background image

XEROX WorkCentre 

5735/5740/5745/5755/5765/5775/5790 

Information Assurance Disclosure Paper 

 

 

Ver. 2.00, March 2011 

        

Page 

 41 of 50 

4.5.1.

 

Algorithm 

The overwrite mechanism for both IIO and ODIO conforms to the U.S. Department of Defense Directive 
5200.28-M (Section 7, Part 2, paragraph 7-202

2

The algorithm for the Image Overwrite feature is: 

Step 1:  Pattern #1 is written to the sectors containing temporary files (IIO) or to the entire spooling 

area of the disks (ODIO).  (hex value 0x35 (ASCII “5”)). 

Step 2:  Pattern #2 is written to the sectors containing temporary files (IIO) or to the entire spooling 

area of the disks (ODIO).  (hex value 0xCA (ASCII compliment of 5)). 

Step 3:  Pattern #3 is written to the sectors containing temporary files (IIO) or to the entire spooling 

area of the disks (ODIO).  (hex value 0x97 (ASCII “ú”)). 

Step 4:  10% of the overwritten area is sampled to ensure Pattern #3 was properly written.  The 10% 

sampling is accomplished by sampling a random 10% of the overwritten area. 

4.5.2.

 

User Behavior 

IIO can be enabled at the local UI only.  

Once enabled, IIO is invoked automatically immediately prior to the 

completion of a print, network scan, internet fax, network fax, or e-mail job.  If IIO completes successfully, 
status is displayed in the Job Queue.  However, if IIO fails, a popup will appear on the Local UI 
recommending that the user run ODIO, and a failure sheet will be printed. 

ODIO may be invoked either from the Local UI in Tools Pathway or from the CentreWare Internet Services 
Web UI.  Network functions will be delayed until the overwrite is completed.  Copying is unavailable while 
the overwrite itself is underway, but copies may be made while the controller is booting. 

Upon completion and verification of the ODIO process, a confirmation sheet is printed which indicates the 
status of the overwrite.  The completion status can be successful, failed, cancelled, or timed-out. 

Please note that invocation of ODIO will cause currently processing print jobs to be aborted.  However, scan 
jobs will not be aborted and so ODIO might fail.  The user should insure that all scan jobs have been 
completed before invoking ODIO.  

Please refer to the customer documentation for a description on how failures are logged. 

 

4.5.3.

 

Overwrite Timing 

The ODIO overwrite time is dependent on the type of hard disk in the product.  The overwrite and reset 
average time is 10 minutes, but longer times are possible.  

IIO is performed as a background operation, with no user-perceivable reduction in copy, print or scan 
performance. 

                                                                        
 

2

http://www.dtic.mil/whs/directives/corres/archives/520028m_0173/p520028m.pdf

 

Summary of Contents for WORKCENTRE 5735

Page 1: ...Xerox WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Version 2 0 Prepared by Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester New York 14623...

Page 2: ...Paper Ver 2 00 March 2011 Page 2 of 50 2010 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and or other cou...

Page 3: ...onnections 10 2 2 4 USB Ports 10 2 2 Fax Module 11 2 3 1 Purpose 11 2 3 2 Hardware 11 2 4 Scanner 11 2 4 1 Purpose 11 2 4 2 Hardware 11 2 5 Graphical User Interface GUI 12 2 5 1 Purpose 12 2 5 2 Hardw...

Page 4: ...figurations 27 3 4 2 Alternate Boot via Serial Port 27 3 4 3 tty Mode 27 3 4 4 Diagnostics via Portable Service Workstation PSW Port 27 3 4 5 Summary 30 4 SECURITY ASPECTS OF SELECTED FEATURES 31 4 1...

Page 5: ...m Xerox customers of the design functions and features of the WorkCentre products relative to Information Assurance IA This document does NOT provide tutorial level information about security connecti...

Page 6: ...ngine including paper path controller and user interface Figure 2 1 WorkCentre Multifunction System 2 1 Security relevant Subsystems 2 1 1 Physical Partitioning The security relevant subsystems of the...

Page 7: ...bsystems Security Function Subsystem Image Overwrite Controller Graphical User Interface System Authentication Controller Graphical User Interface Network Authentication Controller Graphical User Inte...

Page 8: ...processed and buffered in the DRAM in a proprietary format Extended buffer space for very large documents is provided on the network disk The buffered bitmaps are then read from DRAM and sent to the...

Page 9: ...low level I O control Some examples of this distributed control are Power distribution Photoreceptor and main drive motors control Raster Output Scanner ROS Paper Registration Finisher Table 2 Contro...

Page 10: ...ol hardware Table 4 Controller External Connections 2 2 4 USB Ports The WorkCentre contains a host connector for a USB flash drive enabling upload of software upgrades and download of network logs or...

Page 11: ...d configuration information No user or job data is permanently stored in this location Non Volatile Memory Description Type Flash EEPROM etc Size User Modifiable Y N Function or Use Process to Clear F...

Page 12: ...nd hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is exported by the web service...

Page 13: ...erfaces Images and control signals are transmitted from the copy controller to the marking engine across a proprietary interface 2 7 System Software Structure 2 7 1 Open source components Open source...

Page 14: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 14 of 50 Figure 2 4 Controller Operating System layer components...

Page 15: ...ation Assurance Disclosure Paper Ver 2 00 March 2011 Page 15 of 50 2 7 3 Network Protocols Figure 2 5 is an interface diagram depicting the protocol stacks supported by the device annotated according...

Page 16: ...tween a client and the device A shared secret is used to encrypt the traffic flowing through this tunnel SSL must be enabled in order to set up the shared secret When an IPSec tunnel is established be...

Page 17: ...SLP 443 TCP SSL 515 TCP LPR 631 TCP IPP 1900 UDP SSDP 3003 TCP http SNMP reply 9100 TCP raw IP Table 9 Network Ports Please note that there is no ftp port in this list ftp is only used to export scann...

Page 18: ...ly host the web pages resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networ...

Page 19: ...h time someone could reverse engineer the authentication and gain access to the network With the 5 minute timeout the person has just 5 minutes to reverse engineer the authentication and the key befor...

Page 20: ...tandard LDAP port used for address book queries in the Scan to Email feature 2 8 2 10 Port 396 Netware This configurable port is used when Novell Netware is enabled to run over IP 2 8 2 11 Port 427 SL...

Page 21: ...this port can only open when the http server is active The machine replies back to the http server via this port It sends the reply to the loopback address 127 0 0 0 which is internally routed to the...

Page 22: ...ccess one or any combination of the following services Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Also users can be authorized to access one or any combination...

Page 23: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 23 of 50 Figure 3 1 Authentication and Authorization schematic...

Page 24: ...2000 Windows 2003 This is an option that must be enabled on the device and is used in conjunction with all Network Scanning features Scan to File Scan to E mail internet fax and Scan to Fax Server Th...

Page 25: ...h the router using the IP address of the Domain Controller 2 The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated If 2 is success...

Page 26: ...tication is detailed in subsequent sections 3 3 2 1 Device log on Scanning feature Device behavior Scan to File Public Template The device logs in to the scan repository as set up by the SA in User To...

Page 27: ...ue serial protocol is used to communicate to the alt boot code All commands are DOS type menu driven i e type in a number to start a command If a PSW is connected the application on the PSW cannot be...

Page 28: ...ox proprietary protocol Each packet passing back and forth will have a unique identifier session key with it for authentication and tracking purposes All protocols are API based very little informatio...

Page 29: ...will collect data about the network it is on and transmit the data The CSE is expected to seek permission from the customer before connecting the device to the LAN and performing this diagnostic The N...

Page 30: ...per Ver 2 00 March 2011 Page 30 of 50 3 4 5 Summary As stated above accessibility of customer documents files or network resources is impossible via the PSW In the extremely unlikely event that someon...

Page 31: ...omma separated file format The log does not clear when it is disabled and will persist through power cycles The following table lists the events that are recorded in the log Event ID Event description...

Page 32: ...atus IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 13 Efax Job name User Name Completion Status IIO status Accounting User ID Accoun...

Page 33: ...ice name Device serial number StartupMode enabled disabled System Params Password changed or failed Start Job Password changed or failed Completion Status Success Failed 29 Network User Login UsereNam...

Page 34: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed...

Page 35: ...ion Status Success Failed 63 IPv6 Enable Disable Configure UserName Device Name Device Serial Number Completion Status Success Failed 64 802 1x Enable Disable Configure UserName Device Name Device Ser...

Page 36: ...er net destination net destination 7 Server fax job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbe...

Page 37: ...Status 20 Scan to Mailbox job Job name or Dir name User Name Completion Status IIO status 21 Delete File Dir Job name or Dir name User Name Completion Status IIO status 22 USB Thumbdrive UserName Devi...

Page 38: ...number IIO Status enabled or disabled 35 SA pin changed UserName Device name Device serial number Completion status 36 Audit log Transfer UserName Device name Device serial number Completion status 3...

Page 39: ...ice XSA tracks copy scan including filing and email print and fax usage by individual user1 The system administrator can enable disable the feature via the LUI or Web UI add or delete users and set us...

Page 40: ...xy server on the customer s network The proxy server address is set up using the WebUI 4 4 Encrypted Partitions When enabled by the customer the controller disk is encrypted using the AES algorithm wi...

Page 41: ...successfully status is displayed in the Job Queue However if IIO fails a popup will appear on the Local UI recommending that the user run ODIO and a failure sheet will be printed ODIO may be invoked e...

Page 42: ...losure Paper Ver 2 00 March 2011 Page 42 of 50 5 Responses to Known Vulnerabilities 5 1 Security Xerox www xerox com security Xerox maintains an evergreen public web page that contains the latest secu...

Page 43: ...tocol GB Gigabyte HP Hewlett Packard HTTP Hypertext transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax...

Page 44: ...tive for PSW RFC Required Functional Capability SA System Administrator SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Disco...

Page 45: ...ensors hence can only support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be su...

Page 46: ...veats limited local UI messaging captured within table C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver...

Page 47: ...w type 2 enumerations from next generation Host Resources MIB supported optional not support because Host Resources MIBv2 has NOT entered the standards track New type 2 enumerations from next generati...

Page 48: ...tworks 894 Standard for the transmission of IP datagrams over IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Pro...

Page 49: ...Page 49 of 50 Function RFC Standard Document Printing Application DPA 10175 Appletalk Inside Appletalk Second Edition Printing Description Languages Postscript Language Reference Third Edition PCL6 P...

Page 50: ...65 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 50 of 50 6 4 Appendix E References Kerberos FAQ http www nrl navy mil CCS people kenh kerberos faq html IP port numbers htt...

Reviews: