background image

XEROX WorkCentre 

5735/5740/5745/5755/5765/5775/5790 

Information Assurance Disclosure Paper 

 

 

Ver. 2.00, March 2011 

        

Page 

 8 of 50 

Security Function 

Subsystem 

Security Management 

Controller 

Graphical User Interface 

Table 1 Security Functions allocated to Subsystems 

2.2.

 

Controller 

2.2.1.

 

Purpose 

The controller provides both network and direct-connect external interfaces, and enables copy, print, email, network 
scan, server fax, internet FAX, and LanFAX functionality.  Network scanning, server fax, internet fax, and LanFax, are 
standard features.   

NOTE: The Copier only version includes a hard drive which is used to hold Operating System software, printing 
applications, and jam clearance videos.  Job Image data is not stored on this disk. 

Image Overwrite, which is included as a standard feature, enables both Immediate and On-Demand overwrite of any 
temporary image data created on disk.  The controller also incorporates an open-source web server (Apache) that 
exports a Web User Interface (WebUI) through which users can submit jobs and check job and machine status, and 
through which system administrators can remotely administer the machine. 

The controller contains the image path, which uses proprietary hardware and algorithms to process the scanned 
images into high-quality reproductions.  Scanned images may be temporarily buffered in DRAM to enable electronic 
pre-collation, sometimes referred to as scan-once/print-many.  When producing multiple copies of a document, the 
scanned image is processed and buffered in the DRAM in a proprietary format.  Extended buffer space for very large 
documents is provided on the network disk.  The buffered bitmaps are then read from DRAM and sent to the Image 
Output Terminal (IOT) for marking on hardcopy output.  For long documents, the production of hardcopy may begin 
before the entire original is scanned, achieving a level of concurrency between the scan and mark operations. 

The controller operating system is Wind River Linux, kernel v. 2.6.20+.  (Note: Consistent with Flaw Remediation, this 
baseline may be updated as indicated by the ‘+’ sign.  Unnecessary services such as rsh, telnet and finger are disabled 
in the OS. FTP is used in client-only mode by the network scanning feature for the filing of scanned images and the 
retrieval of Scan Templates; however the controller does not contain an FTP server. 

The controller works with the Graphical User Interface (GUI) assembly to provide system configuration functions.  A 
System Administrator PIN must be entered at the GUI in order to access these functions. 

2.2.2.

 

Memory Components 

 

Volatile Memory 

Type (SRAM, DRAM, 
etc) 

Size 

User 
Modifiable 
(Y/N) 

Function or Use 

Process to Sanitize 

DDR2 SDRAM 

Upgradeable to 

1GB 

2GB 

Single Board Controller   

(System and user image stored) 

Subsequent jobs overwrite 
the data and all images are 
lost at power off or reboot. 

Additional Information:

  

There are also a number of RAM buffers in the video path that are used for image 

manipulation (Reduce/Enlarge, etc.), and all have no data retention capability. When power is removed all data is lost. 
These buffers are typically built into the ASICs. Typical bleed down time for all volatile memory is 10 seconds.

 

 

Summary of Contents for WORKCENTRE 5735

Page 1: ...Xerox WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Version 2 0 Prepared by Larry Kovnat Xerox Corporation 1350 Jefferson Road Rochester New York 14623...

Page 2: ...Paper Ver 2 00 March 2011 Page 2 of 50 2010 Xerox Corporation All rights reserved Xerox and the sphere of connectivity design are trademarks of Xerox Corporation in the United States and or other cou...

Page 3: ...onnections 10 2 2 4 USB Ports 10 2 2 Fax Module 11 2 3 1 Purpose 11 2 3 2 Hardware 11 2 4 Scanner 11 2 4 1 Purpose 11 2 4 2 Hardware 11 2 5 Graphical User Interface GUI 12 2 5 1 Purpose 12 2 5 2 Hardw...

Page 4: ...figurations 27 3 4 2 Alternate Boot via Serial Port 27 3 4 3 tty Mode 27 3 4 4 Diagnostics via Portable Service Workstation PSW Port 27 3 4 5 Summary 30 4 SECURITY ASPECTS OF SELECTED FEATURES 31 4 1...

Page 5: ...m Xerox customers of the design functions and features of the WorkCentre products relative to Information Assurance IA This document does NOT provide tutorial level information about security connecti...

Page 6: ...ngine including paper path controller and user interface Figure 2 1 WorkCentre Multifunction System 2 1 Security relevant Subsystems 2 1 1 Physical Partitioning The security relevant subsystems of the...

Page 7: ...bsystems Security Function Subsystem Image Overwrite Controller Graphical User Interface System Authentication Controller Graphical User Interface Network Authentication Controller Graphical User Inte...

Page 8: ...processed and buffered in the DRAM in a proprietary format Extended buffer space for very large documents is provided on the network disk The buffered bitmaps are then read from DRAM and sent to the...

Page 9: ...low level I O control Some examples of this distributed control are Power distribution Photoreceptor and main drive motors control Raster Output Scanner ROS Paper Registration Finisher Table 2 Contro...

Page 10: ...ol hardware Table 4 Controller External Connections 2 2 4 USB Ports The WorkCentre contains a host connector for a USB flash drive enabling upload of software upgrades and download of network logs or...

Page 11: ...d configuration information No user or job data is permanently stored in this location Non Volatile Memory Description Type Flash EEPROM etc Size User Modifiable Y N Function or Use Process to Clear F...

Page 12: ...nd hard button actuations and provides text and graphical prompts to the user The GUI is sometimes referred to as the Local UI LUI to distinguish it from the WebUI which is exported by the web service...

Page 13: ...erfaces Images and control signals are transmitted from the copy controller to the marking engine across a proprietary interface 2 7 System Software Structure 2 7 1 Open source components Open source...

Page 14: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 14 of 50 Figure 2 4 Controller Operating System layer components...

Page 15: ...ation Assurance Disclosure Paper Ver 2 00 March 2011 Page 15 of 50 2 7 3 Network Protocols Figure 2 5 is an interface diagram depicting the protocol stacks supported by the device annotated according...

Page 16: ...tween a client and the device A shared secret is used to encrypt the traffic flowing through this tunnel SSL must be enabled in order to set up the shared secret When an IPSec tunnel is established be...

Page 17: ...SLP 443 TCP SSL 515 TCP LPR 631 TCP IPP 1900 UDP SSDP 3003 TCP http SNMP reply 9100 TCP raw IP Table 9 Network Ports Please note that there is no ftp port in this list ftp is only used to export scann...

Page 18: ...ly host the web pages resident on the hard disk of the device It does not and cannot act as a proxy server to get outside of the network the device resides on Hence the server cannot access any networ...

Page 19: ...h time someone could reverse engineer the authentication and gain access to the network With the 5 minute timeout the person has just 5 minutes to reverse engineer the authentication and the key befor...

Page 20: ...tandard LDAP port used for address book queries in the Scan to Email feature 2 8 2 10 Port 396 Netware This configurable port is used when Novell Netware is enabled to run over IP 2 8 2 11 Port 427 SL...

Page 21: ...this port can only open when the http server is active The machine replies back to the http server via this port It sends the reply to the loopback address 127 0 0 0 which is internally routed to the...

Page 22: ...ccess one or any combination of the following services Copy Fax Server Fax Reprint Saved Jobs Email Internet Fax Workflow Scanning Server Also users can be authorized to access one or any combination...

Page 23: ...XEROX WorkCentre 5735 5740 5745 5755 5765 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 23 of 50 Figure 3 1 Authentication and Authorization schematic...

Page 24: ...2000 Windows 2003 This is an option that must be enabled on the device and is used in conjunction with all Network Scanning features Scan to File Scan to E mail internet fax and Scan to Fax Server Th...

Page 25: ...h the router using the IP address of the Domain Controller 2 The Domain Controller responds back to the device through the router whether or not the user was successfully authenticated If 2 is success...

Page 26: ...tication is detailed in subsequent sections 3 3 2 1 Device log on Scanning feature Device behavior Scan to File Public Template The device logs in to the scan repository as set up by the SA in User To...

Page 27: ...ue serial protocol is used to communicate to the alt boot code All commands are DOS type menu driven i e type in a number to start a command If a PSW is connected the application on the PSW cannot be...

Page 28: ...ox proprietary protocol Each packet passing back and forth will have a unique identifier session key with it for authentication and tracking purposes All protocols are API based very little informatio...

Page 29: ...will collect data about the network it is on and transmit the data The CSE is expected to seek permission from the customer before connecting the device to the LAN and performing this diagnostic The N...

Page 30: ...per Ver 2 00 March 2011 Page 30 of 50 3 4 5 Summary As stated above accessibility of customer documents files or network resources is impossible via the PSW In the extremely unlikely event that someon...

Page 31: ...omma separated file format The log does not clear when it is disabled and will persist through power cycles The following table lists the events that are recorded in the log Event ID Event description...

Page 32: ...atus IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbers 13 Efax Job name User Name Completion Status IIO status Accounting User ID Accoun...

Page 33: ...ice name Device serial number StartupMode enabled disabled System Params Password changed or failed Start Job Password changed or failed Completion Status Success Failed 29 Network User Login UsereNam...

Page 34: ...Enabled Disabled 43 Device clock UserName Device name Device serial number Completion Status time changed date changed 44 SW upgrade Device name Device serial number Completion Status Success Failed...

Page 35: ...ion Status Success Failed 63 IPv6 Enable Disable Configure UserName Device Name Device Serial Number Completion Status Success Failed 64 802 1x Enable Disable Configure UserName Device Name Device Ser...

Page 36: ...er net destination net destination 7 Server fax job Job name User Name Completion Status IIO status Accounting User ID Accounting Account ID Total fax recipient phone numbers fax recipient phone numbe...

Page 37: ...Status 20 Scan to Mailbox job Job name or Dir name User Name Completion Status IIO status 21 Delete File Dir Job name or Dir name User Name Completion Status IIO status 22 USB Thumbdrive UserName Devi...

Page 38: ...number IIO Status enabled or disabled 35 SA pin changed UserName Device name Device serial number Completion status 36 Audit log Transfer UserName Device name Device serial number Completion status 3...

Page 39: ...ice XSA tracks copy scan including filing and email print and fax usage by individual user1 The system administrator can enable disable the feature via the LUI or Web UI add or delete users and set us...

Page 40: ...xy server on the customer s network The proxy server address is set up using the WebUI 4 4 Encrypted Partitions When enabled by the customer the controller disk is encrypted using the AES algorithm wi...

Page 41: ...successfully status is displayed in the Job Queue However if IIO fails a popup will appear on the Local UI recommending that the user run ODIO and a failure sheet will be printed ODIO may be invoked e...

Page 42: ...losure Paper Ver 2 00 March 2011 Page 42 of 50 5 Responses to Known Vulnerabilities 5 1 Security Xerox www xerox com security Xerox maintains an evergreen public web page that contains the latest secu...

Page 43: ...tocol GB Gigabyte HP Hewlett Packard HTTP Hypertext transfer protocol IBM International Business Machines ICMP Internet Control Message Protocol IETF Internet Engineering Task Force IFAX Internet Fax...

Page 44: ...tive for PSW RFC Required Functional Capability SA System Administrator SLP Service Location Protocol SNMP Simple Network Management Protocol SRAM Static Random Access Memory SSDP Simple Service Disco...

Page 45: ...ensors hence can only support 0 or 3 for more than 1 sheet for prtInputCurrentLevel will be considered a caveat denoted as C 6 The Printer MIB requires a few groups from RFC 1213 and RFC 1514 to be su...

Page 46: ...veats limited local UI messaging captured within table C local UI button selection messages are not captured within table Console Display Light group 5 objects supported w caveats only the Power Saver...

Page 47: ...w type 2 enumerations from next generation Host Resources MIB supported optional not support because Host Resources MIBv2 has NOT entered the standards track New type 2 enumerations from next generati...

Page 48: ...tworks 894 Standard for the transmission of IP datagrams over IEEE802 networks 1042 ICMP ICMP Echo ICMP Time ICMP Echo Reply and ICMP Destination Unreachable message 792 Reverse Address Resolution Pro...

Page 49: ...Page 49 of 50 Function RFC Standard Document Printing Application DPA 10175 Appletalk Inside Appletalk Second Edition Printing Description Languages Postscript Language Reference Third Edition PCL6 P...

Page 50: ...65 5775 5790 Information Assurance Disclosure Paper Ver 2 00 March 2011 Page 50 of 50 6 4 Appendix E References Kerberos FAQ http www nrl navy mil CCS people kenh kerberos faq html IP port numbers htt...

Reviews: