• Network controller• PostScript printing subsystem• Fax subsystem

• Web server interface• Operating system• Scanner

• User interface• Internal disk drive• Marking engine

Document security means peace of mind.One of the hallmarks of the Xerox multifunction productline is a commitment to information security. Oursystems, software, and services comprehend andconform to recognized industry standards and thelatest governmental security regulations.

Document SecurityXerox CopyCentre®/ WorkCentre® /WorkCentre® Pro232/238/245/255/265/275

security features

Information is yourcompany’s greatestasset. Xerox can help you keep it safe.

ConfidentialityNo unauthorized disclosure of data during processing,transmission, or storage

Non-RepudiationAn entity cannot denyhaving sent or receiveda message

IntegrityNo unauthorized alteration of data

AvailabilityNo denial of service for authorized users

AccountabilityActions of an entity can be traced directly to that entity

Key Security Goals

CopyCentre®

232/238/245/255/265/275

WorkCentre®

232/238/245/255265/275

WorkCentre®Pro232/238/245/255

265/275

Certified secureThe WorkCentre / WorkCentre Pro 232/238/245/255/265/275 products have received the Common Criteria certification administered by NIAP (National Information Assurance Partnership).* Xerox is the only manufacturer to certify complete products, not kits or subsets of functionality. The certification scope includes these major components:

R

*The product enhancements described in this brochure are in the process of re-certification

CopyCentre®

232/238/245/255265/275

WorkCentre®

232/238/245/255265/275

WorkCentre®Pro232/238/245/255

265/275

www.xerox.com/office

Security Features• User Authentication Restricts access to scan, email, and network fax features by first validating

user names and passwords.

- Network Authentication When used with Scan to Email, will cause the “From” address to beautomatically populated with the logged-in user’s name. This field cannot be edited oncea user is validated.

- Xerox Standard Accounting on WorkCentre / WorkCentre Pro* manages access to andutilization of copy/print/fax/scan by user or group.

- Systems Administrator Authentication with Device Access Password Protection ensuresadministrative set-up screens and remote network settings cannot be viewed or alteredwithout a PIN.

• Audit Log Internal to the device. Tracks who did what (printing, scanning, network faxing)and when (date and time stamp).

• Device/Network Management

- Certificate-based security using HTTPS (SSL)SSL provides a secure link to the Web User Interface (CentreWare Internet Services).

- SNMP V3 provides encrypted network management communications with the device.Supported by CentreWare Web and other popular management tools.

• Secure Scanning

- Secure channel for scan file transmission using HTTPS (SSL).

- Certificate-based security using HTTPS (SSL).

• Print Channel Encryption Secure channel for print job submission utilizing IPSec.

• Built-in Firewall Controls communications with specific network clients based on IP address and/or port number filtering rules.

• Secure Print Prevents unauthorized viewing of hard-copy output by holding jobs in queue until a PIN is entered.

*Note: For Copy Centre, this enables the internal auditron feature to manage access and utilization for copy.

Fax and NetworkSeparation While firewalls preventunauthorized access to asystem through the networkconnection, unprotected faxconnections in multifunctiondevices can be a back doorinto the network. Xerox is thefirst manufacturer to obtainthird-party assurance viaCommon Criteria Certificationthat fax and network linesare separated. This assures

complete separation of thefax telephone line and the network connection.

CopyCentre®

232/238/245/255265/275

WorkCentre®

232/238/245/255265/275

WorkCentre®Pro232/238/245/255

265/275

www.xerox.com/office

What’s new in WorkCentre / WorkCentre ProXerox manufactures the most secure products on the market – and now the WorkCentre / WorkCentre Promultifunction systems have become even more secure thanks to these enhancements*:

• The IEEE 802.1x protocol provides a more effective method of controlling all network traffic and ensuring the securityof wired and wireless connections.

• Use a master key to initiate a data-encryption process called Temporal Key Integrity Protocol (TKIP). TKIP fixes WEP(802.11b) weaknesses by deriving new encryption keys from the master key, then varying them. The same encryptionkey is never used twice.

• LDAP Authentication/Secure LDAP via SSL. Secure login to LDAP using authenticated user credentials over an encryptedSSL channel.

• Enhancement to the optional Image Overwrite Protection (see sidebar). Users can now schedule the time of day foron-demand overwrite to occur.

• Simple Disk Encryption (WorkCentre Pro only): The hard disk has been partitioned and encrypted to support secure datastorage for the scan-to-mailbox and store print/reprint features.

• Xerox Secure Access Unified ID System™**: The new and convenient way to enhance device and document securityand provide a method for IT to monitor activity for all device features. (See next page.)

Image OverwriteProtection OptionThis feature electronically “shreds”data stored on the machine’s harddisk during routine printing, scan-ning, copying or faxing. Electronicremoval of data can be performedautomatically after every job or on request. Data is overwrittenusing a 3-Pass algorithm specifiedin U.S. Department of DefenseDirective 5200.28-M. Xerox is the only manufacturer following apublished standard method ofdata removal.

* These enhancements are not included in the Common Criteria Security Option. Contact your sales representative for more information on ordering a Common Criteria Certified configuration.

**Secure Access Unified ID System will be available post-launch.

CopyCentre®

232/238/245/255265/275

WorkCentre®

232/238/245/255265/275

WorkCentre®Pro232/238/245/255

265/275

Introducing Xerox Secure Access Unified ID System™*

In today’s regulatory climate, businesses need sophisticated ways of safeguarding their data – and the ability totrack it. In addition, many organizations rate network security as their foremost IT challenge. IT managers are lookingfor ways to protect all assets on their network. Multifunction systems are a logical place to secure networks, enhancedocument information security, and generate activity logs.To meet these needs, Xerox developed Network Authentication. To use this feature, users log in at the multifunctiondevice with their network credentials. While a satisfactory and secure solution, some environments require a moreconvenient and streamlined method for gaining access to all of the device features. This is why Xerox took the nextstep and created Xerox Secure Access, which gives organizations with an existing card-based ID infrastructure aquick and easy method of identifying users at the MFP. Users gain access to the device with one swipe of their IDbadge. For an extra layer of security, a PIN or password may be required. They are entered at the device.

How it worksThe Secure Access identification solution has two simple parts:

• Secure Access administration software, loaded on the business’ server, handles device and user configuration and isresponsible for authenticating users on the network.

• A controller-and-card combination attached to any WorkCentre / WorkCentre Pro 232/238/245/255/265/275 device

The Secure Access solution leverages an organization’s existing ID infrastructure without impact existing systems. WithSecure Access in place, a single identification step will log the user into the device for access to all walk-up features. All communication to and from the multifunction system,card reader, and authentication server will be secured using industry-standard encryptionmechanisms.

Added benefitsGain flexibility with Follow-you print With Secure Access in place, users can securely release print jobs at any device in theirprinter environment by swiping their ID card. We call this Follow-you print. Users havethe option of submitting print jobs to a secure print queue, then printing them at theirdevice of choice. This system minimizes document output costs and hard-copy waste,since users print only what they want and collect everything they print.

Save user timeSecure Access saves steps by giving the multifunction system the ability to pre-popu-late certain data fields, based on the user’s credentials presented at sign-in. For example,the device will auto-fill the “to” and “from” fields when using scan-to-email.

Save IT timeSecure Access is easily administered using a task-based management console and seam-lessly integrates with the customer’s existing network card-identification infrastructure.

Security in action: Privacyand health careXerox Secure Access can help any publiccompany protect sensitive records. Thehealth-care industry, for example, mustcope with stringent privacy regulations.Health-care companies must complywith HIPAA (the Health InsurancePortability and Accountability Act of1996). HIPAA standards were designedto protect confidential information foundin patient medical records.

Multifunction systems are tightly integrated in health-care businessprocesses, handling increasing volumesof sensitive documents. Under HIPAA,a printed document may be a violationonce it arrives in the device’s output trayif it contains patient information. Health-care organizations can protect theirprinted output through Xerox SecureAccess, which conveniently securesdocuments through its ID-card secure-print release feature.

www.xerox.com/office

© 2006 Xerox Corporation. All rights reserved. Xerox®, CopyCentre® and WorkCentre® Pro are registered trademarks of Xerox Corporation. Product information is subject to change without notice. 10/06 610P726400A W7XFS-03UB

*Secure Access Unified ID System will be available post-launch.