Xerox Workcentre 6400 Technical manual

Xerox WorkCentre 6400

Multifunction System

Information Assurance Disclosure Paper

Version 1.0

Prepared by:

Larry Kovnat

Xerox Corporation

1350 Jefferson Road

Rochester, New York 14623

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 2 of 44

Xerox Corporation in the United States and/or other counties.

Other company trademarks are also acknowledged.

Document Version: 1.00 (May 2010).

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 3 of 44

1. INTRODUCTION ..................................................................................................................................5

1.1. Purpose ............................................................................................................................................................................... 5

1.2. Target Audience .............................................................................................................................................................. 5

1.3. Disclaimer .......................................................................................................................................................................... 5

2. DEVICE DESCRIPTION.......................................................................................................................6

2.1. Security-relevant Subsystems..................................................................................................................................... 6

2.1.1. Physical Partitioning.......................................................................................................................................................................6

2.1.2. Security Functions allocated to Subsystems ........................................................................................................................7

2.2. Controller ........................................................................................................................................................................... 8

2.2.1. Purpose ................................................................................................................................................................................................8

2.2.2. Memory Components ....................................................................................................................................................................8

2.2.3. External Connections ..................................................................................................................................................................10

2.2.4. USB Host Port.................................................................................................................................................................................11

2.2. Fax Module......................................................................................................................................................................11

2.3.1. Purpose .............................................................................................................................................................................................11

2.3.2. Hardware..........................................................................................................................................................................................11

2.4. Scanner.............................................................................................................................................................................12

2.4.1. Purpose .............................................................................................................................................................................................12

2.4.2. Hardware..........................................................................................................................................................................................12

2.5. Graphical User Interface (GUI) ................................................................................................................................12

2.5.1. Purpose .............................................................................................................................................................................................12

2.5.2. Hardware..........................................................................................................................................................................................12

2.6. Marking Engine (also known as the Image Output Terminal or IOT).........................................................13

2.6.1. Purpose .............................................................................................................................................................................................13

2.6.2. Hardware..........................................................................................................................................................................................13

2.7. System Software Structure........................................................................................................................................14

2.7.1. Open-source components .........................................................................................................................................................14

2.7.2. OS Layer in the Controller .........................................................................................................................................................14

2.7.3. Network Protocols ........................................................................................................................................................................15

2.8. Logical Access.................................................................................................................................................................17

2.8.1. Network Protocols ........................................................................................................................................................................17

2.8.2. Ports ...................................................................................................................................................................................................18

2.8.3. IP Filtering .......................................................................................................................................................................................22

3. SYSTEM ACCESS................................................................................................................................ 23

3.1. Authentication Model..................................................................................................................................................23

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 4 of 44

3.2. Login and Authentication Methods........................................................................................................................25

3.2.1. System Administrator Login [All product configurations] ...........................................................................................25

3.2.2. User authentication.....................................................................................................................................................................25

3.3. System Accounts ...........................................................................................................................................................27

3.3.1. Printing [Multifunction models only]....................................................................................................................................27

3.3.2. Network Scanning [Multifunction models only] ..............................................................................................................27

3.4. Diagnostics......................................................................................................................................................................27

3.4.1. Service [All product configurations]......................................................................................................................................27

3.4.2. tty Mode...........................................................................................................................................................................................27

3.4.3. Summary..........................................................................................................................................................................................28

4. SECURITY ASPECTS OF SELECTED FEATURES ......................................................................29

4.1. Audit Log..........................................................................................................................................................................29

4.2. Xerox Standard Accounting.......................................................................................................................................33

4.3. Automatic Meter Reads ..............................................................................................................................................33

4.4. Encrypted Partitions.....................................................................................................................................................33

4.5. Image Overwrite............................................................................................................................................................34

4.5.1. Algorithm.........................................................................................................................................................................................34

4.5.2. User Behavior.................................................................................................................................................................................34

4.5.3. Overwrite Timing ..........................................................................................................................................................................35

5. RESPONSES TO KNOWN VULNERABILITIES .........................................................................36

5.1. Security @ Xerox (www.xerox.com/security)........................................................................................................36

6. APPENDICES.......................................................................................................................................37

6.1. Appendix A – Abbreviations ......................................................................................................................................37

6.2. Appendix B – Supported MIB Objects....................................................................................................................39

6.3. Appendix C –Standards...............................................................................................................................................42

6.4. Appendix E – References.............................................................................................................................................44

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 5 of 44

1. Introduction

The WorkCentre 6400 Multifunction System is among the latest versions of Xerox copier and multifunction devices

for the general office.

1.1. Purpose

The purpose of this document is to disclose information for the WorkCentre products with respect to device security.

Device Security, for this paper, is defined as how image data is stored and transmitted, how the product behaves in a

networked environment, and how the product may be accessed, both locally and remotely. Please note that the

customer is responsible for the security of their network and the WorkCentre products do not establish security for

any network environment.

The purpose of this document is to inform Xerox customers of the design, functions, and features of the WorkCentre

products relative to Information Assurance (IA).

This document does NOT provide tutorial level information about security, connectivity, PDLs, or WorkCentre

products features and functions. This information is readily available elsewhere. We assume that the reader has a

working knowledge of these types of topics. However, a number of references are included in the Appendix.

1.2. Target Audience

The target audience for this document is Xerox field personnel and customers concerned with IT security.

1.3. Disclaimer

The information in this document is accurate to the best knowledge of the authors, and is provided without warranty

of any kind. In no event shall Xerox Corporation be liable for any damages whatsoever resulting from user's use or

disregard of the information provided in this document including direct, indirect, incidental, consequential, loss of

business profits or special damages, even if Xerox Corporation has been advised of the possibility of such damages.

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 6 of 44

2. Device Description

This product consists of an in put document handler and scanner, marking engine including paper path, controller,

and user interface. Not shown in the picture below are optional additional paper trays and an optional finisher.

Figure 2-1 WorkCentre Multifunction System

2.1. Security-relevant Subsystems

2.1.1. Physical Partitioning

The security-relevant subsystems of the product are partitioned as shown in Figure 2-2.

Document Feeder & Scanner

(

IIT

)

Marking Engine (IOT)

Paper Tray

Graphical User

Interface

(GUI)

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 7 of 44

Fax Module

Image Output

Terminal (also

known as Marking

Engine)

Controller/GUI

Power Supply

Scanner /

Document Handler

PowerInterface

TOEinternalwiring(proprietary)

TOEinternal

wiring

(proprietary)

PCIBus

TOE Physical Boundary

Original

Documents

Optical

interface

Human Interface

Hardcopy

(Finisher)

Paper output interface

ButtonsandDisplay

PSTN (RJ-11 Port)

Physicalexternal

interface

Ethernet Port,

USB Target Port, UI

PhysicalexternalInterfaces

Power Cord USB Host Port,

Foreign Device

Interface, Scanner

Interface

PhysicalexternalInterfaces

Power Button

Button and TOE internal wiring

(proprietary)

Physical external

Interface

Figure 2-2 System functional block diagram

2.1.2. Security Functions allocated to Subsystems

Security Function Subsystem

Image Overwrite Controller

Graphical User Interface

System Authentication Controller

Graphical User Interface

Network Authentication Controller

Graphical User Interface

Security Audit Controller

Cryptographic Operations Controller

User Data Protection – SSL Controller

User Data Protection – IP Filtering Controller

User Data Protection – IPSec Controller

User Data Protection – Disk Encryption Controller

Network Management Security Controller

Fax Flow Security Fax Module

Controller

Graphical User Interface

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 8 of 44

Security Function Subsystem

Security Management Controller

Graphical User Interface

Table 1 Security Functions allocated to Subsystems

2.2. Controller

2.2.1. Purpose

The controller provides both network and direct-connect external interfaces, and enables print, email, network scan,

server fax, internet FAX, and LanFAX functionality. Network scanning, server fax, internet fax, and LanFax, are

standard features. Image Overwrite, which is included as a standard feature, enables both Immediate and On-

Demand overwrite of any temporary image data created on disk. The controller also incorporates an open-source

web server (Apache) that exports a Web User Interface (WebUI) through which users can submit jobs and check job

and machine status, and through which system administrators can remotely administer the machine.

The controller contains the image path, which uses proprietary hardware and algorithms to process the scanned

images into high-quality reproductions. Scanned images may be temporarily buffered in DRAM to enable electronic

pre-collation, sometimes referred to as scan-once/print-many. When producing multiple copies of a document, the

scanned image is processed and buffered in the DRAM in a proprietary format. Extended buffer space for very large

documents is provided on the network disk. The buffered bitmaps are then read from DRAM and sent to the Image

Output Terminal (IOT) for marking on hardcopy output. For long documents, the production of hardcopy may begin

before the entire original is scanned, achieving a level of concurrency between the scan and mark operations.

The controller operating system is Wind River Linux, kernel v. 2.6.20+. (Note: Consistent with Flaw Remediation, this

baseline may be updated as indicated by the ‘+’ sign. Unnecessary services such as rsh, telnet and finger are

disabled in the OS. FTP is used in client-only mode by the network scanning feature for the filing of scanned images

and the retrieval of Scan Templates; however the controller does not contain an FTP server.

The controller works with the Graphical User Interface (GUI) assembly to provide system configuration functions. A

System Administrator PIN must be entered at the GUI in order to access these functions.

2.2.2. Memory Components

Volatile Memory Description

Type (SRAM, DRAM, etc) Size User Modifiable

(Y/N)

Function or Use Process to Clear:

DDR SDRAM 512MB N Executable code, control data, buffer

memory (temporarily contains

incoming image data) [NC]

Power Off System

DDR SDRAM 512MB N Executable code, control data, buffer

memory (temporarily contains image

data) [CC]

Power Off System

ASICs, Registers, RAM Buffers, etc. various N Image manipulation, image transfer

(temporarily contains image data).

Power Off System

Additional Information:

All memory listed above contains code for execution and configuration information. No user or job data is permanently stored in these

locations.

Scan to Remote File is supported on this device.

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 9 of 44

Non-Volatile Memory Description

Type (Flash, EEPROM, etc) Size User Modifiable

(Y/N)

Function or Use Process to Clear:

Flash 16MB via Diagnostics &

Software Upgrade

U-Boot, IOTIF FPGA code, sw upgrade

boot mgr, kernel [CC]

Diagnostic

Flash 32MB via Diagnostics &

Software Upgrade

U-Boot, scanif FPGA code, splash

screen, sw upgrade boot mgr, kernel

[NC]

Diagnostic

Battery backed up SRAM 512Kb N CC parameters Diagnostic

ASICs, FPGAs, etc. various N Basic device information including the

MAC Address

None

Additional Information:

All memory listed above contains code for execution and configuration information. No user or job data is stored in these locations.

Table 2 Controller memory components

Hard Drive Description

Drive/Partition

(System, Image):

Removable

Y/N

Size User Modifiable

(Y/N)

Function or Use Process to Clear:

Copy Disk Yes but not

normal use

80GB

(min)

N with normal

operation

CC and Fax Application SW, Fax

parameters, spooling for images

in process

Diagnostic for all areas

and during normal

operation spooling

areas with Image

Overwrite.

Network Disk Yes but not

normal use

80GB

(min)

N with normal

operation

NC and UI Application SW, NC

and XUI parameters, fonts,

stored jobs, stored scanned

images, device settings, spooling

for files to be printed

Diagnostic for all areas

and during normal

operation spooling

areas with Image

Overwrite

Additional Information:

These disks contain OS, stored executables, fonts, device settings and images, etc. Scan to Local File is supported on this device The

“Stored Job” files remain on the disk until deleted during normal operation. Other job files are deleted during normal operation.

The spooling space is dynamically allocated to each job; at the job completion this space is deallocated to be available for new images.

The images and files spooled to the hard drive and not being used can be erased during normal operation using Immediate Image

Overwrite, Scheduled Image Overwrite, and On Demand Image Overwrite.

All residual customer data in dellocated space can be overwritten using a three pass algorithm that conforms to U.S. Department of

Defense Directive 5200.28.M.

Data stored on disk can be encrypted using Encryption option.

Table 3 Hard Disk Drives

XEROX WorkCentre 6400 Information Assurance Disclosure Paper

Ver. 1.00, May 2010 Page 10 of 44

2.2.3. External Connections

Figure 2-3 Back panel connections

Interface Description / Usage

Scanner Proprietary connection between the scanner and

controller

USB Host Port Software upgrade module, network logging and

save/restore machine settings during service.

Ethernet Network connectivity

USB Target Direct connect printing

FAX line 1, RJ-11 Supports FAX Modem T.30 protocol only

Scanner/UI

USB Host Type A

10/100/1000 ethernet

USB Target Type B

Foreign Device I/F

Fax

Other manuals for WorkCentre 6400

Table of contents

Other Xerox All In One Printer manuals

Xerox

Xerox 4150 - WorkCentre B/W Laser User manual

Xerox

Xerox Phaser 6115 MFP User manual

Xerox

Xerox Phaser 6115 MFP Manual

Xerox

Xerox WORKCENTRE 7428 Service manual

Xerox

Xerox WorkCentre EC 7836 User manual

Xerox

Xerox Phaser 6128 MFP User manual

Xerox

Xerox C235 User manual

Xerox

Xerox PHASER 6121MFP Operating manual

Xerox

Xerox WorkCentre 7500 Series User manual

Xerox

Xerox WorkCentre 5325 User manual

Xerox

Xerox WorkCentre 7346 User manual

Xerox

Xerox WorkCentre 390 User manual

Xerox

Xerox WorkCentre 5022 User manual

Xerox

Xerox WorkCentre 3615 Operating manual

Xerox

Xerox 700i Parts list manual

Xerox

Xerox WORKCENTRE 7775 User manual

Xerox

Xerox 4150 - WorkCentre B/W Laser User manual

Xerox

Xerox DCC250 User manual

Xerox

Xerox All in One Printer Instruction Manual

Xerox

Xerox DocuMate 700 Manual

Xerox

Xerox EC8056 User manual

Xerox

Xerox Document Centre 432 User manual

Xerox

Xerox VersaLink B415 User manual

Xerox

Xerox ApeosPort-II 5010 User manual

Popular All In One Printer manuals by other brands

Brother

Brother MFC-J220 Basic user's guide

Brother

Brother MFC-8510DN Basic user's guide

Ricoh

Ricoh Aficio FX200 Service training

Olivetti

Olivetti d-Copia 16W Operation manual

Konica Minolta

Konica Minolta bizhub C3850FS user guide

Konica Minolta

Konica Minolta bizhub 758 manual

Lexmark

Lexmark MX310 Series Service manual

Ricoh

Ricoh Aficio 3224C operating instructions

Sagem

Sagem MF 3625 user manual

Epson

Epson Epson Stylus NX530 quick guide

Brother

Brother MFC9800 - MFC 9800 B/W Laser owner's manual

Konica Minolta

Konica Minolta 7033 instruction manual

Ricoh

Ricoh Aficio MP 161F operating instructions

Epson

Epson WorkForce WF-2510 Basic guide

Epson

Epson Stylus Scan 2000 Product information guide

Epson

Epson PictureMate Snap PM 240 Start here

Brother

Brother MFC-J430w user guide

Konica Minolta

Konica Minolta BIZHUB 558 Quick reference guide

Xerox WorkCentre 6400 Technical manual

Popular All In One Printer manuals by other brands