For over 100 years, Xerox has provided the very best in document and business technology including printers, copiers, publishing systems, software, and IT outsourcing. Our staff is committed to unsurpassed customer satisfaction and environmental sustainability.

Whether your business is large or small, Advanced Xerographics and Xerox would like the opportunity to assess your needs and show you the benefits of a Xerox solution. Advanced Xerographics Authorized Xerox Sales Agency for Lake and Mendocino Counties

Advanced Xerographics
Authorized Xerox Sales Agency for Lake and Mendocino Counties
307 S. Main St.
Ukiah, CA 95482


Product Security

At Xerox, security issues are front and center. As a leader in the development of digital technology, Xerox has demonstrated a commitment to keeping digital information safe and secure by identifying potential vulnerabilities and proactively addressing them to limit risk. Customers have responded by looking to Xerox as a trusted provider of secure solutions with many standard and optional security features.
Xerox production devices are, of course, designed for speed and include high output features. Xerox office devices are the highest-speed devices in the industry to receive Common Criteria Certification. Several of Xerox Corporation’s high-speed digital copiers and advanced multifunction devices have become the fastest office devices in the industry to earn the international standard in information security. You may review the Xerox devices that have achieved or are being evaluated for Common Criteria on our Common Criteria page.

These devices join a long list of Xerox mid-speed office products to make it even easier for customers to meet their document production needs and the strict security requirements in the government, military, healthcare, legal and financial sectors. Specific security features on Xerox devices include:

Image Overwrite Option: The Image Overwrite security option electronically shreds information stored on the hard disk of devices as part of routine job processing. Electronic erasure can be performed automatically at job completion (Immediate), On Demand, and on some models Scheduled. The Xerox Image Overwrite security process implements a three-pass algorithm originally specified by the U.S. Department of Defense.

Data Encryption: All data in motion in and out of the device, as well as data stored within the device, is secured with state of the art encryption. Most Xerox devices support several different protocols for encrypting data in motion in and out of the device including SSL and IP Security (IPSec). Note that scanning, printing, and access to the Web/remote user interface can be secured with either SSL/TLS or IPSec.

Access Security Software Page - Unified ID System integrates your Xerox multifunction systems with your existing employee/student ID badge solution to provide a flexible and convenient authentication system. Users simply log-in with a swipe of their magnetic or proximity ID card for secure access to MFP system functions that need to be tracked for accounting or regulatory requirements.

Embedded Fax: While firewalls work at the network periphery to prevent unauthorized access to a customer's environment, unprotected fax connections in multifunction devices can be an open "back door" into the network. Xerox was the first manufacturer to offer a Common Criteria certified product that assures complete separation of the fax telephone line and the network connection, and continues to include that claim in all product certifications.

Xerox Standard Accounting: When enabled on Xerox office printers and multifunction devices, this feature monitors the print, copy, scan and fax pages produced and who produces them. Administrators can limit the number of print, copy, scan and fax jobs a user can perform, track activity at a user, group or department level, and manage access to color copying and printing.

User Authorization: Use of device functions (e.g., scan, e-mail and fax) can be restricted by user and by function according to access control lists set by the System Administrator.

Secure Print: When sending a job from a print driver or using the web print submission tool, the user selects the Secure Print method and enters a unique PIN number. Jobs are sent and safely stored at the device until the user enters that same unique PIN to release them. This controls unauthorized viewing of hard copy documents sent to the printer.

Extensible Interface Platform® (EIP): A labor saving feature for office and multifunction devices, this allows document-related software applications to be accessed on the user interface to improve workflow and minimize time at the device.

Removable Hard Disk Drive Accessory/Kit: Removable Hard Drive Kits are only supported on some Production High Volume systems which allow the System Administrator to quickly and easily remove hard drives and lock them up. This eliminates the risk of unauthorized access when the device is unattended or is powered off at end of day. This capability is helpful for customers who print data that is subject to legal regulations (e.g., HIPAA, PCI) or might have a Variable Input Printing database containing sensitive information.

Access Control: Most customers need to restrict access to a device to a limited set of authorized users and Operators. Xerox production devices include access control features such as:
  • Authentication Feature: This feature ensures that only properly authorized users are permitted to use a Production device. Any type of interaction between a user and a Xerox production device is associated with a security account. The association, or logon session, is the basis for granting access to any user. Once the logon session is established, the user can interact with the printer or access customer data, subject to restrictions based on the user's Role.
  • Role Based Access Control (RBAC): The RBAC feature ensures that authenticated users are assigned to a role of User, Operator, or Administrator. Each role has associated privileges with appropriate levels of access to features, jobs and print queue attributes.
  • Microsoft Active Directory Services: The Microsoft Active Directory Services (ADS) feature enables the device to authenticate user accounts against a centralized user account database, instead of exclusively using the user account database that is managed locally at the device.
Network Security:
Many Xerox devices also include features to protect the printer from unauthorized remote access and to protect the confidentiality of “data in motion”, specifically customer jobs which are transmitted to the printer over a network. These features include:
  • IPFiltering: Internet Protocol (IP) Filtering capability enables a system administrator to restrict access to the device to a limited set of IP addresses. This provides a defense against remote attackers. Computers whose IP addresses are outside of the allowed set are not permitted to access the device.
  • IPSec: Internet Protocol (IP) Security enables the digital front end or printer device to authenticate remote users and requires these users to encrypt the data transmitted using legacy print protocols such as LPR and Port 9100. IPSec is supported by a variety of PC operating systems including all modern versions of Microsoft Windows.
  • Secure Socket Layer/Transport Layer Security (SSL/TLS): The SSL/TLS feature provides protection of customer confidential data transmitted over a network when using the HTTP protocol (e.g., Web Print client).
  • Digital Certificate: The Digital Certificate feature enables the system administrator to create a self-signed digital certificate, or import a digital certificate signed by a Certificate Authority (e.g., RSA, VeriSign). A digital certificate enables print clients to authenticate a printer/print server and to encrypt data using SSL/TLS.
  • Network Authentication: Access to device functions (e.g., scan, e-mail and fax) is restricted by validating network user names and passwords prior to use of these functions.
  • 802.1x Device Authentication: Office devices implement the 802.1x standard. This allows the device to be authenticated on a network before the network will allow any network traffic to pass to or from the device. This stops rogue devices from infiltrating the network.