Xerox Workcentre 5735 Technical manual

Xerox WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Version 2.0

Pre ared by:

Larry Kovnat

Xerox Cor oration

1350 Jefferson Road

Rochester, New York 14623

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 2 of 50

Xerox Cor oration in the United States and/or other counties.

Other com any trademarks are also acknowledged.

Document Version: 1.00 (May 2010).

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 3 of 50

1. INTRODUCTION ..................................................................................................................................5

1.1.

Purpose .................................................................................................................................................................................... 5

1.2.

Target Audience ................................................................................................................................................................... 5

1.3.

Disc aimer ............................................................................................................................................................................... 5

2. DEVICE DESCRIPTION .......................................................................................................................6

2.1.

Security-re evant Subsystems ......................................................................................................................................... 6

2.1.1.

Physical Partitioning .......................................................................................................................................................................6

2.1.2.

Security Functions allocated to Subsystems ........................................................................................................................7

2.2.

Contro er ................................................................................................................................................................................ 8

2.2.1.

Pur ose ................................................................................................................................................................................................8

2.2.2.

Memory Com onents ....................................................................................................................................................................8

2.2.3.

External Connections .................................................................................................................................................................. 10

2.2.4.

USB Ports ......................................................................................................................................................................................... 10

2.2.

Fax Modu e .......................................................................................................................................................................... 11

2.3.1.

2.3.2.

Hardware ......................................................................................................................................................................................... 11

2.4.

Scanner ................................................................................................................................................................................. 11

2.4.1.

2.4.2.

Hardware ......................................................................................................................................................................................... 11

2.5.

Graphica User Interface (GUI) ................................................................................................................................... 12

2.5.1.

2.5.2.

Hardware ......................................................................................................................................................................................... 12

2.6.

Marking Engine (a so known as the Image Output Termina or IOT) .......................................................... 13

2.6.1.

2.6.2.

Hardware ......................................................................................................................................................................................... 13

2.6.3.

Control and Data Interfaces .................................................................................................................................................... 13

2.7.

System Software Structure ........................................................................................................................................... 13

2.7.1.

O en-source com onents ......................................................................................................................................................... 13

2.7.2.

OS Layer in the Controller ......................................................................................................................................................... 13

2.7.3.

Network Protocols ........................................................................................................................................................................ 15

2.8.

Logica Access ..................................................................................................................................................................... 16

2.8.1.

Network Protocols ........................................................................................................................................................................ 16

2.8.2.

Ports ................................................................................................................................................................................................... 17

2.8.3.

IP Filtering ....................................................................................................................................................................................... 21

3. SYSTEM ACCESS ................................................................................................................................ 22

3.1.

Authentication Mode ..................................................................................................................................................... 22

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 4 of 50

3.2.

Login and Authentication Methods ........................................................................................................................... 24

3.2.1.

System Administrator Login [All roduct configurations] ........................................................................................... 24

3.2.2.

User authentication ..................................................................................................................................................................... 24

3.3.

System Accounts ............................................................................................................................................................... 26

3.3.1.

Printing [Multifunction models only] .................................................................................................................................... 26

3.3.2.

Network Scanning [Multifunction models only] .............................................................................................................. 26

3.4.

Diagnostics .......................................................................................................................................................................... 27

3.4.1.

Service [All roduct configurations] ...................................................................................................................................... 27

3.4.2.

Alternate Boot via Serial Port .................................................................................................................................................. 27

3.4.3.

tty Mode ........................................................................................................................................................................................... 27

3.4.4.

Diagnostics via Portable Service Workstation (PSW) Port ........................................................................................... 27

3.4.5.

Summary .......................................................................................................................................................................................... 30

4. SECURITY ASPECTS OF SELECTED FEATURES ...................................................................... 31

4.1.

Audit Log .............................................................................................................................................................................. 31

4.2.

Xerox Standard Accounting .......................................................................................................................................... 39

4.3.

Automatic Meter Reads ................................................................................................................................................. 40

4.4.

Encrypted Partitions ........................................................................................................................................................ 40

4.5.

Image Overwrite ............................................................................................................................................................... 40

4.5.1.

Algorithm ......................................................................................................................................................................................... 41

4.5.2.

User Behavior ................................................................................................................................................................................. 41

4.5.3.

Overwrite Timing .......................................................................................................................................................................... 41

5. RESPONSES TO KNOWN VULNERABILITIES ......................................................................... 42

5.1.

Security @ Xerox (www.xerox.com/security) .......................................................................................................... 42

6. APPENDICES ....................................................................................................................................... 43

6.1.

Appendix A – Abbreviations ......................................................................................................................................... 43

6.2.

Appendix B – Supported MIB Objects ....................................................................................................................... 45

6.3.

Appendix C –Standards .................................................................................................................................................. 48

6.4.

Appendix E – References ................................................................................................................................................ 50

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 5 of 50

1. Introduction

The

WorkCentre 5735/5740/5745/5755/5765/5775/5790 multifunction systems

are among the latest

versions of Xerox co ier and multifunction devices for the general office.

1.1. Pur ose

The ur ose of this document is to disclose information for the WorkCentre roducts with res ect to device security.

Device Security, for this a er, is defined as how image data is stored and transmitted, how the roduct behaves in a

networked environment, and how the roduct may be accessed, both locally and remotely. Please note that the

customer is res onsible for the security of their network and the WorkCentre roducts do not establish security for

any network environment.

The ur ose of this document is to inform Xerox customers of the design, functions, and features of the WorkCentre

roducts relative to Information Assurance (IA).

This document does NOT rovide tutorial level information about security, connectivity, PDLs, or WorkCentre

roducts features and functions. This information is readily available elsewhere. We assume that the reader has a

working knowledge of these ty es of to ics. However, a number of references are included in the A endix.

1.2. Target Audience

The target audience for this document is Xerox field ersonnel and customers concerned with IT security.

1.3. Disclaimer

The information in this document is accurate to the best knowledge of the authors, and is rovided without warranty

of any kind. In no event shall Xerox Cor oration be liable for any damages whatsoever resulting from user's use or

disregard of the information rovided in this document including direct, indirect, incidental, consequential, loss of

business rofits or s ecial damages, even if Xerox Cor oration has been advised of the ossibility of such damages.

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 6 of 50

2. Device Descri tion

This roduct consists of an in ut document handler and scanner, marking engine including a er ath, controller,

and user interface.

Figure 2-1 WorkCentre Mu tifunction System

2.1. Security-relevant Subsystems

2.1.1. Physical Partitioning

The security-relevant subsystems of the roduct are artitioned as shown in Figure 2-2.

Document Feeder & Scanner

(IIT)

Marking Engine (IOT)

Pa er Trays

Gra hical User

Interface

(GUI)

High-ca acity

feeder accessory

High-volume finisher and

booklet maker accessories

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 7 of 50

PCI Bus

Optical

interface

Buttons and Display

Physical external

interface

Button and TOE internal wiring

(proprietary)

Figure 2-2 System functiona b ock diagram

2.1.2. Security Functions allocated to Subsystems

Security Function Subsystem

Image Overwrite

Controller

Gra hical User Interface

System Authentication

Controller

Gra hical User Interface

Network Authentication

Controller

Gra hical User Interface

Security Audit

Controller

Cry togra hic O erations

Controller

User Data Protection – SSL

Controller

User Data Protection – IP Filtering

Controller

User Data Protection – IPSec

Controller

User Data Protection – Disk Encry tion

Controller

Network Management Security

Controller

Fax Flow Security

Fax Module

Controller

Gra hical User Interface

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 8 of 50

Security Function Subsystem

Security Management

Controller

Gra hical User Interface

Tab e 1 Security Functions a ocated to Subsystems

2.2. Controller

2.2.1. Pur ose

The controller rovides both network and direct-connect external interfaces, and enables co y, rint, email, network

scan, server fax, internet FAX, and LanFAX functionality. Network scanning, server fax, internet fax, and LanFax, are

standard features.

NOTE: The Copier on y version inc udes a hard drive which is used to ho d Operating System software, printing

app ications, and jam c earance videos. Job Image data is not stored on this disk.

Image Overwrite, which is included as a standard feature, enables both Immediate and On-Demand overwrite of any

tem orary image data created on disk. The controller also incor orates an o en-source web server (A ache) that

ex orts a Web User Interface (WebUI) through which users can submit jobs and check job and machine status, and

through which system administrators can remotely administer the machine.

The controller contains the image ath, which uses ro rietary hardware and algorithms to rocess the scanned

images into high-quality re roductions. Scanned images may be tem orarily buffered in DRAM to enable electronic

re-collation, sometimes referred to as scan-once/ rint-many. When roducing multi le co ies of a document, the

scanned image is rocessed and buffered in the DRAM in a ro rietary format. Extended buffer s ace for very large

documents is rovided on the network disk. The buffered bitma s are then read from DRAM and sent to the Image

Out ut Terminal (IOT) for marking on hardco y out ut. For long documents, the roduction of hardco y may begin

before the entire original is scanned, achieving a level of concurrency between the scan and mark o erations.

The controller o erating system is Wind River Linux, kernel v. 2.6.20+. (Note: Consistent with Flaw Remediation, this

baseline may be u dated as indicated by the ‘+’ sign. Unnecessary services such as rsh, telnet and finger are disabled

in the OS. FTP is used in client-only mode by the network scanning feature for the filing of scanned images and the

retrieval of Scan Tem lates; however the controller does not contain an FTP server.

The controller works with the Gra hical User Interface (GUI) assembly to rovide system configuration functions. A

System Administrator PIN must be entered at the GUI in order to access these functions.

2.2.2. Memory Com onents

Vo ati e Memory

Type (SRAM, DRAM,

etc)

Size

User

Modifiab e

(Y/N)

Function or Use

Process to Sanitize

DDR2 SDRAM

U gradeable to

1GB

2GB

N Single Board Controller

(System and user image stored)

Subsequent jobs overwrite

the data and all images are

lost at ower off or reboot.

Additiona Information:

There are also a number of RAM buffers in the video ath that are used for image

mani ulation (Reduce/Enlarge, etc.), and all have no data retention ca ability. When ower is removed all data is lost.

These buffers are ty ically built into the ASICs. Ty ical bleed down time for all volatile memory is 10 seconds.

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 9 of 50

Non-Vo ati e Memory

Type (F ash, EEPROM,

etc)

Size

User

Modifiab e

(Y/N)

Function or Use

Process to Sanitize

Flash ROM 128MB N Single Board Controller

(Boot code and system file)

No user image data stored

NVRAM 128KB N Single Board Controller

(Xerogra hic set oints)

No user image data stored.

Additiona Information:

There are other non volatile memory devices in the system, but these are used solely for

low level I/O control. Some exam les of this distributed control are:

•Power distribution, Photorece tor and main drive motors control

•Raster Out ut Scanner (ROS)

•Pa er Registration

•

Finisher

Tab e 2 Contro er memory components

Media and Storage

Type (disk drives,

tape drives, CF/SD/XD

memory cards, etc.):

Removab e

Y / N

Size:

User

Modifiab e:

Y / N

Function:

Process to Sanitize:

Disk drive N 80GB N Network Controller

A lication and Co y

Controller A lication

software. Image

storage, rocessing and

Overflow EPC image

storage.

On Demand Image

Overwrite

Fax Card N 512MB N User FAX image data

stored

User image data

overwritten at the

com letion of each fax

job.

Overwritten by

Standard or Full

ODIO o eration

Tab e 3 Hard Disk Drives

XEROX WorkCentre

5735/5740/5745/5755/5765/5775/5790

Information Assurance Disclosure Pa er

Ver. 2.00, March 2011 Page 10 of 50

2.2.3. External Connections

Figure 2-3 Back pane connections

Interface Description / Usage

FAX line 1, RJ-11 Su orts FAX Modem T.30 rotocol only

FAX line 2, RJ-11 Su orts FAX Modem T.30 rotocol only

USB Host Port

Software u grade

PSW USB Target Port

Direct-connect rinting; Xerox diagnostic tools (PSW and CAT)

and Xerox co ier assistant

Ethernet 10/100/1000 Network connectivity

Scanner Pro rietary connection between the scanner and controller

carrying ower and communications

Serial Port Engineering develo ment debug; default state is disabled

Foreign Device Interface (FDI) Allows connection of o tional access control hardware

Tab e 4 Contro er Externa Connections

2.2.4. USB Ports

The WorkCentre contains a host connector for a USB flash drive, enabling u load of software u grades and

download of network logs or machine settings files.

Autorun is disabled on this ort. No executable files will be acce ted by the ort.

Modifying the software u grade, network logging or saved machine settings files will make the files unusable on a

WorkCentre .

The data in the network logging file is encry ted and can only be decry ted by Xerox service.

The machine settings that can be saved and restored by a service technician are limited to controller and fax

arameters that are needed for normal o eration. For exam le, the fax address book can be saved and restored by a

service technician.

There is no method for a user, administrator or technician to move image data from the WorkCentre to a USB device.

USB

USB port and ocation Purpose

USB Host orts Software u grade

Other manuals for WORKCENTRE 5735

This manual suits for next models

Other Xerox All In One Printer manuals

Xerox

Xerox B235 User manual

Xerox

Xerox WorkCentre 5790 Series User manual

Xerox

Xerox WorkCentre 7525 User manual

Xerox

Xerox FaxCentre 2121 User manual

Xerox

Xerox FaxCentre F12 User manual

Xerox

Xerox WorkCentre Pro C2128 User manual

Xerox

Xerox Phaser 6180MFP User manual

Xerox

Xerox DocuColor 2240 User manual

Xerox

Xerox Phaser 6128 MFP Operating manual

Xerox

Xerox PHASER 6121MFP Guide

Xerox

Xerox Nuvera 100 EA User manual

Xerox

Xerox ColorQube 8700 Quick start guide

Xerox

Xerox Wide Format 6030 User manual

Xerox

Xerox Phaser 6020 User manual

Xerox

Xerox WORKCENTRE PE 220 User manual

Xerox

Xerox 3210 - workcentre b/w laser User manual

Xerox

Xerox WorkCentre 3655 User manual

Xerox

Xerox 4250 - WorkCentre - Copier User manual

Xerox

Xerox WORKCENTRE 7120 User manual

Xerox

Xerox WorkCentre 6655 User manual

Xerox

Xerox WorkCentre 5865 User manual

Xerox

Xerox WORKCENTRE 7120 Operating manual

Xerox

Xerox VersaLink B415 User manual

Xerox

Xerox WorkCentre 5687 User manual

Popular All In One Printer manuals by other brands

Brother

Brother MFC-J220 Basic user's guide

Brother

Brother MFC-8510DN Basic user's guide

Ricoh

Ricoh Aficio FX200 Service training

Olivetti

Olivetti d-Copia 16W Operation manual

Konica Minolta

Konica Minolta bizhub C3850FS user guide

Konica Minolta

Konica Minolta bizhub 758 manual

Lexmark

Lexmark MX310 Series Service manual

Ricoh

Ricoh Aficio 3224C operating instructions

Sagem

Sagem MF 3625 user manual

Epson

Epson Epson Stylus NX530 quick guide

Brother

Brother MFC9800 - MFC 9800 B/W Laser owner's manual

Konica Minolta

Konica Minolta 7033 instruction manual

Ricoh

Ricoh Aficio MP 161F operating instructions

Epson

Epson WorkForce WF-2510 Basic guide

Epson

Epson Stylus Scan 2000 Product information guide

Epson

Epson PictureMate Snap PM 240 Start here

Brother

Brother MFC-J430w user guide

Konica Minolta

Konica Minolta BIZHUB 558 Quick reference guide

Xerox WORKCENTRE 5735 Technical manual

Popular All In One Printer manuals by other brands