Summary of the content on the page No. 1
Version 1.1
Apr 29, 2011
Secure Installation and
Operation of Your
ColorQube™
9201/9202/9203
Summary of the content on the page No. 2
Secure Installation and Operation of Your ColorQube™ 9201/9202/9203 Purpose and Audience This document provides information on the secure installation and operation of a ColorQube™ 9201/9202/9203 Multifunction System. All customers, but particularly those concerned with secure installation and operation of these machines, should follow these guidelines. Overview This document lists some important customer information and guidelines that will ensure that your ColorQube™ 9201/9202/9203 M
Summary of the content on the page No. 3
c). Secure acceptance of the ColorQube™ 9201/9202/9203, once device delivery and installation is completed, should be done by: • Printing out a Configuration Report by following the “How to Print a Configuration Report” instructions located on page 3-2 of the SAG. • Comparing the software/firmware versions listed on the Configuration Report with the Evaluated Software/Firmware versions listed in Table 2 of the Xerox ColorQube™ 9201/9202/9203 Multifunction Systems Security Target, Version
Summary of the content on the page No. 4
• Before invoking an On Demand Image Overwrite verify that: • There are no active or pending print or scan jobs. • There are no new or unaccounted for Dynamic Loadable Modules (DLMs) or other software running on the machine. • There are no active processes that access the hard disk drive(s). • No user is logged into a session via network accounting, Xerox Standard Accounting, or the internal auditron, or 3 into a session accessing a directory on the hard disk drive(s) . • After a po
Summary of the content on the page No. 5
j). Xerox recommends that HTTPS be enabled in the evaluated configuration. To enable HTTPS (SSL): 5 • At the Web UI , select the Properties tab. • Follow the “Machine Digital Certificate Management” instructions starting on page 8-9 of the SAG to install on the device either a self-signed digital certificate or a digital certificate signed by a Certificate Authority (CA). • Select the following entries from the Properties 'Content menu’: Connectivity Protocols HTTP. • Select the Secur
Summary of the content on the page No. 6
r). The System Administrator should ensure that the Embedded Fax Card and fax software is installed in accordance with the “Complete the Fax Setup Screens” instructions on page 15-2 in the SAG. The System Administrator can then set Embedded Fax parameters and options via the Local User Interface on the machine by following the instructions on pages 15-2 through 15-4 in the SAG. s). To enable and configure IPSec, follow the instructions starting on page 8-12 in the SAG. Xerox strongly reco
Summary of the content on the page No. 7
u). To enable the session inactivity timers (termination of an inactive session) from the Web UI: • At the Web UI, select the Properties tab. • Select the following entries from the Properties 'Content menu’: Security System Timeout • Enter in the appropriate text box the desired inactive session timeout interval in minutes for the Web System Timer (i.e., the session timeout for the Web UI) and for the Touch User Interface System Timer (i.e., the session timeout for the Local User Inter
Summary of the content on the page No. 8
• Select the [Apply] button. This will disable the Admin Password Reset feature. aa). The Custom Services (Extensible Interface Platform or EIP) feature should be disabled to be consistent with the evaluated configuration. To disable this feature from the Web UI: • Select the Properties tab. • Select the following entries from the Properties 'Content menu’: Connectivity Protocols HTTP Web Services tab. • Make sure that the [Enable] checkbox associated with the Extensible Service R
Summary of the content on the page No. 9
3. Xerox recommends that the System Administrator set the USB Settings to ‘Direct Printing via Driver’ mode to allow only direct printing and prohibit submittal of software upgrade files to the device from a USB Flash Drive. To set the USB Settings to ‘Direct Printing via Driver’ mode via the Web UI: • Select the Properties tab. • Select the following entries from the Properties 'Content menu’: Connectivity Physical Connections USB Port. • Make sure the [Direct Printing via Driver] opt
Summary of the content on the page No. 10
17. Direct USB printing is not part of the evaluated configuration for a ColorQube™ 9201/9202/9203. 18. The following windows are available from the Local User Interface to a ColorQube™ 9201/9202/9203 with System Administrator login and authentication. These windows provide standard system configuration or job management capability: • PagePack Passcode - Allows the System Administrator to enter a 4 digit “PagePack PIN” to enable a PagePack device to work with metered supplies. Is accessib
Summary of the content on the page No. 11
• Overwrite Security Failure – Automatically provides an error message to the user is case an Immediate Image Overwrite of a copy, print, workflow scanning, scan to email, Internet Fax or Embedded Fax job fails. The error message informs the user to notify the System Administrator that an On Demand Overwrite should be run and persists on the Local UI screen until either a manual or a scheduled On Demand Overwrite is initiated. • Custom Services – Provides access to any custom services (Thi
Summary of the content on the page No. 12
• Secure Print Alphanumeric PIN - Allows the System Administrator to set the secure print PIN to be alphanumeric characters instead of just digits. Is accessible by typing either http://{IP Address}/diagnostics/index.dhtml and then selecting ‘Secure Alphanumeric PIN’ from the Diagnostics Content Menu or by typing http://{IP Address}/diagnostics/secureprintalphanumericpin.php. • Secure Attribute Editor - Allows the user to change some system attributes related to PDLs (e.g., memory usage,
Summary of the content on the page No. 13
• NTLM v2 Response - Allows the System Administrator to enable the device to send only the NT Lan Manager (NTLM) Version 2 protocol (and refuse the LM & NTLM versions). Is accessible by typing http://{IP Address}/diagnostics/NTLMSecurity.php. • Custom Size Allowed - Allows the System Administrator to allow custom size paper to be used for print jobs. Is accessible by typing http://{IP Address}/diagnostics/customSizeAllowed.php. • Copies Per Page Print Setting - Allows the System Administr
Summary of the content on the page No. 14
Contact For additional information or clarification on any of the product information given here, contact Xerox support. Disclaimer The information provided in this Xerox Product Response is provided "as is" without warranty of any kind. Xerox Corporation disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or