Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5135</strong>/<strong>5150</strong><br />
<strong>Multifunction</strong> Systems Security Target<br />
1.3.2.7. User Data Protection – IP Filtering<br />
(TSF_FDP_FILTER)<br />
The TOE provides the ability for the system administrator to configure a<br />
network information flow control policy based on a configurable rule set.<br />
The information flow control policy (IPFilter SFP) is generated by the<br />
system administrator specifying a series of rules to “accept,” “deny,” or<br />
“drop” packets. These rules include a listing of IP addresses that will be<br />
allowed to communicate with the TOE. The IP Filter supports the<br />
construction of both IPv4 and IPv6 filtering policies. Additionally rules can<br />
be generated specifying filtering options based on port number given in<br />
the received packet. IP Filtering is not available for IPv6, AppleTalk or<br />
IPX; however, the effect of IP Filtering can be accomplished for IPv6 by<br />
configuring IPSec associations.<br />
Note: The TOE cannot enforce the IP Filtering (TSF_FDP_FILTER)<br />
security function when it is configured for IPv6, AppleTalk or IPX<br />
networks.<br />
1.3.2.8. Information Flow Security (TSF_FLOW)<br />
The TOE controls and restricts the information flow between the PSTN<br />
port of the optional FAX processing board (if installed) and the network<br />
controller (which covers the information flow to and from the internal<br />
network). Data and/or commands cannot be sent to the internal network<br />
via the PSTN. A direct connection from the internal network to external<br />
entities by using the telephone line of the TOE is also denied.<br />
If the optional FAX board is not installed, an information flow from or to the<br />
FAX port is not possible at all.<br />
1.3.2.9. Security Management (TSF_FMT)<br />
Only authenticated system administrators can enable or disable the Image<br />
Overwrite function, enable or disable the On Demand Image Overwrite<br />
function, change the system administrator password, and start or cancel<br />
an On Demand Image Overwrite operation.<br />
While IIO or ODIO can be disabled, doing so will remove the TOE from its<br />
evaluated configuration.<br />
Additionally, only authenticated system administrators can assign<br />
authorization privileges to users, establish a recurrence schedule for “On<br />
Demand” image overwrite, enable/disable SSL support, create/install<br />
X.509 certificates, enable/disable and download the audit log,<br />
enable/disable and configure (rules) IP filtering, enable/disable disk<br />
encryption, enable/disable use of <strong>Common</strong> Access Cards or<br />
enable/disable and configure IPv6.<br />
16<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved