EasyManuals Logo

Xerox WorkCentre 7830 Secure Installation And Operation

Xerox WorkCentre 7830
19 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #14 background imageLoading...
Page #14 background image
13
Once Embedded Device Security is enabled on the device, any attempts to read from read-protected files and
directories or to change write-protected files and directories will result in a Security Alert being recorded in the
Audit Log. If configured, an email alert will also be sent.
h. Be careful not to create an IP Filtering rule that rejects incoming TCP traffic from all addresses with source port set
to 80; this will disable the Web UI. Also, configure IP filtering so that traffic to open ports from external users
(specified by subnet mask) is dropped and so that following ports for web services are closed: tcp ports 53202,
53303, 53404 and tcp/udp port 3702. Also, ensure that entire access to the device is not blocked by defining, for
example, a rule for IP Address 0.0.0.0 with a reject/drop action kept in Position 1 in the list of IP Filters.
i. Ensure the user permission roles names do not contain single quotes (‘) or double quotes (“).
j. Ensure there are no jobs being held by the device when data encryption is enabled/disabled.
k. If the hash algorithm is selected to be SHA-256 (for those cases (e.g., IPsec) where a hash algorithm can be
selected) the Administrator may not be able to change the hash selection to be SHA-1.
l. Users should be aware that correct remote repository document pathnames for the receipt of workflow scanning
jobs should start with one ‘\’ as opposed to the two ‘\’s shown in the SAG (e.g., page 140).
m. Users should be provided with appropriate training on how to use the device in a secure manner before being
assigned user accounts to access the device.
n. Before upgrading software on the device via the Manual/Automatic Customer Software Upgrade, please check for
the latest certified software versions. Otherwise, the machine may not remain in its evaluated configuration.
o. Users experiencing problems logging in to the device using the Web UI only on a particular web browser are advised
to switch to a different web browser.
p. The device should be installed in a standard office environment. Office personnel should be made aware of
authorized service calls (for example through appropriate signage) in order to discourage unauthorized physical
attacks such as attempts to remove the internal hard disk drive(s). Ensure that office personnel are made aware to
pick up the outputs of print and copy jobs in a timely manner.
q. Caution: The device allows an authenticated System Administrator to disable functions like Image Overwrite
Security that are necessary for secure operation. Periodically review the configuration of all installed machines in
your environment to verify that the proper evaluated configuration is maintained.
r. System Administrators should avoid opening emails and attachments from unknown sources unless the emails and
attachments have been properly scanned for viruses, malware, etc.
s. System Administrators and users should:
Whenever possible use a browser to access the WebUI whose only purpose is to access the WebUI.
Always logoff the browser immediately after completing any tasks associated with accessing the WebUI.
Not allow the browser to either save their username/password or “remember” their login.
Follow secure measures, only use browsers with TLS 1.0 and above and not open any malicious links or
documents with their browser.
IV. Secure Operation of Device Services/Functions Not Part of the Evaluated Configuration
a. Change the SNMPv1/v2c public/private community strings from their default string names to random un-
guessable string names of at least 8 characters in length.
b. SNMPv3 cannot be enabled until SSL and HTTPS (SSL) are enabled on the machine. To enable SNMPv3
follow the instructions for “Configuring SNMPv3” under “SNMP” in Section 3 of the SAG.
Be aware that in configuring SNMPv3 there is the option of resetting both the Privacy and Authentication
passwords back to their default values. This option should only be used if necessary since if the default
passwords are not known no one will be able to access the SNMP administrator account
8
.
8
The SNMP administrator account is strictly for the purposes of accessing and modifying the MIB objects via SNMP; it is separate from the
System Administrator “admin” user account or user accounts given SA privileges by the System Administrator “admin” user. The administrator
account cannot perform any System Administrator functions.

Other manuals for Xerox WorkCentre 7830

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Xerox WorkCentre 7830 and is the answer not in the manual?

Xerox WorkCentre 7830 Specifications

General IconGeneral
Print ResolutionUp to 1200 x 2400 dpi
Copy ResolutionUp to 600 x 600 dpi
Scan ResolutionUp to 600 x 600 dpi
Processor1.2 GHz
Memory2 GB
Hard Drive160 GB
FunctionsPrint, Copy, Scan, Fax
Print Speed (Black)Up to 30 ppm
Print Speed (Color)Up to 30 ppm
Duplex PrintingStandard
Copy Speed (Black)Up to 30 cpm
Copy Speed (Color)Up to 30 cpm
Fax Speed33.6 Kbps
Fax Transmission Speed3 seconds per page
Network ConnectivityEthernet 10/100/1000 Base-T
Print SpeedUp to 30 ppm
Monthly Duty CycleUp to 90, 000 pages
Paper SizesA4, A5
ConnectivityUSB 2.0, Ethernet
Automatic Document Feeder110 sheets
Operating System CompatibilityWindows, Mac, Linux

Related product manuals