Contents - security guide
- Table Of Contents
- Table Of Contents
- Table Of Contents
- November 2018
- Introduction
- Product Description
- User Interface
- MB Ethernet RJ-45 Network Connector
- User Data Protection
- User Data in transit
- Scanning to User Local USB Storage Product
- Network Security
- Network Encryption
- Wireless 802.11 Wi-Fi Protected Access (WPA)
- Public Key Encryption (PKI)
- Trusted Certificates
- Certificate Validation
- Network Access Control
- Contextual Endpoint Connection Management
- IP Whitelisting (IP Address Filtering)
- Device Security: BIOS, Firmware, OS, Runtime, and Operational security controls
- Fail Secure Vs Fail Safe
- Runtime Security
- Service Technician (CSE) Access Restriction
- Configuration & Security Policy Management Solutions
- Identification, Authentication, and Authorization
- Network Authentication
- Simple Authentication (non-secure)
- Additional Information & Resources
- Appendix A: Product Security Profiles
- AltaLink® B8045/B8055/B8065/B8075/B8090
- AltaLink® C8030 / C8035 / C8045 / C8055 / C8070
- VersaLink® B7025, B7030 B7035
- VersaLink® C7000, C7020, C7025, C7030
- VersaLink® B400, B405
- VersaLink® C500, C600, C505, C605
- VersaLink® B600, B605, B610, B615
- VersaLink® C8000, C9000
- Appendix B: Security Events
- VersaLink® Security Events
|
Xerox® Security Guide for Office Class Products: AltaLink® VersaLink®November 2018 Page 24thumb drive. This ability can be restricted by enabling the Customer Service Engineer Restriction featurewhich will require entry of a unique, customer designated password in order to accept the update. Network Firmware Update:Product system administrators can update product firmware using the Embedded Web Server.The ability to apply a firmware update is restricted to roles with system administrator or Xerox servicepermissions. Firmware updates can be disabled by a system administrator. Xerox Remote Services Firmware Update:Xerox Remote Services can update product firmware securely over the internet using HTTPS. Thisfeature can be disabled, scheduled, and includes optional email alerts for system administrators.Service Technician (CSE) Access RestrictionThe CSE (Customer Service Engineer) Access Restriction allows customers to create an additionalpassword that is independent of existing administrator passwords. This password must be supplied toallow service of the product. This password is not accessible to Xerox support and cannot be reset byXerox service personnel.Additional Service DetailsXerox products are serviced by a tool referred to as the Portable Service Workstation (PWS). Only Xeroxauthorized service technicians are granted access to the PSW. Customer documents or files cannot beaccessed during a diagnostic session, nor are network servers accessible through this port. If a networkconnection is required while servicing a Xerox device, service technicians will remove the device from anyconnected networks. The technician will then connect directly to the device using an Ethernet cable,creating a physically secure and isolated network during service operations.Backup & Restore (Cloning)Certain system settings can be captured in a ‘clone’ file that may be applied to other systems that are thesame model. Clone files are encoded but not encrypted and have the potential to contain sensitiveinformation depending on which product feature setting is selected. Access to both create and apply aclone file can be restricted using role-based access controls. Clone files can only be created and appliedthrough the Embedded Web Server.EIP ApplicationsXerox products can offer additional functionality through the Xerox Extensible Interface Platform (EIP).Third party vendors can create Apps that extend the functionality of a product. Xerox signs EIPapplications that are developed by Xerox or Xerox partners. Products can be configured to preventinstallation of unauthorized EIP applications.XCP (eXtensible Customizable Platform)VersaLink® products offer additional functionality through the eXtensible Customizable Platform (XCP)plug-in interface. Plug-ins can alter current functionality and add new functionality that may impact thesecurity of the product. XCP Plug-ins are signed and encrypted by Xerox; products can be configured toreject unsigned plug-ins. XCP plug-ins are used to support USB peripherals and alternative loginmethods (such as Smart Card login). The XCP plug-in feature is disabled by default and must bemanually enabled by a system administrator using the embedded web server.
PreviousNext |