/diagnostics/ldapFilter.dhtml or by typing http://{IP Address}/diagnostics/index.dhtml and selecting
5
/diagnostics/index.dhtml and then selecting [Raw TCP/IP
5
/diagnostics/rawhidden.dhtml.
[LDAP] from the Diagnostics menu.
• Sever Fax Edge Erase - Allows the user to set the desired border edge erase value for a Server Fax job. Is accessible by
typing http://{IP Address}
Diagnostics Content Menu or by typing http://{IP Address}
• LPR/LPD - Allows the user to enable or disable PDL switching over LPR/LPD. Is accessible by typing http://{IP
Address}
5
/diagnostics/ lprlpdhidden.dhtml.
• Secure Print Release All - Allows the user to release all of the user’s secure print jobs at one time with the same user
name and password. Is accessible by typing http://{IP Address}
• Secure Attribute Editor - Allows the user to change some system attributes related to PDLs (e.g., memory usage,
copies per page, etc.). Is accessible by typing http://{IP Address}
• Filing Cabinet - Allows the user to enable the use of Network scanning filing cabinets. Is accessible by typing
http://{IP Address}
• DLM Maker - Allows the user to create a DLM out of any file. Is accessible by typing http://{IP
Address}
5
/diagnostics/DLMMakerdhtml.
5
/diagnostics/index.dhtml and then selecting ‘Server Fax Edge Erase’ from the
5
/diagnostics/filing_cabinet.dhtml.
5
/diagnostics/serverfaxedgeerase.dhtml.
5
/diagnostics/ secureReleaseAll.dhtml.
5
/diagnostics/ secureattr.dhtml.
5
{IP Address} is the IP address of the machine
3
Page 5
17. There are eleven One-Off Feature pages that are available from the Web User Interface with System Administrator login
and authentication. Each one-off feature page is a standalone page not linked to any other Web User Interface page that
implements a specialized fix for a specific customer in response to a specific customer generated problem. Each One-Off
Feature page is accessible by typing in http://{IP Address}
Contact
For additional information or clarification on any of the product information given here, contact Xerox support.
Disclaimer
The information provided in this Xerox Product Response is provided "as is" without warranty of any kind. Xerox Corporation
disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular
purpose. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or disregard of
the information provided in this Xerox Product Response including direct, indirect, incidental, consequential, loss of business
profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages. Some states do no
allow the exclusion or limitation of liability for consequential damages so the foregoing limitation may not apply.
5
/oneoff/{SPAR number}6.dhtml.
6
{SPAR number} is an 8 or 9-digit number assigned by Xerox to each SPAR.
4
Loading...