Contents - security guide
- Table Of Contents
- Table Of Contents
- Table Of Contents
- November 2018
- Introduction
- Product Description
- User Interface
- MB Ethernet RJ-45 Network Connector
- User Data Protection
- User Data in transit
- Scanning to User Local USB Storage Product
- Network Security
- Network Encryption
- Wireless 802.11 Wi-Fi Protected Access (WPA)
- Public Key Encryption (PKI)
- Trusted Certificates
- Certificate Validation
- Network Access Control
- Contextual Endpoint Connection Management
- IP Whitelisting (IP Address Filtering)
- Device Security: BIOS, Firmware, OS, Runtime, and Operational security controls
- Fail Secure Vs Fail Safe
- Runtime Security
- Service Technician (CSE) Access Restriction
- Configuration & Security Policy Management Solutions
- Identification, Authentication, and Authorization
- Network Authentication
- Simple Authentication (non-secure)
- Additional Information & Resources
- Appendix A: Product Security Profiles
- AltaLink® B8045/B8055/B8065/B8075/B8090
- AltaLink® C8030 / C8035 / C8045 / C8055 / C8070
- VersaLink® B7025, B7030 B7035
- VersaLink® C7000, C7020, C7025, C7030
- VersaLink® B400, B405
- VersaLink® C500, C600, C505, C605
- VersaLink® B600, B605, B610, B615
- VersaLink® C8000, C9000
- Appendix B: Security Events
- VersaLink® Security Events
|
Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®November 2018 Page 93 User Data ProtectionXerox printers and multifunction products receive, process, and may optionally store user data fromseveral sources including as local print, scan, fax, or copy jobs or mobile and cloud applications, etc.Xerox products protect user data being processed by employing strong encryption. When the data is nolonger needed, the Image Overwrite (IIO) feature automatically erases and overwrites the data onmagnetic media, rendering it unrecoverable. As an additional layer of protection, an extension of IIOcalled On-Demand Image Overwrite (ODIO) can be invoked to securely wipe all user data from magneticmedia.User Data protection while within productThis section describes security controls that protect user data while it is resident within the product. For adescription of security controls that protect data in transit please refer to the following section thatdiscusses data in transit; also the Network Security section of this document.EncryptionAll user data being processed or stored to the product is encrypted by default. Note that encryption maybe disabled to enhance performance on AltaLink® products (though this is not recommended in secureenvironments). Xerox VersLink products do not have such an option.The algorithm used in the product is AES-256. The encryption key is automatically created at start upand stored in the RAM. The key is deleted by a power-off, due to the physical characteristics of the RAM.TPM ChipSome models include a Trusted Platform Module (TPM). The TPM is compliant with ISO/IEC 11889, theinternational standard for a secure cryptoprocessor, dedicated to secure cryptographic keys. The TPM isused to securely hold the product storage encryption key. Please refer to Appendix A: Product SecurityProfiles for model specific information.Media Sanitization (Image Overwrite)AltaLink® and VersaLink® products equipped with magnetic hard disk drives are compliant with NISTSpecial Publication 800-88 Rev1: Guidelines for Media Sanitization. User data is securely erased using athree-pass algorithm as described in the following link:https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-88r1.pdfImmediate Image OverwriteWhen enabled, Immediate Image Overwrite (IIO) will overwrites any temporary files that were created onthe magnetic hard disk that may contain user data. The feature provides continuous automaticoverwriting of sensitive data with minimal impact to performance, robust error reporting, and logging viathe Audit Log.On-Demand Image OverwriteComplementing the Immediate Image Overwrite is On-Demand Overwrite (ODIO). While IIO overwritesindividual files, ODIO overwrites entire partitions. The ODIO feature can be invoked at any time andoptionally may be scheduled to run automatically.Note: Solid State storage media such as Solid-State Disk, eMMC, SD-Card, and Flash media cannot be completelysanitized by multi-pass overwriting methods due to the memory wear mapping that occurs. (Additionally, attempts to doso would also greatly erode the operational lifetime of solid state media). Solid State media is therefore notrecommended for use in highly secure environments. Please refer to NIST-800-88 “Table A-8: Flash Memory-BasedStorage Product Sanitization” for technical details.
PreviousNext |