Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
administrator will identify themselves by entering the username “admin” in<br />
the authentication dialog window.<br />
1.3.2.3. Network Identification (TSF_NET_ID)<br />
The TOE can prevent unauthorized use of the installed network options<br />
(network scanning, scan-to-email, and LanFax); the network options<br />
available are determined (selectable) by the system administrator. To<br />
access a network service, the user is required to provide a user name and<br />
password, which is then validated by the designated authentication server<br />
(a trusted remote IT entity). The user is not required to login to the<br />
network; the account is authenticated by the server as a valid user. The<br />
remote authentication services supported by the TOE are: LDAP v4,<br />
Kerberos v5 (Solaris), Kerberos v5 (Windows 2000/2003), NDS (Novell<br />
4.x, 5.x), and SMB (Windows NT.4x/2000/2003). The cryptography used<br />
by remote authentication services has been scoped out of the evaluation.<br />
Additionally the MBC model of the TOE can be configured to accept<br />
<strong>Common</strong> Access Cards as a means of network authentication for users to<br />
access the installed network options. When using the <strong>Common</strong> Access<br />
Card method of authentication the <strong>Common</strong> Access Card performs<br />
authentication for the TOE via PIN number. The TOE can not gain access<br />
to the identification information on the access card until a valid pin number<br />
has been entered by the user. The TOE obscures pin number entry with<br />
asterisks when it is entered by the user.<br />
1.3.2.4. Security Audit (TSF_FAU)<br />
The TOE generates audit logs that track events/actions (e.g.,<br />
print/scan/fax job submission) to users (based on network login). The<br />
audit logs, which are stored locally in a 15000 entry circular log, are<br />
available to TOE administrators and can be exported for viewing and<br />
analysis. SSL v3.1 must be configured in order for the system<br />
administrator to download the audit records; the downloaded audit records<br />
are in comma separated format so that they can be imported into an<br />
application such as Microsoft Excel.<br />
1.3.2.5. Cryptographic Operations (TSF_FCS)<br />
The TOE utilizes data encryption (RSA, TDES, AES), key establishment<br />
(RSA) and cryptographic checksum generation and secure hash<br />
computation (SHA-1) to support secure communication between the TOE<br />
and remote trusted products. Those packages include provisions for the<br />
generation of checksum/hash values and meet the following standards:<br />
3DES – NIST 800-67 (CAVP Certificate No. 990); SHA-1 – FIPS-180-2<br />
(CAVP Certificate No. 1331), AES-256-FIPS-197 (CAVP Certificate No.<br />
1472), SSLv3.1, RSA - FIPS 186-2 (CAVP Certificate No. 719)<br />
15<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved