Networking and connectivity Frequently Asked Questions for the Connect+ Series, SendPro P

• What OS does this device run?
• What controls are in place to protect this device against network-based malware (viruses/worms) threats?
• Does it have a firewall?
• Who controls the firewall rules?
• How are the firewall rules configured?
• What is the security patch process?
• What anti-virus controls does Connect+ Series, SendPro P use?
• What is the software update process, and how often does this occur?
• What is the network traffic flow to and from the Connect+ Series, SendPro P system? What firewall rules need to be in place to allow the necessary communication?
• Can you identify suspicious activity affecting Connect+ Series, SendPro P?
• What are the access controls in place to secure Connect+ Series, SendPro P?
• How do you authenticate an individual? A service?
• Are there audit trails in place?
• Is data stored on the device?
• What controls protect the data?
• Does the Connect+ Series, SendPro P allow remote administration?

What OS does this device run?

SUSE Linux Sled 11.

What controls are in place to protect this device against network-based malware (viruses/worms) threats?

Controls include:

• White list of URL’s.
• HTTPS.
• Anti Virus Software.
• Only executes services needed to perform activities.
• OS distribution has been optimized and locked down.

Does it have a firewall?

Yes.

Who controls the firewall rules?

Pre-configured and not modifiable.

How are the firewall rules configured?

Allow only the ports HTTP, HTTPS and DNS.

What is the security patch process?

Connect+ Series, SendPro P security patches are applied by emergency updates via Pitney Bowes only, and on a regular schedule through Pitney Bowes services.

What anti-virus controls does Connect+ Series, SendPro P use?

ClamAv is installed on every system. AV signature updates regularly updated.

What is the software update process, and how often does this occur?

As required, in some cases monthly.

What is the network traffic flow to and from the Connect+ Series, SendPro P system? What firewall rules need to be in place to allow the necessary communication?

• Outgoing contact initiated (no push) utilizing HTTPS, URLs provided by Pitney Bowes services.
• Outgoing - transactional data.
• Incoming is both transactional data and files and Web Services.

Can you identify suspicious activity affecting Connect+ Series, SendPro P?

Yes. An audit process exists to validate the financial integrity of the system. Error logs are available and can be uploaded to the Pitney Bowes Data Center.

• Regularly scheduled physical visits from Pitney Bowes Service.

What are the access controls in place to secure Connect+ Series, SendPro P?

The application access is managed by the customer using User IDs and passwords. Unique, cryptographically strong passwords for each machine restricts access to the operating system.

How do you authenticate an individual? A service?

The application access is managed by the customer using User IDs and passwords. The Connect+ Series, SendPro P does not provide services over a network so authentication not required.

Are there audit trails in place?

Yes. PSD transactional audits, extensive logs all financial transactions are audited by the Pitney Bowes infrastructure. The Connect+ Series, SendPro P logs all error conditions, and maintains ink usage logs, print usage logs, etc.

Is data stored on the device?

Yes. The Connect+ Series, SendPro P stores transactional data, graphic images, customer profiles and settings, files (rates, etc.).

What controls protect the data?

All files and data interface utilizing HTTPS. Incoming data and files are signed and verified prior to use. If consumed by the printer, it is verified on each use. If used by the application, it is verified on load.

Does the Connect+ Series, SendPro P allow remote administration?

Pitney Bowes will use TeamViewer to troubleshoot system problems remotely. The end user will initiate the session using a special code.