Xerox SMart esolutions. Security White Paper



Similar documents
Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

WebEx Security Overview Security Documentation

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

White Paper. BD Assurity Linc Software Security. Overview

Security Overview Introduction Application Firewall Compatibility

Network Configuration Settings

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc.

PRIVACY, SECURITY AND THE VOLLY SERVICE

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

CTS2134 Introduction to Networking. Module Network Security

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Print Audit Facilities Manager Technical Overview

Security IIS Service Lesson 6

SMart esolutions. Install Guide for Xerox SMart esolutions for Windows for Office devices based in Europe. a Xerox remote service platform INSTALL

Security Policy Revision Date: 23 April 2009

Xerox Mobile Print Cloud

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

White Paper. Enhancing Website Security with Algorithm Agility

IT Architecture Review. ISACA Conference Fall 2003

Version /10. Xerox ColorQube 9301/9302/9303 Internet Services

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

GoToMyPC Corporate Advanced Firewall Support Features

SSL VPN Technology White Paper

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

What is an SSL Certificate?

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Central Administration QuickStart Guide

Central Administration User Guide

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

FileCloud Security FAQ

Copyright Telerad Tech RADSpa. HIPAA Compliance

Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important

WHITE PAPER. GoToMyPC. Citrix GoToMyPC Corporate Security FAQs. Common security questions about Citrix GoToMyPC Corporate.

CBIO Security White Paper

Version Highlights. CertainT 100 SSL Accelerator. Version International. New hardware and software version. North America

Cloud Security:Threats & Mitgations

INSTANT MESSAGING SECURITY


Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

SSL VPN Client Installation Guide Version 9

Network Security Guidelines. e-governance

Network Security Policy

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Version 4.1 June Xerox Device Agent (XDA) Lite Security and Evaluation Guide

Tel: Toll-Free: Fax: Oct Website: CAIL Security Facility

Data Security and Governance with Enterprise Enabler

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

MS 10972A Administering the Web Server (IIS) Role of Windows Server

HIPAA. considerations with LogMeIn

Administering the Web Server (IIS) Role of Windows Server

redcoal SMS for MS Outlook and Lotus Notes

Repeater. BrowserStack Local. browserstack.com 1. BrowserStack Local makes a REST call using the user s access key to browserstack.

Achieving PCI Compliance Using F5 Products

SSL VPN vs. IPSec VPN

UBS KeyLink Quick reference WEB Installation Guide

Security. TestOut Modules

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

10972-Administering the Web Server (IIS) Role of Windows Server

LogMeIn HIPAA Considerations

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Installing and Configuring vcenter Multi-Hypervisor Manager

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview

Setting Up SSL on IIS6 for MEGA Advisor

Copyright

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Kaseya Server Instal ation User Guide June 6, 2008

Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Server Installation ZENworks Mobile Management 2.7.x August 2013

Owner of the content within this article is Written by Marc Grote

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

Pre-Installation Instructions

Network Segmentation

EMC Data Protection Search

System Management. What are my options for deploying System Management on remote computers?

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Administering the Web Server (IIS) Role of Windows Server

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

Content Page. 1 Remote Access - HEIDELBERG's interactive remote service approach 2. 2 How HEIDELBERG's remote service approach works 3

Best Practices for Controlling Skype within the Enterprise. Whitepaper

Building Customer Confidence through SSL Certificates and SuperCerts

Securing your Online Data Transfer with SSL

Best Practices for Controlling Skype within the Enterprise > White Paper

Medical Device Security Health Group Digital Output

Connectivity to Polycom RealPresence Platform Source Data

Transcription:

Xerox SMart esolutions Security White Paper 1

Xerox SMart esolutions White Paper Network and data security is one of the many challenges that businesses face on a daily basis. Recognizing this, Xerox Corporation continues to engineer and design all of our products to ensure the highest level of security possible. This White Paper provides additional background on SMart esolutions capabilities, and specifically focuses on the security aspects of Xerox SMart esolutions - with the goal of ensuring that Xerox customers understand and feel confident how SMart esolutions functions are performed and that machine data is transmitted to Xerox in a secure, accurate and auditable manner. Xerox recommends that customers read this document in its entirety and take appropriate actions consistent with your information technology security policies and practices. Customers have many issues to consider in developing and deploying a security policy within their organization. Since these requirements will vary from customer to customer, the customer has the final responsibility for any and all implementations, re-installations and testing of security configurations, patches and modifications. 2

NOTICE: DISCLAIMER THIS INFORMATION IS PROVIDED FOR INFORMATION PURPOSES ONLY. XEROX CORPORATION MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN THIS WHITE PAPER AND DISCLAIMS ALL LIABILITY CONCERNING THE INFORMATION AND/OR THE CONSEQUENCES OF ACTING ON ANY SUCH INFORMATION. PERFORMANCE OF THE PRODUCTS REFERENCED HEREIN IS EXCLUSIVELY SUBJECT TO THE APPLICABLE XEROX CORPORATION TERMS AND CONDITIONS OF SALE, LICENSE AND/OR LEASE. NOTHING STATED IN THIS WHITE PAPER CONSTITUTES THE ESTABLISHMENT OF ANY ADDITIONAL AGREEMENT OR BINDING OBLIGATIONS BETWEEN XEROX CORPORATION AND ANY THIRD PARTY. 3

Xerox SMart esolutions Overview Xerox SMart esolutions capabilities are based on a technology platform that provides a flexible end-to-end system for connecting products to the Xerox infrastructure which administers our post-sale offerings. The diagram shown in Figure 1 emphasizes the three main architectural elements of the system, which are located at the vertices of the triangle. These three elements work together in a seamless manner to enable a rich variety of remote services and to provide for additional services to be added in the future. Device Proxies Xerox IM Infrastructure Smart esolutions Device-Direct Xerox Communication Server Figure 1: Major components of the Xero x SMart esolutions architecture At the lower left corner of the triangle are devices with the SMart esolutions client software module embedded in them to provide the client-side infrastructure that enables secure transactions back to Xerox. The connection to Xerox and our back-office processes is shown at the lower right corner of the triangle. SMart esolutions clients connect to Xerox through a common connectivity server referred to as the Xerox Communication Server. At the top of the triangle are device proxies. These proxies enable Xerox devices to communicate to the Xerox Communication Server through a single point. This provides the customer with the capability to consolidate data communication through a reduced number of Production Systems and Office products. This document refers to both direct and proxy clients generically as SMart esolutions Clients. 4

Xerox SMart esolutions Design Goals for Security Xerox views network security as a key requirement of the overall SMart esolutions architecture. The security related goals were derived from the following sources: 1. Xerox Customer Service and Support Organizations across the world. 2. Inputs and feedback from extensive Voice of the Customer studies conducted by the Xerox Innovation Group (XIG). These studies were focused on determining customer preferences and their remote services needs. 3. Security guidelines published by the Xerox Information Management (XIM) organization. 4. Various (internal Xerox) business group customer advocates. Xerox SMart esolutions include capabilities designed to address the following concerns about security: 1. Identification and Authentication. The process of uniquely and reliably identifying a device. 2. Authorization. The process of granting the device remote access services based on our customer s security needs and product acquisition decisions. 3. Data Integrity. The ability to verify that data has not been subjected to unauthorized modification. 4. Audit Capabilities. The ability to track all communication between it and Xerox, allowing the customer to monitor the number and types of communication. 5. Customer Confidentiality. The prevention of access to unauthorized parties by making use of encryption techniques (i.e. https). Within the end-to-end SMart esolutions system, the system design goals respond to network security concerns in two main categories. Customer Network Environment The first category is security concerns related to the connection of the client software to the end-user s network and to the transmission of data across the Internet to Xerox. Xerox SMart esolutions incorporate the following controls: o The customer must authorize communications between the device and Xerox. o Communications from the device shall not include information that indicates the identity of the customer or customer s employees o The SMart esolutions Client allows a one-way connection from the device to Xerox. It is not possible to use this connection to access the customer s network or data beyond what is pushed to Xerox by the customer. 5

o The integrity and authentication of any information (data or code) downloaded by the SMart esolutions Client is verified prior to installation. Transaction Security The second category is the network security concerns related to the exchange of information between the customer and Xerox in executing transactions. The following controls have been established: o The Xerox Communication Server and the SMart esolutions Clients mutually authenticate themselves. o All transaction content between the SMart esolutions Client and the Xerox Communication Server is auditable by both the customer and Xerox. a. A viewable transaction log gives end-users the ability to audit the information shared with Xerox. The Xerox Communication Server currently logs all incoming and outgoing transactions. 6

Xerox SMart esolutions Technology Architecture Figure 2 depicts a high-level view of an end-to-end SMart esolutions architecture. It highlights communication flow between the SMart esolutions Client (direct-device and/or proxy-host) and the Xerox Communication Server. As shown in the diagram, SMart esolutions Clients are embedded either in Xerox devices or in a hosted application (e.g. CentreWare Web). The clients are configured to connect and send messages to the Xerox Communication Server. Figure 2: Xerox SMart esolutions data communications Xerox SMart esolutions use industry standard web services protocols for all communications between SMart esolutions Clients and the Xerox Communication Server (Figure 3). Web services are accessed via the secured-socket HTTP (HTTPS) that is common to web browsers and web servers. Use of web services as the underlying mechanism for all SMart esolutions transactions ensures both interoperability and compatibility with firewalls. Figure 3: Web services protocol s tack 7

o By using HTTP, web services can also take advantage of the Secure Socket Layer (SSL) protocol for security and HTTPS connection management capabilities in order to prevent customer data from being broadcasted over the open Internet. o o o o A proxy server is commonly used in network environments to provide a firewall system between the end-user network and the Internet. Most firewalls/proxies are configured to block requests on all but a few network ports. Firewalls, however, usually allow traffic on port 80 for HTTP and 443 (secured HTTP or HTTPS) so browsers can access the Internet. By using HTTP or HTTPS over standard ports, SMart esolutions Clients are able to communicate through firewalls. The SMart esolutions Clients act like any web browser (over standard ports) requiring no "holes in the customer firewall" or changes to other equipment at the customer site. SMart esolutions Clients support the 128 bit SSL encryption As shown in Figure 2, SMart esolutions Clients initiate all interactions between themselves and the Xerox Communication Server. To achieve the effect of 2-way connectivity the SMart esolutions Clients periodically check-in with the Xerox Communication Server to receive any instructions for them. This check is infrequent and very lightweight, avoiding congestion of the customer intranet. The Xerox Communication Server digitally signs all software downloaded by the SMart esolutions Client. The customer benefits from this software integrity because it addresses the following issues: - Content Source: this feature certifies that the software really comes from Xerox. - Content Integrity: this feature confirms that the software has not been altered or corrupted since it was signed. 8

Frequently Asked Questions Listed below is a set of FAQs helpful for an end-user of Xerox SMart esolutions from Xerox. 1. Will enabling a Xerox SMart esolutions Client make my network more susceptible to viruses or hacker attacks? No. Customers make no changes to their own security infrastructure, hence no additional ports need to be opened up the customer s firewall. Xerox SMart esolutions only communicate to a specific secure server at Xerox and services are designed specifically to prevent unauthorized data transfers. The secure server at Xerox is regularly scanned for viruses using the latest tools. 2. How do I know that Xerox is not accessing my company s private data off the machine disk? You may examine the data sent back to Xerox by using the device User Interface to view the transaction details. SMart esolutions features only access machine related data, and not customer images or other customer data. Customer Job Data is specifically provided only at customer discretion and in concert with problem diagnostics. 3. How can I be sure that the device data is going to Xerox only? The secure transmittal process uses HTTPS and VeriSign signed certificates to ensure and verify that the device is sending to Xerox. In addition, all transmission data is sent over a Secure Socket Layer (SSL) connection using 128-bit encryption, which only Xerox has the key to decipher. 4. Will my machine interact with or receive information from non-xerox systems? No. The device always initiates the remote services transfer activity and sets up a Xerox-only, non-intrusive communication path. The device always checks the authentication of who it is communicating with by validating the Verisign Certificate. 5. What is this data used for? Currently this data is used for one of two purposes: 1) Billing Billing information is sent up with each data push allowing Xerox to produce accurate and timely customer invoices. 2) Supplies Replenishment Meter and toner usage information is sent up to enable Xerox to better meet the toner needs of your equipment by insuring that you have the right amount of toner on hand at all times. 9

In summary, Xerox is responsive to the security concerns of our customers. Xerox SMart esolutions will not make networks more susceptible to viruses. SMart esolutions transactions always originate from the device, based on authorizations made by the customer. Services can only communicate with a secure server at Xerox that conforms to the stringent requirements of the internal Xerox Corporation information management infrastructure. Customers do not need to make any changes to Internet firewalls, proxy servers, or other security infrastructure. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information