- DL manuals
- Xerox
- All in One Printer
- WORKCENTRE 7755
- Information Manual
Xerox WORKCENTRE 7755 Information Manual
Summary of WORKCENTRE 7755
Page 1
Xerox workcentre 7755/7765/7775 information assurance disclosure paper xerox workcentre ™ 7755/7765/7775 multifunction systems information assurance disclosure paper version 1.0 prepared by: larry kovnat xerox corporation 1350 jefferson road rochester, new york 14623.
Page 2
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 2 ver. 1.01, april 2010 page 2 of 40 ©2010 xerox corporation. All rights reserved. Xerox and the sphere of connectivity design are trademarks of xerox corporation in the united states and/or other counties. Other company trademar...
Page 3
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 3 ver. 1.01, april 2010 page 3 of 40 1. Introduction the workcentre 7755/7765/7775 multifunction systems are among the latest versions of xerox copier and multifunction devices for the general office. 1.1. Purpose the purpose of ...
Page 4
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 4 ver. 1.01, april 2010 page 4 of 40 2. Device description workcentre products consist of two basic modules: a digital copier module that provides conventional copy functions and features, and a network controller that provides t...
Page 5
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 5 ver. 1.01, april 2010 page 5 of 40 fax card image output terminal (also known as marking engine) controller/gui power supply scanner / document handler po we r i nt er fa ce toe int ernal w iring (pr oprietar y) toe internal wi...
Page 6
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 6 ver. 1.01, april 2010 page 6 of 40 security function subsystem security management controller graphical user interface table 1 security functions allocated to subsystems 2.2. Controller the copy controller and the network contr...
Page 7
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 7 ver. 1.01, april 2010 page 7 of 40 flash 32mb n this is where the system boot code and kernel reside not cleared. Can be modified as part of a sw upgrade process. Sram 512kb n nvm storage for control set points,, configuration ...
Page 8
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 8 ver. 1.01, april 2010 page 8 of 40 scanner video host usb enet sim ttarget usb ui power and video fdi fax line 1 fax line 2 host usb habanero (sbc) figure 2-5 physical map of controller tray external connections table 2-4 copy ...
Page 9
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 9 ver. 1.01, april 2010 page 9 of 40 features. An image overwrite security kit is available which enables both immediate and on-demand overwrite of any temporary image data created on the nc disk. The network controller also inco...
Page 10
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 10 ver. 1.01, april 2010 page 10 of 40 2.4.3. Control and data interfaces scanned images are transmitted from the scanner to the copy controller across a proprietary interface. 2.5. Graphical user interface (gui) 2.5.1. Purpose t...
Page 11
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 11 ver. 1.01, april 2010 page 11 of 40 ip filtering is also provided by the kernel. Figure 2-7 network controller operating system layer components 2.7.3. Network protocols figure 2-3 is an interface diagram depicting the protoco...
Page 12
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 12 ver. 1.01, april 2010 page 12 of 40 figure 2-3 ipv4 network protocol stack.
Page 13
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 13 ver. 1.01, april 2010 page 13 of 40 figure 2-4 ipv6 network protocol stack 2.8. Logical access [multifunction models only] 2.8.1. Network protocols the supported network protocols are listed in appendix d and are implemented t...
Page 14
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 14 ver. 1.01, april 2010 page 14 of 40 otherwise insecure protocol. Snmp traps may not be secure if either the client or the device has just been rebooted. Ip filtering can be useful to prevent snmp calls from non-ipsec clients. ...
Page 15
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 15 ver. 1.01, april 2010 page 15 of 40 the embedded web pages communicate to the machine through a set of unique apis and do not have direct access to machine information: the http port can only access the http server residing in...
Page 16
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 16 ver. 1.01, april 2010 page 16 of 40 timeout (the usual default is 12 hours) or until the user removes it (prior to the timeout period). In the xerox implementation, all traces of authentication of the user are removed once the...
Page 17
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 17 ver. 1.01, april 2010 page 17 of 40 2.8.2.11. Port 427, slp when activated, this port is used for service discovery and advertisement. The device will advertise itself as a printer and also listen for slp queries using this po...
Page 18
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 18 ver. 1.01, april 2010 page 18 of 40 3. System access 3.1. Authentication model the authentication model allows for both local and network authentication and authorization. In the local and network cases, authentication and aut...
Page 19
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 19 ver. 1.01, april 2010 page 19 of 40 figure 3-1 authentication and authorization schematic.
Page 20
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 20 ver. 1.01, april 2010 page 20 of 40 3.2. Login and authentication methods there are a number of methods for different types of users to be authenticated. In addition, the connected versions of the product also log into remote ...
Page 21
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 21 ver. 1.01, april 2010 page 21 of 40 2) the domain controller responds back to the device through the router whether or not the user was successfully authenticated. If (2) is successful, steps 3 – 5 proceed as described in 4 - ...
Page 22
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 22 ver. 1.01, april 2010 page 22 of 40 3.3. System accounts 3.3.1. Printing [multifunction models only] the device may be set up to connect to a print queue maintained on a remote print server. The login name and password are sen...
Page 23
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 23 ver. 1.01, april 2010 page 23 of 40 3.4.2. Alternate boot via network controller serial port alternate boot (alt-boot) is a means for the portable service workstation (psw) to directly connect to the network controller. The pr...
Page 24
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 24 ver. 1.01, april 2010 page 24 of 40 the communication process uses a xerox proprietary protocol. Each packet passing back and forth will have a unique identifier (session key) with it for authentication and tracking purposes. ...
Page 25
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 25 ver. 1.01, april 2010 page 25 of 40 • server name • server internal network number • server node (media access control) address • server nos version number • hop count to device (local net) the ip test will collect data from a...
Page 26
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 26 ver. 1.01, april 2010 page 26 of 40 4. Security aspects of selected features 4.1. Audit log the device maintains a security audit log. Recording of security audit log data can be enabled or disabled by the sa. The audit log is...
Page 27
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 27 ver. 1.01, april 2010 page 27 of 40 tagged index event id event description entry data net-destination. 8 8 ifax job name user name completion status iio status accounting user id accounting account id total-number-of-smtp-rec...
Page 28
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 28 ver. 1.01, april 2010 page 28 of 40 tagged index event id event description entry data completion status (success or failed). 28 34 iio feature status username device name device serial number iio status (enabled or disabled) ...
Page 29
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 29 ver. 1.01, april 2010 page 29 of 40 tagged index event id event description entry data 45 51 odio scheduled device name device serial number odio type (full or standard) scheduled time odio status (started/completed/canceled) ...
Page 30
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 30 ver. 1.01, april 2010 page 30 of 40 4.4. Encrypted partitions the network controller disk is encrypted using the aes algorithm with a 128-bit key. The key is generated dynamically on each boot, and is kept only in volatile mem...
Page 31
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 31 ver. 1.01, april 2010 page 31 of 40 please note that invocation of odio will cause currently processing print jobs to be aborted. However, scan jobs will not be aborted and so odio might fail. The user should insure that all s...
Page 32
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 32 ver. 1.01, april 2010 page 32 of 40 5. Responses to known vulnerabilities 5.1. Security @ xerox (www.Xerox.Com/security) xerox maintains an evergreen public web page that contains the latest security information pertaining to ...
Page 33
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 33 ver. 1.01, april 2010 page 33 of 40 6. Appendices 6.1. Appendix a – abbreviations adf automatic document feeder aha advanced hardware architecture, a proprietary compression api application programming interface amr automatic ...
Page 34
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 34 ver. 1.01, april 2010 page 34 of 40 mib management information base n/a not applicable nc network controller ndps novell distributed print services netbeui netbios extended user interface netbios network basic input/output sys...
Page 35
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 35 ver. 1.01, april 2010 page 35 of 40 6.2. Appendix b – supported mib objects notes : (1) the number of objects shown per mib group represents the number of objects defined by the ietf standard for that mib group. It does not re...
Page 36
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 36 ver. 1.01, april 2010 page 36 of 40 rfc 1759 - printer mib group workcentre rfc 1213 - system group supported rfc 1213 - interface group supported rfc 1514 - storage group supported rfc 1514 - device group supported general gr...
Page 37
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 37 ver. 1.01, april 2010 page 37 of 40 rfc 1213 - mib-ii for tcp/ip group workcentre egp group [ 20 objects ] not applicable because exterior gateway protocol not supported by machine transmission group [ 0 objects ] not applicab...
Page 38
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 38 ver. 1.01, april 2010 page 38 of 40 6.3. Appendix c –standards network controller hardware pci specification (pci local bus specification revision 2.1) 100 megabit ethernet (ieee 802.3) universal serial bus 1.1 parallel (ieee ...
Page 39
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 39 ver. 1.01, april 2010 page 39 of 40 function rfc/standard document printing application (dpa) 10175 appletalk inside appletalk, second edition printing description languages postscript language reference, third edition pcl6 (p...
Page 40
Xerox workcentre 7755/7765/7775 information assurance disclosure paper 40 ver. 1.01, april 2010 page 40 of 40 6.4. Appendix e – references kerberos faq http://www.Nrl.Navy.Mil/ccs/people/kenh/kerber os-faq.Html ip port numbers http://www.Iana.Org/assignments/port-numbers.