Focus On Security Xerox Remote Services Security White Paper

Similar documents
Xerox SMart esolutions. Security White Paper

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Version /10. Xerox ColorQube 9301/9302/9303 Internet Services

SMart esolutions. Install Guide for Xerox SMart esolutions for Windows for Office devices based in Europe. a Xerox remote service platform INSTALL

Focus on Security Xerox and the P2600 Hardcopy Device and System Security Working Group

Remote Services. Managing Open Systems with Remote Services

UBS KeyLink Quick reference WEB Installation Guide

Nokia E90 Communicator Using WLAN


CareGiver Remote Support Information Technology FAQ

White Paper. BD Assurity Linc Software Security. Overview

technical brief browsing to an installation of HP Web Jetadmin. Internal Access HTTP Port Access List User Profiles HTTP Port

Secure Installation and Operation of Your Xerox Multi-Function Device. Version 1.0 August 6, 2012

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Print Audit Facilities Manager Technical Overview

Version 1.0 January Xerox Phaser 3635MFP Extensible Interface Platform

October P Xerox App Studio. Information Assurance Disclosure. Version 2.0

SSL VPN Technology White Paper

Improving the Customer Support Experience with NetApp Remote Support Agent

SSL VPN Client Installation Guide Version 9

Remote Access Platform. Architecture and Security Overview

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

PRIVACY, SECURITY AND THE VOLLY SERVICE

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

GoToMyPC Corporate Advanced Firewall Support Features

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

Security from the Ground Up eblvd uses a hybrid-asp model designed expressly to ensure robust, secure operation.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring. A White Paper from the Experts in Business-Critical Continuity TM

ereview Security Overview Security Overview

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

WebEx Security Overview Security Documentation

IT Architecture Review. ISACA Conference Fall 2003

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Useful Tips for Reducing the Risk of Unauthorized. Access for Laser Beam Printers and Small-Office MFPs

Server Installation ZENworks Mobile Management 2.7.x August 2013

Brochure Achieving security with cloud data protection. Autonomy LiveVault

B. KTT Web-based File Transfer

Securely Deliver Remote Monitoring and Service to Critical Systems. A White Paper from the Experts in Business-Critical Continuity TM

A guide to CLARiSUITE TM network solutions

NextiraOne, LLC d/b/a Black Box Network Services

CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

7.0 Self Service Guide

BlackShield ID Agent for Remote Web Workplace

Corepoint Community Exchange Features and Value - Overview

Industrial Security Solutions

Software Version 1.0 ConnectKey TM Share to Cloud April Xerox ConnectKey Share to Cloud User / Administrator s Guide

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Maruleng Local Municipality

Monitoring HP OO 10. Overview. Available Tools. HP OO Community Guides

White Paper. Enhancing Website Security with Algorithm Agility

VPN. Date: 4/15/2004 By: Heena Patel

Title Page. Hosted Payment Page Guide ACI Commerce Gateway

Configuration Guide. SafeNet Authentication Service AD FS Agent

Famly ApS: Overview of Security Processes

Reference Architecture: Enterprise Security For The Cloud

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Live Guide System Architecture and Security TECHNICAL ARTICLE

HP IMC User Behavior Auditor

Network Configuration Settings

Xerox Mobile Print Cloud

Alaska Alternate Assessment. Website Security Assurances. June App3.6_Test_Site_Security

U.S. Army best practices for secure network printing, scanning, and faxing.

Support for the HIPAA Security Rule

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

About Contract Management

Deltek Touch Time & Expense for Vision 1.3. Release Notes

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Contents Notice to Users

Copyright

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web


Guideline on Auditing and Log Management

CBIO Security White Paper

How To Secure Your System From Cyber Attacks

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

ReadyNAS Remote. Add-on Manual. 350 East Plumeria Drive San Jose, CA USA. May

CentreWare Internet Services Setup and User Guide. Version 2.0

Firewall Testing Methodology W H I T E P A P E R

Enterprise Security Critical Standards Summary

Electronic business conditions of use

Connectivity Security White Paper. Electronic Service Agent for AIX and Virtual I/O Server (VIOS)

Managing SSL Security in Multi-Server Environments

An Overview of Oracle Forms Server Architecture. An Oracle Technical White Paper April 2000

redcoal SMS for MS Outlook and Lotus Notes

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Microsoft Dynamics GP Release

Installing and Configuring vcenter Support Assistant

CONDIS. IT Service Management and CMDB

Optus SMS for MS Outlook and Lotus Notes

Electronic Service Agent TM. Network and Transmission Security And Information Privacy

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

vcenter Support Assistant User's Guide

Installing and Configuring vcloud Connector

CTS2134 Introduction to Networking. Module Network Security

Transcription:

Focus On Security Xerox Remote Services Security White Paper Table of Contents 3. A Proactive And Innovative Strategy 3. Introduction 3. The Results Are Tangible 4. The Purpose Of This White Paper 4. Remote Services Overview 5. Remote Services Design Goals 6. Customer Network Category 6. Remote Services Design Goals (contd) 6. Transaction Security 7. Remote Services Architecture 8. Remote Services FAQs 9. Remote Services Data February 18, 2009 Xerox Engineering Services Xerox Corporation Copyright 2009 Xerox Corporation Copyright protection claimed includes all forms and matters of copyrighted material and information now allowed by statutory or judicial law or hereinafter granted, including without limitation, material generated from the software programs that are displayed on the screen such as styles, templates, icons, screen displays, looks, etc. XEROX and all Xerox product names and product numbers mentioned in this publication are trademarks of XEROX CORPORATION. All non-xerox brands and product names may be trademarks or registered trademarks of the respective companies, and are hereby acknowledged. Product appearance, build status and/or specifications are subject to change without notice.

2

A Proactive And Innovative Strategy Introduction NOTE: This document refers to Remote Services as a collection of tools used on various Xerox products. The features and information contained in this document refer to the Production Remote Services, printeract and SMart esolutions tools. Xerox is responsive to the security concerns of our customers. Xerox Remote Services are designed to avoid making networks more susceptible to viruses. Remote Services transactions always originate from the device, based on authorizations made by the customer. Remote Services can only communicate with a secure server at Xerox that conforms to the stringent requirements of the internal Xerox Corporation information management infrastructure. Customers do not need to make any changes to Internet firewalls, proxy servers, or other security infrastructure. Xerox systems are designed to integrate within customer workflows. They connect to the network and push machine data to Xerox Communication servers where the information can be reviewed and analyzed to be used to evaluate service issues as well as to automate billing and supplies replenishment. This built-in knowledge-sharing feature of Xerox systems is what makes Xerox Remote Services viable and its approach unique. Xerox Remote Services helps differentiate Xerox machine performance and support from other equipment suppliers. While other vendors may remotely monitor some of their machines, Xerox has developed integrated systems and remote tools, and coupled them with highly skilled Xerox support teams who are tasked with working to make Xerox customers more productive and satisfied. This combination creates a high value Remote Services capability that provides proactive problem resolution, and a robust underlying knowledge of the customer s needs. A key enabler for creating these support processes is the ability to transmit machine performance data back to the Xerox infrastructure. The Results Are Tangible Transmitting machine data translates to faster preventative maintenance, predicts machine failure and reduces the cycle time to fix problems. A multitude of engineering tools leverage data to monitor your machine s health and performance, diagnose problems and recommend corrective actions to your service and support team. Active remote monitoring enhances customer experience by using your machine s data to understand your environment and set thresholds and action plans to accommodate your production needs. Automated Meter Reading can save customer time as well as insuring accuracy over manually retrieving billing information. Automated Supplies Replenishment can allow for ordering of supplies when needed without customer interaction. On certain models, automatic downloading of software patches is supported to fix problems and add features. The expertise of hundreds of Xerox engineers is available. Transmitting machine data translates to more productivity and less customer attention required. 3

The Purpose Of This White Paper The goal of this document is to ensure that Xerox customers understand and feel confident that Remote Services are performed and machine data is transmitted to Xerox in a secure and accurate manner. This White Paper provides additional background on Remote Services capabilities, and specifically focuses on the security aspects of Xerox Remote Services. It is recommended that you read the document in its entirety and take appropriate actions consistent with your information technology security policies and practices. It is also important that you maintain the integrity of any security measures taken. Each customer has many issues to consider as it develops and deploys a security policy within its organization. Since these requirements will vary from customer to customer, the customer has the final responsibility for any and all implementations, re-installations, testing of security configurations, patches, and modifications. Remote Services Overview Increasingly, Xerox products implement services that communicate back to Xerox. Xerox Remote Services capabilities are based on a technology platform that provides a flexible end-to-end system for connecting products to our postsale solutions offerings. There are two main architectural elements of the Remote Services system. These two elements work together in a seamless manner to enable a extensive set of services and to provide for additional services to be added in the future. These elements are: Remote Services Client software This is a software module embedded in Xerox products or installed in the customer s environment to provide the clientside infrastructure that enables secure transactions back to Xerox. On certain models, automatic downloading of software patches is supported to fix problems and add features. Xerox Communication Server a common connectivity server to which the client software transmits system data. 4

Remote Services Design Goals Xerox views security as a key requirement of the overall Remote Services architecture. The security related goals were derived from the following sources: Inputs and feedback from extensive Voice of the Customer continuing studies conducted by the Xerox Innovation Group (XIG). These studies are focused on determining customer preferences and their remote services needs. Xerox Customer Service and Support Organizations across the world. Security guidelines published by the Xerox Information Management (XIM) organization. Xerox Remote Services include capabilities designed to address the following concerns about security: Identification and Authentication. The process of uniquely and reliably identifying a device. Authorization The process of granting the device remote access services based on our customer s security needs and product acquisition decisions. Data Integrity The ability to verify that data has not been subjected to unauthorized modification. Audit Capabilities The ability to track all communication between a machine and Xerox. Customer Confidentiality The prevention of access to unauthorized parties by making use of encryption techniques (i.e. https). The Remote Services Client allows a secure connection from the device to Xerox 5

Within the end-to to-end Remote Services system, the system design goals respond to network security concerns in two main catergories. Customer Network Category The first category is security concerns related to the connection of the client software to the end-user s network and to the transmission of data across the Internet to Xerox. Xerox Remote Services incorporate the following controls: The customer must authorize communications between the device and Xerox. Communications from the device shall not include Personally Identifiable Information (PII) unless authorized by the customer. The transmission of job data is not possible without express independent permission and initiation by the customer (approval to send diagnostic, supplies usage, and billing data is separate from approval to send job data). Job data is separately encrypted and is not generally available to the back-end systems or personnel which are not specifically designated. The Remote Services Client Software allows a secure connection from the device to Xerox. It is not possible to use this connection to access the customer s network or data beyond what is pushed to Xerox by the customer. The integrity and authentication of any information (data or code) downloaded from the Communications Server to the device by the Re- mote Services Client is verified prior to installation. Transaction Security The second category is the network security concerns related to the exchange of information between the customer and Xerox in executing transactions. The following controls have been established: The Xerox Communication Server and the Remote Services Clients mutually identify and authenticate themselves to each other. All transactions uploaded by the Remote Services Client to the Xerox Communication Server is able to be audited through the device transaction history log by both the customer and Xerox. A transaction log can be viewed which gives service personnel and privileged users the ability to audit the information shared with Xerox. 6

Remote Services Architecture A high-level view of the end-to-end Remote Services architecture would involve communication flow between the Remote Services Client (direct-device and/or proxy-host) and the Xerox Communication Server. Remote Services Clients are embedded either in Xerox devices or in a hosted application (e.g. CentreWare Web). The clients are configured to connect with and send messages specifically to the Xerox Communication Server. Xerox Remote Services use industry standard web services protocols for all communications between Remote Services Clients and the Xerox Communication Server. Web services are accessed via the secured-socket HTTP (HTTPS/ SSL) that is common to web browsers and web servers. Use of web services as the underlying mechanism for all Remote Services transactions ensures both interoperability and compatibility with firewalls. By using HTTP, web services can also take advantage of the Secure Socket Layer (SSL) protocol for security and HTTPS connection management capabilities in order to prevent customer data from being broadcasted over the open Internet. A proxy server is commonly used in network environments to provide a firewall system between the end-user network and the Internet. Most firewalls/proxies are configured to block requests on all but a few network ports. Firewalls, however, usually allow traffic on port 80 for HTTP and 443 (secured HTTP or HTTPS) so browsers can access the Internet. By using HTTP or HTTPS over standard ports, Remote Services Clients are able to communicate through firewalls. The Remote Services Clients act like any web browser (over standard ports) requiring no "holes in the customer firewall" or changes to other equipment at the customer site. Remote Services Clients support the 128 bit SSL encryption. Customers initiate all interactions between their environment and the Xerox Communication Server. Remote Services Client Software may initiate an interaction with the Xerox Communication Server upon the occurrence of an event (e.g. a customer presses a button on the machine UI, a timer triggers an alarm, etc). All transaction content between the Remote Services Client and the Xerox Communication Server is auditable through the device transaction history log To achieve the effect of two-way connectivity the Remote Services Client Software periodically checks-in with the Xerox Communication Server to receive any instructions for them. This check is infrequent and very lightweight, avoiding congestion of the customer intranet. Xerox digitally signs all packages downloaded by the Remote Services Client. The customer benefits from this software integrity because it addresses the following issues: Content Source: this feature certifies that the packages really come from Xerox. Content Integrity: this feature confirms that the packages have not been altered or corrupted since they were signed. 7

Remote Services Frequently Asked Questions (FAQs) Listed below is a set of FAQs helpful for customers using Xerox Remote Services 1. Will enabling Xerox Remote Services Client Software make my network more susceptible to viruses or hacker attacks? No. Customers make no changes to their own security infrastructure. Xerox Remote Services only communicate to a specific secure server at Xerox and services are designed specifically to prevent unauthorized data transfers. The secure server at Xerox is regularly scanned for viruses using the latest tools. 2. How do I know that Xerox is not accessing my company s private data off the machine disk? You may examine the log of what is sent back to Xerox by using the device User Interface. Remote Services features only access machine related data and not customer job images or other customer data. Customer job data can only be sent to Xerox when an authorized user is logged in. 3. How can I be sure that the device data is going to Xerox only? The secure transmittal process uses HTTPS and VeriSign signed certificates to ensure and verify that the device is sending to Xerox. In addition, all transmission data is sent over a Secure Socket Layer (SSL) connection using 128-bit encryption. Initial configuration of the Client Software points to only the Xerox Communication Server. 4. Will my machine interact with or receive information from non-xerox systems? No. The device always initiates the remote services transfer activity and sets up a Xerox-only, non-intrusive communication path. 5. What is the data used for? Currently this data is used for one of three purposes: Service Service information is collected and sent to allow service personnel to view the state of the device before traveling to the customer site. This saves the customer time by reducing the need to make extra trips to the customer site. Engineering Detailed engineering logs allow timely response to critical customer problems and provide valuable feedback for future features. Billing Billing information is sent with each data push allowing Xerox to produce accurate customer bills. Supplies - Consumable information is sent with each data push allowing Xerox to send consumables (toner) when needed. Parts - Customer Replaceable Unit (CRU) information is sent with each data push allowing Xerox to ship these to customers when needed. 8

Remote Services Data The table below details the types and formats of data contained in Remote Services transfers. File Format Description Billing XML Customer Billing Meters Status XML Messages displayed to the operator Customer Info XML Customer contact information DFE Errors XML Errors recorded by the DFE Diagnostic List XML Record of diagnostic procedures performed Faults XML List of faults Configuration XML Configuration of the machine Events XML List of informational events Diagnostic Data XML A set of diagnostic data files NVM XML Systems settings for Image Quality etc. Engineering Free Form Engineering debug information Supplies Usage XML Toner / Ink Usage Levels NOTICE: DISCLAIMER THIS INFORMATION IS PROVIDED FOR INFORMATION PURPOSES ONLY. XEROX CORPORATION MAKES NO CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADE- QUACY OF THE INFORMATION CONTAINED IN THIS WHITE PAPER AND DISCLAIMS ALL LIABILITY CONCERNING THE INFORMATION AND/OR THE CONSEQUENCES OF ACTING ON ANY SUCH IN- FORMATION. PERFORMANCE OF THE PRODUCTS REFERENCED HEREIN IS EXCLUSIVELY SUBJECT TO THE APPLICABLE XEROX CORPORATION TERMS AND CONDITIONS OF SALE, LICENSE AND/OR LEASE. NOTHING STATED IN THIS WHITE PAPER CONSTITUTES THE ESTABLISHMENT OF ANY AD- DITIONAL AGREEMENT OR BINDING OBLIGATIONS BETWEEN XEROX CORPORATION AND ANY THIRD PARTY. 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information