Xerox 6180N FreeFlow® Print Server Security Guide

Xerox 6180N - Phaser Color Laser Printer Manual

Get Xerox 6180N - Phaser Color Laser Printer PDF manuals and user guides
UPC - 095205425307
View all Xerox 6180N manuals
Add to My Manuals
Save this manual to your list of manuals

Xerox 6180N manual content summary:

  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 1
    Version 6.0, January 2007 701P46740 Xerox FreeFlow® Print Server Security Guide
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 2
    Global Knowledge and Language Services 800 Philips Road Bldg. 845-17S Webster, New York 14580 USA ©2007 by Xerox Corporation. All rights . Printed in the United States of America. XEROX® and all Xerox product names mentioned in this publication are trademarks of XEROX CORPORATION. Other company
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 3
    Table of contents 1-1 About this guide 2-1 Contents 2-1 Conventions 2-1 Customer support 2-2 System supplied security profiles 2-3 Enable and disable services 2-5 User level changes 2-10 Solaris file permissions 2-11 Disabling secure name service databases 2-11 Multicast routing disabled
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 4
    individual passwords 2-22 Accessing the Xerox FreeFlow Network Protocol 2-27 Secure Print 2-29 MICR mode 2-29 Prevent Unauthorized Queue Changes 2-30 Queue Lock 2-30 Roles and responsibilities 2-30 Xerox responsibilities 2-30 Customer Responsibilities 2-31 Security tips 2-31 Virus Scan
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 5
    to perform system administration tasks for maintaining the Xerox FreeFlow® Print Server. About this guide This guide is intended for network and system administrators responsible for setting up and maintaining Xerox printers with Xerox FreeFlow Print Server software. System administrators should
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 6
    support To place a customer service call, dial the direct TTY number for assistance. The number is 1-800-735-2988. For additional assistance, dial the following numbers: • Service and software support: 1-800-821-2797 • Xerox documentation and software services: 1-800-327-9753 2 Security Guide
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 7
    the Xerox FreeFlow Print Server controller and the Solaris OS. System supplied security profiles The four system-supplied profiles are: default operating Profiles Profile Default Operati ng System Only Characteristics All ports are open. Walkup users can reprint anything. Full workspace menu
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 8
    server is disabled on customer network. Walkup users cannot reprint anything. Terminal window is password protected. Auto login is disabled Does not support legacy DigiPath workflow. Supports FreeFlow workflow. File FTP is disabled. File transfer can be done via Secure FTP. For CFA support, that is
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 9
    Xerox FreeFlow Print Server "Setup > Security Profiles" menu options. NOTE: Services list may vary, depending on the product. Table 2-2 "System" tab System Service supplying a password. These files can be removed or modified to enhance security. The Xerox use of the Xerox command line client Xerox
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 10
    System Service Secure Network Settings Secure Sendmail Security Warning Banners Description Force sendmail to only handle outgoing mail. No incoming mail will be handled by sendmail. Enable security warning banners to be displayed when a user logins or telnets into the Xerox FreeFlow Print Server.
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 11
    services are disabled. This does not prevent Xerox FreeFlow Print Server SNMP services from operating. S77DMI Sun Solstice Enterprise DMI Service the Xerox FreeFlow Print Server. Not used by the Xerox FreeFlow used for denial of service attacks. Not used by the Xerox FreeFlow Print Server. comsat
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 12
    Xerox FreeFlow Print Server. dtspc CDE sub-process Control Service CDE sub-process Control Service (dtspcd) is a network service attacks. Not used by the Xerox FreeFlow Print Server. exec Remote execution server Used by rexec(1) command. Potentially dangerous- passwords transfer protocol This can
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 13
    Network rwall server rpc.sprayd Spray server rcp.ttdbserverd RPC-based ToolTalk database server rpc.rstatd rquotad rstatd-kernel statistics server Remote quota server Description in.tnamed is a server that supports the DARPA Name Server Protoco. Seldom used anymore. Not used by Xerox manually.
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 14
    to transfer files onto the Xerox FreeFlow Print Server. However, this service represents a security risk. Not used by the Xerox FreeFlow Print Server. Sun-dr (DCS) Domain configuration server The Domain Configuration Server (DCS) is a daemon process that runs on Sun servers that support remote
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 15
    enabled or disabled through the Xerox FreeFlow Print Server interface. Fix-modes include: • fixmodes-xerox: fix file permissions for all security setting is changed back to medium. Disabling secure name service databases The following databases are disabled when security is invoked: Guide 11
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 16
    Environment Network Settings for Security, at http://www.sun.com/solutions/ blueprints/1200/network- service is re-enabled manually, the port restriction will still apply. Remote CDE login disabled The Remote CDE login is disabled. Xerox FreeFlow Print Server router capabilities disabled The Xerox
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 17
    Xerox (Xerox printer queues that are associated with the Xerox FreeFlow Print Server virtual printers service If you are using the legacy Xerox service to transfer files to the Xerox FreeFlow Print Server controller. However, if you are not using the Xerox Xerox FreeFlow Print Server outload back to
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 18
    profile setting across Xerox FreeFlow Print Server upgrades. By clicking the Restore Default Profile, the Default profile can be basis for granting access. Xerox FreeFlow Print Server user accounts are defined either locally at the device or remotely at a trusted network location like ADS. The
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 19
    • Each local user account has an associated user password that is a sequence of characters that is case Default user groups and user accounts The Xerox FreeFlow Print Server provides three default user groups: Users, Operators, and System Administrators. It also supplies four default Guide 15
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 20
    are two functions of the Xerox FreeFlow Print Server that the administrator may choose to restrict. From the Setup > Users & Groups menu option, select the "Group Authorizations" tab in the interface. The administrator can choose to enable or disable the service for a particular user group. NOTE
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 21
    ) Setup (Feature licenses, Network configuration) Operators Administrat ors (sa and cse) Changeable via GUI Comment Enabled Enabled No The "Limit Print Service Paths" in Security Profile controls the directories that users can reprint. The defaults are: DEFAULT- Operating System Only, Saved
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 22
    The default is set to automatically log on as "user". When Automatic Logon is disabled, the Xerox FreeFlow Print Server will not launch completely until users log on via a logon window. This window will appear before the Xerox FreeFlow Print Server UI is displayed and will require users to manually
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 23
    System Default Accounts with new passwords. For security reasons, all system passwords must be changed. • root: has super user access to the workstation. The initial password for this account is set during installation of the operating system and should be obtained from the Xerox service personnel
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 24
    password policy can be enforced. Strong Passwords can be Enabled and Disabled (default setting) via the Password Policies window. Strong passwords are not created by the Xerox FreeFlow Print Server. NOTE: Remote Network Server: If running NIS+ name service, strong passwords would be enforced via the
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 25
    Xerox FreeFlow Print Server UI and does not apply to the root (su) user. How to Enable/Disable Login Attempts • From the Setup menu select [Users and Groups] • From the Policies drop down menu select [Password] • Enable/Disable Login Attempts from the Password Policies window. The default setting
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 26
    onto the printer using their Microsoft Active Directory Services (ADS) user names. To provide this option, the administrator must first configure the Xerox FreeFlow Print Server appropriately for the DNS gateway (see the "Gateway and Network Configuration" section of this guide). Additionally, the
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 27
    with your ADS user name and password. NOTE: For this feature to work, Administrators must ensure that DNS is enabled, the Xerox FreeFlow Print Server is configured to join the ADS domain, and ADS groups are mapped to the Xerox FreeFlow Print Server user groups. Troubleshoot ADS Refer to the online
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 28
    default is Enable All Connections. Secure Socket Layer The Xerox network layer protocol and the application protocol layer. The network client and the web server (printing system) decide which protocol to use for data transfer between two points over a network. The Xerox FreeFlow Print Server SSL/TLS
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 29
    ISGW Creating and Using a Self-Signed Certificate - Logon to the Xerox FreeFlow Print Server as System Administrator or as a user who belongs 3 - Enter the requested information: • Organization (required) • Organizational Unit (optional) • E-mail (optional) • Locality (optional) • State Guide 25
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 30
    on the 'Enable SSL/TLS' checkbox at the top of the SSL/ TLS window. - Select a SSL/TLS mode of operation: • Normal (Encrypted and Unencrypted 3 - Enter the requested information: • Organization (required) • Organizational Unit (optional) • E-mail (optional) • Locality (optional) • State/Province
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 31
    needs to supply the fully Network Protocol, name service changes and the changes that occur when security is invoked. The table below addresses the list of Network Protocols that are used by the Xerox FreeFlow Print Server software or Xerox client operations. Table 2-7 Network Protocols Network
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 32
    Xerox FreeFlow Print Server Internet Services gateway and the Xerox Remote Services Xerox FreeFlow Print Server Remote WorkFlow (DRW), and network services service can be enabled/disabled under Setup -> Network Configuration (LP/LPR client, Xerox FreeFlow Print Server Print Service (Reprint), etc.).
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 33
    Xerox FreeFlow Print Server's GUI interface to the SunScreen Lite firewall that is part of the Solaris 8 Operating System. This feature allows the user to limit the number of clients who are allowed to access the server via services such as LPR, IPP, HTTP, HTTPS, SMB Printing, and FTP. By default
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 34
    the administrator in ensuring that the customer environment is secure. Xerox responsibilities Xerox is committed to providing a level of security which will allow the Xerox FreeFlow Print Server controller to be a good network citizen in response to current security intrusions. Additional security
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 35
    recommends that the customer change passwords from the default settings since the ultimate security of the printing system resides with the customer. NOTE: Please be aware that the Xerox Customer Support Personnel must have access to the new root password for service and support. It is the customer
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 36
    Virus Scan The Xerox FreeFlow Print Server runs on the Solaris 10 Operating System (OS). This OS makes the Xerox FreeFlow Print Server less susceptible to virus and worms. Online Help for cert.org/nav/ index_main.html http://www.cve.mitre.org/ http://www.xerox.com\security 32 Security Guide
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 37
  • Xerox 6180N | FreeFlow® Print Server Security Guide - Page 38
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
Xerox FreeFlow® Print Server
Security Guide
Version 6.0, January 2007
701P46740