Networking and connectivity Frequently Asked Questions for the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto
- What OS does this device run?
- How are updates to the Android Operating System performed?
- Why are both ports 80 and 443 in use? Please detail what information is being sent over port 80 and if it is required.
- What controls are in place to protect this device against network-based malware threats?
- What information is being sent and presumably stored at Pitney Bowes?
- If information is being stored, how is it being stored? Please describe the protections in place.
- Does it have a firewall?
- How are the firewall rules configured?
- What is the security patch process?
- What is the software update process, and how often does this occur?
- What is the network traffic flow to and from the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto device?
- What firewall rules need to be in place to allow the necessary communication?
- Can you identify suspicious activity affecting SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
- What are the access controls in place to secure SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
- How do you authenticate an individual or a service?
- Are there audit trails in place?
- Is data stored on the device?
- What controls protect the data?
- Does the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto allow remote administration?
- Is TeamViewer required?
For SendPro C200, SendPro C300, SendPro C400 (Product Code Number: 1H00 and 2H00): Either Android 6.1, 7.0 or 9.0
SendPro C Lite, SendPro C, SendPro+, SendPro C Auto (Product Code Number: 7H00, 8H00, 9H00): Either Android 7.0 or 9.0
How are updates to the Android Operating System performed?
PB uses a 3rd party Over The Air (OTA) tool that securely downloads updates to registered machines.
Why are both ports 80 and 443 in use? Please detail what information is being sent over port 80 and if it is required.
All critical funds related or core mailing and shipping services only use port 443. Some of the non-critical services use port 80 (examples: online read-only Help System content, or non-PB sites for tracking services site).
What controls are in place to protect this device against network-based malware threats?
Controls include:
- White list of URLs.
- TLS.
- Only executes services needed to perform activities.
- OS distribution has been optimized and locked down.
What information is being sent and presumably stored at Pitney Bowes?
PB collects postal usage data that is required for SendPro C Lite, SendPro C, SendPro+, SendPro C Auto reporting. This includes items such as Class of Mail, Weight, use of special service fees, mailing date etc. No Personal Identifiable Information (PII) is collected or used. We also collect machine health information such as Software version numbers, errors reported etc.
If information is being stored, how is it being stored? Please describe the protections in place.
Postal usage information is stored in a special application and database, which is reviewed by SendPro C Lite, SendPro C, SendPro+, SendPro C Auto prior to our Postage Meter Approval. Machine Health information is stored in Amazon Web Services, but is uploaded through a TLS connection and authenticated using machine resident credentials. Again, no PII information is collected or stored there.
No
How are the firewall rules configured?
Allow only the ports HTTP, TLS and DNS.
What is the security patch process?
SendPro C Lite, SendPro C, SendPro+, SendPro C Auto security patches are applied by emergency updates via Pitney Bowes only, and on a regular schedule through Pitney Bowes services.
What is the software update process, and how often does this occur?
As required with periodic feature additions and bug fixes.
What is the network traffic flow to and from the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto device?
Outgoing contact initiated (no push) utilizing TLS, URLs provided by Pitney Bowes services.
What firewall rules need to be in place to allow the necessary communication?
- Outgoing - transactional data.
- Incoming is both transactional data and files and Web Services.
Can you identify suspicious activity affecting SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
Yes. An audit process exists to validate the financial integrity of the system. Error logs are available and can be uploaded to the Pitney Bowes Data Center.
What are the access controls in place to secure SendPro C Lite, SendPro C, SendPro+, SendPro C Auto?
The application access is managed by the customer using an access code. The system operates in a Kiosk mode where access to the underlying Android operating system is prevented.
How do you authenticate an individual or a service?
Create Shipping Labels app access is managed by the customer using User IDs and passwords to authenticate.
Are there audit trails in place?
Yes. PSD transactional audits, extensive logs and all financial transactions are audited by the PB infrastructure. SendPro C Lite, SendPro C, SendPro+, SendPro C Auto logs all error conditions, and maintains ink usage logs, print usage logs, etc.
Yes. SendPro C Lite, SendPro C, SendPro+, SendPro C Auto stores transactional data, graphic images, customer profiles and settings, files (rates, etc.). Transactional usage data is uploaded and then deleted when confirmed upon receipt by Pitney Bowes Infrastructure over TLS channel.
What controls protect the data?
All files and data interface utilizing TLS. Incoming data and files are signed and verified prior to use. If consumed by the printer, it is verified on each use. If used by the app, it is verified on load.
Does the SendPro C Lite, SendPro C, SendPro+, SendPro C Auto allow remote administration?
Pitney Bowes will use TeamViewer to troubleshoot system problems remotely. The end user will initiate the session using a special session code which is generated by the TeamViewer app and changes each session.
No, it is not required, but it is recommended. It is configured to not run until the end user activates it with a special one-time session code. The session code changes for each system and each activation. The special session code is provided by the call center to the end user, once they have called the center and provided specific information that also changes for the session.
UPDATED: September 12, 2022