Networking and connectivity Frequently Asked Questions for the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto
Find the answers to frequently asked questions about networking and connectivity.
Products affected: SendPro® C Lite, SendPro® C, SendPro®+, SendPro® C Auto (2H00, 8H00, 9H00)
- Operating system
- Postal usage data
- Firewall information
- Software updates
- What OS does this device run?
For SendPro C200, SendPro C300, SendPro C400 (Product Code Number: 1H00 and 2H00): Either Android 6.1, 7.0 or 9.0.
For SendPro C Lite, SendPro C, SendPro+, SendPro C Auto (Product Code Number: 7H00, 8H00, 9H00): Either Android 7.0 or 9.0.
- How are updates to the Android Operating System performed?
PB uses a 3rd party Over The Air (OTA) tool that securely downloads updates to registered machines.
- Why are both ports 80 and 443 in use?
All critical funds related or core mailing and shipping services only use port 443. Some of the non-critical services use port 80 (examples: online read-only Help System content, or non-PB sites for tracking services site).
- What controls are in place to protect this device against network-based malware threats?
- White list of URLs.
- Only executes services needed to perform activities.
- OS distribution has been optimized and locked down.
- What information is being sent and presumably stored at Pitney Bowes?
PB collects postal usage data that is required for SendPro C Lite, SendPro C, SendPro+, SendPro C Auto reporting. This includes items such as Class of Mail, Weight, use of special service fees, mailing date etc. No Personal Identifiable Information (PII) is collected or used. We also collect machine health information such as Software version numbers, errors reported etc.
- If information is being stored, how is it being stored? Please describe the protections in place.
Postal usage information is stored in a special application and database, which is reviewed by SendPro C Lite, SendPro C, SendPro+, SendPro C Auto prior to our Postage Meter Approval. Machine Health information is stored in Amazon Web Services, but is uploaded through a TLS connection and authenticated using machine resident credentials. Again, no PII information is collected or stored there.
- Does it have a firewall?
- How are the firewall rules configured?
Allow only the ports HTTP, TLS and DNS.
- What firewall rules need to be in place to allow the necessary communication?
- Outgoing - transactional data.
- Incoming is both transactional data and files and Web Services.
- What is the security patch process?
SendPro C Lite, SendPro C, SendPro+, SendPro C Auto security patches are applied by emergency updates via Pitney Bowes only, and on a regular schedule through Pitney Bowes services.
- Can you identify suspicious activity affecting SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
Yes. An audit process exists to validate the financial integrity of the system. Error logs are available and can be uploaded to the Pitney Bowes Data Center.
- Are there audit trails in place?
Yes. PSD transactional audits, extensive logs and all financial transactions are audited by the PB infrastructure. SendPro C Lite, SendPro C, SendPro+, SendPro C Auto logs all error conditions, and maintains ink usage logs, print usage logs, etc.
- How do you authenticate an individual or a service?
Create Shipping Labels app access is managed by the customer using User IDs and passwords to authenticate.
- What are the access controls in place to secure SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
The application access is managed by the customer using an access code. The system operates in a Kiosk mode where access to the underlying Android operating system is prevented.
- What is the software update process, and how often does this occur?
As required with periodic feature additions and bug fixes.
- What is the network traffic flow to and from the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto device?
Outgoing contact initiated (no push) utilizing TLS, URLs provided by Pitney Bowes services.
- Is data stored on the device?
Yes. SendPro C Lite, SendPro C, SendPro+, SendPro C Auto stores transactional data, graphic images, customer profiles and settings, files (rates, etc.). Transactional usage data is uploaded and then deleted when confirmed upon receipt by Pitney Bowes Infrastructure over TLS channel.
- What controls protect the data?
All files and data interface utilizing TLS. Incoming data and files are signed and verified prior to use. If consumed by the printer, it is verified on each use. If used by the app, it is verified on load.
- Does the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto allow remote administration?
Pitney Bowes will use TeamViewer to troubleshoot system problems remotely. The end user will initiate the session using a special session code which is generated by the TeamViewer app and changes each session.
- Is TeamViewer required?
No, it is not required, but it is recommended. It is configured to not run until the end user activates it with a special one-time session code. The session code changes for each system and each activation. The special session code is provided by the call center to the end user, once they have called the center and provided specific information that also changes for the session.
UPDATED: June 23, 2023