Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
Xerox WorkCentre 5632/5638/5645/5655 - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5632</strong>/<strong>5638</strong>/<strong>5645</strong>/<strong>5655</strong>/5665/5675/5687<br />
Multifunction Systems Security Target<br />
Assumption<br />
Description<br />
<br />
<br />
<br />
Network Time Protocol (NTP)<br />
Identification and Authentication<br />
Authorization (LDAP, ADS, or other methods<br />
of delegating user groups)<br />
3.3. Threats<br />
3.3.1. Threats Addressed by the TOE<br />
This section identifies the threats addressed by the TOE. The various attackers of the<br />
TOE are considered to be either authorized or unauthorized users of the TOE with<br />
public knowledge of how the TOE operates. These users do not have any specialized<br />
knowledge or equipment. The authorized users have physical access to the TOE.<br />
Mitigation to the threats is through the objectives identified in Section 4, Security<br />
Objectives.<br />
Table 5: Threats Addressed by the TOE<br />
Threat<br />
T.RECOVER<br />
T.COMM_SEC<br />
Description<br />
A malicious user may attempt to recover temporary or<br />
stored document image data using commercially<br />
available tools to read its contents.<br />
This may occur because the attacker gets physical<br />
access to the hard disk drive (e.g. as part the life-cycle of<br />
the MFD (e.g. decommission)), or the document image<br />
data can be read/recovered from the fax card flash<br />
memory (e.g. as the result of a purposeful or inadvertent<br />
power failure before the data could be erased.)<br />
An attacker may break into a communications link<br />
between the TOE and a remote trusted IT product in<br />
order to intercept and/or modify management data<br />
passed to/from/between the TOE and remote trusted IT<br />
product.<br />
T. INFAX During times when the FAX is not in use, a malicious<br />
user may attempt to access the internal network by<br />
connecting to the FAX card via PSTN and using publicly<br />
available T.30 FAX transmission protocol commands for<br />
the purpose of intercepting or modifying sensitive<br />
information or data that may reside on resources<br />
23<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved