Resumen del contenido incluido en la página 1
Xerox WorkCentre
5735/5740/5745/5755/5765/5775/5790
Information Assurance Disclosure Paper
Version 2.0
Prepared by:
Larry Kovnat
Xerox Corporation
1350 Jefferson Road
Rochester, New York 14623
Resumen del contenido incluido en la página 2
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper ©2010 Xerox Corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and/or other counties. Other company trademarks are also acknowledged. Document Version: 1.00 (May 2010). Ver. 2.00, March 2011 Page 2 of 50
Resumen del contenido incluido en la página 3
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 1. INTRODUCTION ..................................................................................................................................5 1.1. Purpose .................................................................................................................................................................................... 5 1.2. Target Audience .......................................
Resumen del contenido incluido en la página 4
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 3.2. Login and Authentication Methods ........................................................................................................................... 24 3.2.1. System Administrator Login [All product configurations] ........................................................................................... 24 3.2.2. User authentication ........................................................
Resumen del contenido incluido en la página 5
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 1. Introduction The WorkCentre 5735/5740/5745/5755/5765/5775/5790 multifunction systems are among the latest versions of Xerox copier and multifunction devices for the general office. 1.1. Purpose The purpose of this document is to disclose information for the WorkCentre products with respect to device security. Device Security, for this paper, is defined as how image data is stored and transmitte
Resumen del contenido incluido en la página 6
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2. Device Description This product consists of an in put document handler and scanner, marking engine including paper path, controller, and user interface. Document Feeder & Scanner Graphical User (IIT) Interface (GUI) Paper Trays Marking Engine (IOT) High-volume finisher and booklet maker accessories High-capacity feeder accessory Figure 2-1 WorkCentre Multifunction System
Resumen del contenido incluido en la página 7
Optical interface XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Figure 2-2 System functional block diagram 2.1.2. Security Functions allocated to Subsystems Security Function Subsystem Controller Image Overwrite Graphical User Interface System Authentication Controller Graphical User Interface Controller Network Authentication Graphical User Interface Controller Security Audit Controller Cryptographic Operations User Data Prot
Resumen del contenido incluido en la página 8
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Security Function Subsystem Controller Security Management Graphical User Interface Table 1 Security Functions allocated to Subsystems 2.2. Controller 2.2.1. Purpose The controller provides both network and direct-connect external interfaces, and enables copy, print, email, network scan, server fax, internet FAX, and LanFAX functionality. Network scanning, server fax, internet fax, and LanFax, ar
Resumen del contenido incluido en la página 9
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Non-Volatile Memory Type (Flash, EEPROM, Size User Function or Use Process to Sanitize etc) Modifiable (Y/N) Flash ROM 128MB N Single Board Controller No user image data stored (Boot code and system file) NVRAM 128KB N Single Board Controller No user image data stored. (Xerographic set points) Additional Information: There are other non volatile memory devices in the system, but these are used sol
Resumen del contenido incluido en la página 10
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2.2.3. External Connections Figure 2-3 Back panel connections Interface Description / Usage FAX line 1, RJ-11 Supports FAX Modem T.30 protocol only FAX line 2, RJ-11 Supports FAX Modem T.30 protocol only Software upgrade USB Host Port PSW USB Target Port Direct-connect printing; Xerox diagnostic tools (PSW and CAT) and Xerox copier assistant Ethernet 10/100/1000 Network connectivity Sca
Resumen del contenido incluido en la página 11
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper USB Target port Direct-connect printing; Xerox diagnostic tools (PSW and CAT) and Xerox copier assistant Table 5 USB Ports 2.2. Fax Module 2.3.1. Purpose The embedded FAX service uses the installed embedded fax card to send and receive images over the telephone interface. 2.3.2. Hardware The Fax module contains the fax modem and RJ-11 connector. The Fax modem implements the T.30 fax protocol.
Resumen del contenido incluido en la página 12
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Volatile Memory Description Type (SRAM, DRAM, etc) Size User Modifiable Function or Use Process to Clear: (Y/N) SRAM 6KB N Scanner volatile memory; no user Power Off System image data stored Additional Information: All memory listed above contains code for execution and configuration information. No user or job data is permanently stored in this location. Non-Volatile Memory Description Type (F
Resumen del contenido incluido en la página 13
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Table 8 User Interface memory components 2.6. Marking Engine (also known as the Image Output Terminal or IOT) 2.6.1. Purpose The Marking Engine performs copy/print paper feeding and transport, image marking and fusing, and document finishing. Images are not stored at any point in these subsystems. 2.6.2. Hardware The marking engine is comprised of paper supply trays and feeders, paper transport,
Resumen del contenido incluido en la página 14
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Figure 2-4 Controller Operating System layer components Ver. 2.00, March 2011 Page 14 of 50
Resumen del contenido incluido en la página 15
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2.7.3. Network Protocols Figure 2-5 is an interface diagram depicting the protocol stacks supported by the device, annotated according to the DARPA model. Figure 2-5 IPv4 Network Protocol Stack Ver. 2.00, March 2011 Page 15 of 50
Resumen del contenido incluido en la página 16
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper Figure 2-6 IPv6 Network Protocol Stack 2.8. Logical Access 2.8.1. Network Protocols The supported network protocols are listed in Appendix D and are implemented to industry standard specifications (i.e. they are compliant to the appropriate RFC) and are well-behaved protocols. There are no ‘Xerox unique’ additions to these protocols. 2.8.1.1. IPSec The device supports IPSec tunnel mode. The
Resumen del contenido incluido en la página 17
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper device-initiated operations (like scanning) cannot assume the existence of the tunnel unless a print job (or other client initiated action) has been previously run since the last boot at either end of the connection. 2.8.2. Ports The following table summarizes all potential open ports and subsequent sections discuss each port in more detail. Default Type Service name Port # 25 TCP SMTP 53 UDP DN
Resumen del contenido incluido en la página 18
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2.8.2.4. Port 80, HTTP The embedded web pages communicate to the machine through a set of unique APIs and do not have direct access Network Controller I n t request e request http r machine n server information response a l response A P I Network to machine information: The HTTP port can only access the HTTP server residing in the controller. The embedded HTTP server is Apache. The purpose of the HT
Resumen del contenido incluido en la página 19
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2.8.2.5. Port 88, Kerberos This port is only open when the device is communicating with the Kerberos server to authenticate a user, and is only used only to authenticate users in conjunction with the Network Scanning feature. To disable this port, authentication must be disabled, and this is accomplished via the Local User Interface. This version of software has Kerberos 5.1.1 with DES (Data Encrypti
Resumen del contenido incluido en la página 20
XEROX WorkCentre 5735/5740/5745/5755/5765/5775/5790 Information Assurance Disclosure Paper 2.8.2.7. Ports 137, 138, 139, NETBIOS For print jobs, these ports support the submission of files for printing as well as support Network Authentication through SMB. Port 137 is the standard NetBIOS Name Service port, which is used primarily for WINS. Port 138 supports the CIFS browsing protocol. Port 139 is the standard NetBIOS Session port, which is used for printing. Ports 137, 138 and 139 may