Secure Installation and Operation of
Your WorkCentreTM M35/M45/M55 or
WorkCentreTM Pro 35/45/55
Document version 1.13
Last revised: 12/20/04
Secure Installation and Operation of Your WorkCentreTM M35/M45/M55 or
WorkCentreTM Pro 35/45/55
Purpose and Audience
This document provides information on the secure installation and operation of a WorkCentre™ M35/M45/M55 Copier-
Printer or WorkCentre™ Pro 35/45/55 Advanced Multifunction System. All customers, but particularly those concerned
with secure installation and operation of these machines, should follow these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your WorkCentre™
M35/M45/M55 Copier-Printer or WorkCentre™ Pro 35/45/55 Advanced Multifunction System is operated and maintained
in a secure manner.
Background
The WorkCentre™ M35/M45/M55 Copier-Printer and WorkCentre™ Pro 35/45/55 Advanced Multifunction System are
currently undergoing Common Criteria evaluation. The information provided here is consistent with the security
functional claims made in the Security Target. Upon completion of the evaluation, the Security Target will be available
from the National Information Assurance Partnership website (http://www.niap.nist.gov/), Validated Products list or from
your Xerox representative.
Details
For secure installation, setup and operation of a WorkCentre™ M35/M45/M55 Copier-Printer or WorkCentre™ Pro
35/45/55 Advanced Multifunction System please follow these guidelines:
1. Change the Tools password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Tools password to a minimum length of eight digits and (2) change the Tools
password once a month. For directions on how to change the Tools password select either the:
•
•
Reference Æ Machine Tools Æ Password tabs in the System Administration (SA) CD1 or
Tutorials Æ Machine Administration Æ Accessing Tools Pathway tabs in the User’s Guide2.
2. For customers concerned about document files on the network controller hard disk drive, the Image Overwrite
Security (IOS) option containing the Immediate Image Overwrite and On Demand Image Overwrite security features
must be purchased and properly configured, installed and enabled. Please follow the applicable instructions in the
Installation Æ Options Æ Installation tab in the System Administration (SA) CD1 for proper installation and
enablement of Immediate Image Overwrite and On Demand Image Overwrite.
Notes:
•
Immediate Image Overwrite, once enabled, automatically overwrites the image data created by a print or scan
job on the Network Controller Hard Disk. The machine will only print jobs with valid print types (Postscript, PCL,
TIFF, text of PDF). An illegal print job of any other type will not be printed. However, Immediate Image
Overwrite will attempt to execute for an illegal print job. This could result in an erroneous ‘unsuccessful’
Immediate Image Overwrite status in the Complete Job Log for the job in question.
Canceling of either a legal or illegal print job from a remote client, if done quickly after submission, could also
result in an erroneous ‘unsuccessful’ Immediate Image Overwrite status in the Complete Job Log for the job in
question. Finally, closing the connection to Port 9100 without sending any data through the port could result in
an erroneous ‘unsuccessful’ Immediate Image Overwrite status in the Complete Job Log.
1 CopyCentre C35/C45/C55 WorkCentre M35/M45/M55 WorkCentre Pro 35/45/55 System Administration CD1, Document Number
538E08770
2 CopyCentre C35/C45/C55 WorkCentre M35/M45/M55 WorkCentre Pro 35/45/55 Training and Information CD2, Document Number
538E08780
© 2004 Xerox Corporation. All rights reserved.
Page 1 of 3
Secure Installation and Operation of
Your WorkCentreTM M35/M45/M55 or
WorkCentreTM Pro 35/45/55
Document version 1.13
Last revised: 12/20/04
7. A reboot of the system software for a WorkCentre™ M35/M45/M55 Copier-Printer or WorkCentre™ Pro 35/45/55
Advanced Multifunction System machine is necessary before a change made to the System Administrator password
from the Local User Interface will be synced with and accepted by the Web User Interface. Until this system
software reboot occurs, System Administrator functions from the Web User Interface should not be accessed.
8. Caution: A WorkCentre™ M35/M45/M55 Copier-Printer or WorkCentre™ Pro 35/45/55 Advanced Multifunction
System allows an authenticated System Administrator to disable functions like Image Overwrite Security that are
necessary for secure operation. System Administrators are advised to periodically review the configuration of all
installed machines in their environment to verify that the proper secure configuration is maintained.
9. The following Special Purpose pages are available from the Web User Interface with System Administrator login and
authentication: These pages provide additional system configuration capability
•
Exported Scan Files - Allows the setting of the PDF encoding format for scanned files. Is accessible by typing
http://{IP Address}3/diagnostics/index.dhtml and then selecting ‘Exported Scan Files’ from the Diagnostics
Content Menu.
•
Raw TCP/IP Printing - Allows the user to enable/disable and modify several attributes for Raw TCP/IP Printing.
Is accessible by typing http://{IP Address}/diagnostics/index.dhtml and then selecting ‘Raw TCP/IP Printing’
from the Diagnostics Content Menu.
•
•
•
LPR/LPD - Allows the user to enable or disable PDL switching over LPR/LPD. Is accessible by typing http://{IP
Address}/diagnostics/ lprlpdhidden.dhtml.
This item is deleted. SC Log - Displays a read-only list of the last 50 entries in the Network Controller System
Secure Print Release All - Allows the user to release all of the user’s secure print jobs at one time with the
same user name and password. Is accessible by typing http://{IP Address}/diagnostics/
secureReleaseAll.dhtml.
•
•
Secure Attribute Editor - Allows the user to change some system attributes related to PDLs (e.g., memory
usage, copies per page, etc.). Is accessible by typing http://{IP Address}/diagnostics/ secureattr.dhtml.
Sever Fax Edge Erase - Allows the user to set the desired border edge erase value for a Server Fax job. Is
accessible by typing http://{IP Address}/diagnostics/index.dhtml and then selecting ‘Server Fax Edge
Erase’ from the Diagnostics Content Menu or by typing
Contact
For additional information or clarification on any of the product information given here, contact Xerox support.
Disclaimer
The information provided in this Xerox Product Response is provided "as is" without warranty of any kind. Xerox Corporation disclaims all warranties,
either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Xerox Corporation be liable
for any damages whatsoever resulting from user's use or disregard of the information provided in this Xerox Product Response including direct,
indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such
damages. Some states do no allow the exclusion or limitation of liability for consequential damages so the foregoing limitation may not apply.
3 {IP Address} is the IP address of the machine
© 2004 Xerox Corporation. All rights reserved.
Page 3 of 3
|