Xerox WORKCENTRE 5135 Secure Installation And Operation - page 5
4
14. Change the Tools password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Tools password to a minimum length of eight alphanumeric characters, (2) change the
Tools password once a month and (3) ensure that all passwords are strong passwords (e.g., passwords use a combination of
alphanumeric and non-alphanumeric characters; passwords don’t use common names or phrases, etc.).
For directions on how to change the Tools password from the Local User Interface, select the:
• Reference Æ Security Æ Authentication and Authorization Æ Administrator Authentication tabs/buttons in the System
Administration (SA) CD
1
For directions on how to change the Tools password from the Web User Interface, select the:
• Reference Æ Security Æ Authentication and Authorization Æ Authentication Configuration Æ Device System
Administrator Password tabs/buttons in the System Administration (SA) CD
1
Note: Any references or statements in the
SA CD1
1
or the
Interactive User Guide CD2
2
to “WorkCentre 56xx” or “56xx” apply without
exception or change to the WorkCentre™ 5135/5150.
Additional Secure Configuration Installation, Setup and Operation Guidelines
1. Xerox recommends the following when utilizing Secure Sockets Layer (SSL) for secure scanning on a WorkCentre™ 5135/5150:
• SSL should be enabled and used for secure transmission of scan jobs from a WorkCentre™ 5135/5150.
• When storing scanned images to a remote repository using an https: connection, a Trusted Certificate Authority certificate
should be uploaded to the device so the device can verify the certificate provided by the remote repository.
• When an SSL certificate for a remote SSL repository fails its validation checks the associated scan job will be deleted and
not transferred to the remote SSL repository. The System Administrator should be aware that in this case the job status
reported in the Completed Job Log for this job will read: “Job could not be sent as a connection to the server could not be
established”.
2. If the use of SNMPv3 is desired, it can be set up by following these instructions:
SNMPv3 cannot be enabled until SSL (Secure Sockets Layer) and HTTPS (SSL) are enabled on the machine.
• At the WebUI, select the Properties tab.
• Select the following entries from the Properties 'Content menu’: Connectivity Æ Protocols Æ SNMP. This will display the
SNMP Configuration page.
• Select the Enable SNMP v3 Protocolcheckbox inside the SNMP Properties group box.
• Select the Edit SNMP v3 Properties button inside the SNMP Properties group box. This will cause the Edit SNMP v3 Properties
page to be displayed.
• On the Edit SNMP v3 Properties page:
• Select the Account Enabled button inside the Administrator Account group box to create an administrator account.
• Enter the desired Username and Authentication Password. The Authentication Password must be at least 8
alphanumeric characters.
• Enter the desired Privacy Password of at least 8 alphanumeric characters.
• Select the Account Enabled button inside the Print Drivers Account group box to create an account for bi-directional
print drivers / Xerox remote clients.
• Select the [Apply] button. This will create an administrator account and save the indicated settings/passwords. After
saving the changes the SNMP Configuration pagewill be redisplayed.
Once SNMPv3 is enabled, SSL can be disabled and SNMPv3 will still function properly.
3. Xerox recommends that the System Administrator change the SNMP v1/v2c public/private community strings from their default
string names to random string names.
4. Xerox strongly recommends that IPSec should be used for secure printing only; HTTPS (SSL) should be used to secure scanning.
Note: IPSec is not available for either the AppleTalk protocol or the Novell protocol with the ‘IPX’ filing transport. IPSec also
does not protect the IPv6 protocol. .
5. Before upgrading software on a WorkCentre™ 5135/5150 Multifunction System via the Manual/Automatic Customer Software
Upgrade, please check for the latest certified software versions. Otherwise, the machine may not remain in its certified
configuration. To maintain the certified configuration, it is recommended that acceptance of customer software upgrades via
the network be turned off/disabled on both the Local UI (Customer Software Upgrade screen) and the Web UI (Upgrade web
page).