Secure Installation and Operation of
Your CopyCentreTM C65/C75/C90 or
WorkCentreTM Pro 65/75/90
Document version 1.3
Last revised: 12/20/04
Secure Installation and Operation of Your CopyCentreTM C65/C75/C90 or
WorkCentreTM Pro 65/75/90
Purpose and Audience
This document provides information on the secure installation and operation of a CopyCentre™ C65/C75/C90 Copier or
WorkCentre™ Pro 65/75/90 Advanced Multifunction System. All customers, but particularly those concerned with secure
installation and operation of these machines, should follow these guidelines.
Overview
This document lists some important customer information and guidelines that will ensure that your CopyCentre™
C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90 Advanced Multifunction System is operated and maintained in a
secure manner.
Background
The CopyCentre™ C65/C75/C90 Copier and WorkCentre™ Pro 65/75/90 Advanced Multifunction System are currently
undergoing Common Criteria evaluation. The information provided here is consistent with the security functional claims
made in the Security Target. Upon completion of the evaluation, the Security Target will be available from the National
Information Assurance Partnership website (http://www.niap.nist.gov/), Validated Products list or from your Xerox
representative.
Details
For secure installation, setup and operation of a CopyCentre™ C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90
Advanced Multifunction System please follow these guidelines:
1. Change the Tools password as soon as possible. Reset the Tools password periodically.
Xerox recommends that you (1) set the Tools password to a minimum length of eight digits and (2) change the Tools
password once a month. For directions on how to change the Tools password select the:
•
Internet Services Æ Overview Æ How to Change the Administrator Password tabs in the System
Administration (SA) CD1
2. For customers concerned about document files on the Copy Controller and Network Controller hard disk drives, an
Image Overwrite Security package option containing the Immediate Image Overwrite and On Demand Image
Overwrite security features must be purchased and properly configured, installed and enabled. Please follow the
applicable instructions contained in the Optional Features Æ Image Overwrite Security tab in the System
Administration CD1 for proper installation and enablement of Immediate Image Overwrite and On Demand Image
Overwrite2.
Notes:
•
For a copy job ‘Overwriting’ may not appear as a status for that job on any Incomplete Job Queue screen while
the machine processes the job, even though Immediate Image Overwrite of that job is being performed.
•
Immediate Image Overwrite, once enabled, automatically overwrites the image data created by a print, network
scan, scan-to-email, or network fax job on the Network Controller and Copy Controller Hard Disks or created by
a copy job on the Copy Controller Hard Disk. The machine will only print jobs with valid print types (Postscript,
PCL, TIFF, text or PDF). An illegal print job of any other type will not be printed. However, Immediate Image
Overwrite will attempt to execute for an illegal print job. This could result in an erroneous ‘unsuccessful’
Immediate Image Overwrite status in the Complete Job Log for the job in question.
1 WorkCentre Pro 65/75/90 System Administration CD1
2 On Demand Image Overwrite is either factory-installed or can only be installed in the field by a Xerox Customer
Service Engineer.
© 2004 Xerox Corporation. All rights reserved.
Page 1 of 4
Secure Installation and Operation of
Your CopyCentreTM C65/C75/C90 or
WorkCentreTM Pro 65/75/90
Document version 1.3
Last revised: 12/20/04
6. A reboot of the system software for a WorkCentre™ Pro 65/75/90 Advanced Multifunction System machine is
necessary before a change made to the System Administrator password from the Local User Interface will be
synced with and accepted by the Web User Interface. Until this system software reboot occurs, system administrator
functions from the Web User Interface should not be accessed.
7. Caution: A CopyCentre™ C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90 Advanced Multifunction System
allows an authenticated System Administrator to disable functions like Image Overwrite Security that are necessary
for secure operation. System Administrators are advised to periodically review the configuration of all installed
machines in their environment to verify that the proper secure configuration is maintained.
8. If the CopyCentre™ C65/C75/C90 Copier or WorkCentre™ Pro 65/75/90 Advanced Multifunction System has the
external removable hard disk drive cabinet option, it is recommended that when a disk drive is inserted into the
cabinet on the machine the applicable drive bay in the external cabinet be secured by the barrel lock. It is further
recommended that when the disk drives are physically removed from the machine they either be stored in a GSA-
approved security container conforming to National Industrial Security Program (NISP) requirements. Otherwise, the
machine should be contained in a closed area.
9. The following pages are available from the Web User Interface to the WorkCentre™ Pro 65/75/90 Advanced
Multifunction System with System Administrator login and authentication. These pages provide standard system
configuration capability:
•
•
•
Image Settings - Allows the setting of what TIFF JPEG Compression version to use. Is accessible by selecting
the Image Settings tab from the Properties Content menu.
Parallel - Allows enabling and setting the timer for the Parallel Port. Is accessible by selecting the General
Setup Æ Connectivity Æ Physical Connections Æ Parallel tab from the Properties Content menu.
Fax - Allows the review and changing of the settings for submitting a Network Fax job from a user’s client. Is
accessible by selecting the General Setup Æ Services Æ FAX Æ General tab from the Properties Content
menu.
•
Internet Receive Settings – Allows configuration of the various options for inbound Internet messaging. Is
accessible by selecting the General Setup Æ Services Æ Internet Messaging Æ Internet Receive Settings
tab from the Properties Content menu.
© 2004 Xerox Corporation. All rights reserved.
Page 3 of 4
Secure Installation and Operation of
Your CopyCentreTM C65/C75/C90 or
WorkCentreTM Pro 65/75/90
Document version 1.3
Last revised: 12/20/04
10. The following Special Purpose pages are available from the Web User Interface to the WorkCentre™ Pro 65/75/90
Advanced Multifunction System with System Administrator login and authentication. These pages provide additional
system configuration capability:
•
Exported Scan Files - Allows the setting of the PDF encoding format for scanned files. Is accessible by typing
http://{IP Address}4/diagnostics/index.dhtml and then selecting ‘Exported Scan Files’ from the Diagnostics
Content Menu.
•
Raw TCP/IP Printing - Allows the user to enable/disable and modify several attributes for Raw TCP/IP Printing.
Is accessible by typing http://{IP Address}/diagnostics/index.dhtml and then selecting ‘Raw TCP/IP Printing’
from the Diagnostics Content Menu.
•
•
LPR/LPD - Allows the user to enable or disable PDL switching over LPR/LPD. Is accessible by typing http://{IP
Address}/diagnostics/ lprlpdhidden.dhtml.
Secure Print Release All - Allows the user to release all of the user’s secure print jobs at one time with the
same user name and password. Is accessible by typing http://{IP Address}/diagnostics/
secureReleaseAll.dhtml.
•
•
Secure Attribute Editor - Allows the user to change some system attributes related to PDLs (e.g., memory
usage, copies per page, etc.). Is accessible by typing http://{IP Address}/diagnostics/ secureattr.dhtml.
Server Fax Edge Erase - Allows the user to set the desired border edge erase value for a Server Fax job. Is
accessible by typing http://{IP Address}/diagnostics/index.dhtml and then selecting ‘Server Fax Edge
Erase’ from the Diagnostics Content Menu or by typing http://{IP
Address}/diagnostics/serverfaxedgeerase.dhtml.
•
One-Off Features – Allows software enhancements intended for specific customers to be incorporated into a
Network Controller release. Accessible by typing http://{IP Address}/oneoff/{SPAR number}.dhtml, where
{SPAR number} is a number provided by Xerox to the specific customer. Caution: If one-off features are
enabled the machine will not remain in its certified configuration. System Administrators are advised to
have a plan for limiting the deployment of one-off features within their environments.
Contact
For additional information or clarification on any of the product information given here, contact Xerox support.
Disclaimer
The information provided in this Xerox Product Response is provided "as is" without warranty of any kind. Xerox Corporation disclaims all warranties,
either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Xerox Corporation be liable
for any damages whatsoever resulting from user's use or disregard of the information provided in this Xerox Product Response including direct,
indirect, incidental, consequential, loss of business profits or special damages, even if Xerox Corporation has been advised of the possibility of such
damages. Some states do no allow the exclusion or limitation of liability for consequential damages so the foregoing limitation may not apply.
4 {IP Address} is the IP address of the machine
© 2004 Xerox Corporation. All rights reserved.
Page 4 of 4
|