Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
Xerox WorkCentre 5135/5150 Multifunction ... - Common Criteria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Xerox</strong> <strong>WorkCentre</strong> <strong>5135</strong>/<strong>5150</strong><br />
<strong>Multifunction</strong> Systems Security Target<br />
T.OUTFAX<br />
T.USER<br />
connected to the network.<br />
This threat only exists if the FAX board is installed and<br />
connected to the PSTN.<br />
During times when the FAX is not in use, a malicious<br />
user may attempt to connect to the TOE over the<br />
network and make an outgoing connection using the FAX<br />
card, either as a method of attacking other entities or for<br />
the purpose of sending sensitive information or data to<br />
other entities. 3<br />
This threat only exists if the FAX board is installed and<br />
connected to the PSTN.<br />
A user, at any time, may attempt to reconfigure the TOE,<br />
for the purpose of disabling security functions or<br />
intercepting sensitive information or data, either by<br />
attempting to access the management functions directly<br />
or by logging in as the system administrator. Moreover a<br />
user may try to use the installed network options<br />
(network scanning, scan-to-email, and LanFax) although<br />
he is not authorized to do so.<br />
3.3.2. Threats Addressed by the IT Environment<br />
This section specifies and describes the threat against which protection from the IT<br />
environment is required.<br />
Table 6: Threat Addressed by the IT Environment<br />
Threat<br />
TE.COMM_SEC<br />
Description<br />
An attacker may break into a communications link<br />
between the TOE and a remote trusted IT product in<br />
order to intercept, and/or modify, print job or scan-tomailbox<br />
data passed to/from/between the TOE and<br />
remote trusted IT product.<br />
3.4. Organizational Security Policies<br />
This section enumerates the organizational security policies the TOE must comply with:<br />
3 Application Note: The sending of company confidential information to external entities by Fax is not considered a threat to the TOE.<br />
24<br />
Copyright 2009 <strong>Xerox</strong> Corporation, All rights reserved