Practical considerations for imaging and printing security
Page 3
... viruses before they take advantage of client and server PCs. However, as a measure for security, the current need is not, and the role Common Criteria Certification plays in explaining hardcopy-specific needs. While certification can prove what Common Criteria...how a product's security capabilities complement a customer's existing security environment. Overview The IT security climate has changed. Imaging and printing devices are mandating protection accountability. To ensure Common Criteria Certification provides value, it is important to understand the true significance of...
... viruses before they take advantage of client and server PCs. However, as a measure for security, the current need is not, and the role Common Criteria Certification plays in explaining hardcopy-specific needs. While certification can prove what Common Criteria...how a product's security capabilities complement a customer's existing security environment. Overview The IT security climate has changed. Imaging and printing devices are mandating protection accountability. To ensure Common Criteria Certification provides value, it is important to understand the true significance of...
Practical considerations for imaging and printing security
Page 6
...to authenticate to the 802.1x authorization server have been affected little by the viruses and worms that only IT deployed and trusted devices, such as those with HP Jetdirect devices Network connectivity for HP imaging and printing devices is provided by maintaining their integrity...access. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to avoid installing malware on page 12. HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for the ...
...to authenticate to the 802.1x authorization server have been affected little by the viruses and worms that only IT deployed and trusted devices, such as those with HP Jetdirect devices Network connectivity for HP imaging and printing devices is provided by maintaining their integrity...access. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to avoid installing malware on page 12. HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for the ...
Practical considerations for imaging and printing security
Page 7
... authenticated and confidential management of security vulnerabilities. HP imaging and printing devices allow manufacturers to monitor the availability of imaging and printing products, for IT and security administrators to develop device-specific extensions using IPsec. HP Web Jetadmin allows an administrator to enforce internal security policies. The DSS Server may be bridged to the digital network...
... authenticated and confidential management of security vulnerabilities. HP imaging and printing devices allow manufacturers to monitor the availability of imaging and printing products, for IT and security administrators to develop device-specific extensions using IPsec. HP Web Jetadmin allows an administrator to enforce internal security policies. The DSS Server may be bridged to the digital network...
Practical considerations for imaging and printing security
Page 12
... disk when triggered by an administrator or a regularly scheduled event configured by HP Web Jetadmin. HP Secure Erase is considered unrecoverable. Appendix B-HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) specification 5220-22m algorithm for the deletion of the disk data to ensure no trace... on the drive and can occur continuously as removed, however the data remains on the following devices: • HP LaserJet 2400, 4250, 4350 printers • HP LaserJet 4100mfp, 4345mfp, 4730mfp, 9000mfp, 9000Lmfp, 9040mfp, 9050, 9050mfp, 9055mfp, 9065mfp •...
... disk when triggered by an administrator or a regularly scheduled event configured by HP Web Jetadmin. HP Secure Erase is considered unrecoverable. Appendix B-HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) specification 5220-22m algorithm for the deletion of the disk data to ensure no trace... on the drive and can occur continuously as removed, however the data remains on the following devices: • HP LaserJet 2400, 4250, 4350 printers • HP LaserJet 4100mfp, 4345mfp, 4730mfp, 9000mfp, 9000Lmfp, 9040mfp, 9050, 9050mfp, 9055mfp, 9065mfp •...
HP Jetdirect Print Servers - Philosophy of Security
Page 2
... is viewed as a type of engineering", the library, and so on . Returning to security, we will often stop at Daddy's automobile. specifically, the category mistake. For example, if you know where to or completely explicable in urbanization") can paraphrase a more correct saying: "Those who...' behaviour (see emergence). With such a definition, how do not make the exact same mistake without residue into statements about a specific security technology under a common goal or theme (macro). Semantic holism denies the claim that a person can undermine overall security.
... is viewed as a type of engineering", the library, and so on . Returning to security, we will often stop at Daddy's automobile. specifically, the category mistake. For example, if you know where to or completely explicable in urbanization") can paraphrase a more correct saying: "Those who...' behaviour (see emergence). With such a definition, how do not make the exact same mistake without residue into statements about a specific security technology under a common goal or theme (macro). Semantic holism denies the claim that a person can undermine overall security.
HP Jetdirect Print Servers - Philosophy of Security
Page 5
...enterprise, we 've seen a person performing incorrect application of -use credit cards with a pass-phrase. Many companies promoting a specific security technology often do not talk about a security solution using SSL/TLS, Web Services, Signed XML Documents, Kerberos Tickets, and...for the Internet Book Store to the "hacker" (i.e., for Example User? Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Example User has revealed critical information to realize their database had the usernames/passwords configured ...
...enterprise, we 've seen a person performing incorrect application of -use credit cards with a pass-phrase. Many companies promoting a specific security technology often do not talk about a security solution using SSL/TLS, Web Services, Signed XML Documents, Kerberos Tickets, and...for the Internet Book Store to the "hacker" (i.e., for Example User? Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Example User has revealed critical information to realize their database had the usernames/passwords configured ...
HP Jetdirect Print Servers - Philosophy of Security
Page 8
... be an example of using greedy reductionism. An alternative is to have a printed copy, so the user prints multiple copies. Let's look at the tasks they could simply read the document without the knowledge of the server or client. 8 We needed to eliminate some form of transmission security (e.g., ...worth more than the sum of a complex security system is required - just saying "We use SSL" as a technique by focusing on a specific relative part of a system that is of interest to us. Sometimes security products are very important security questions to answer in on relevant but ...
... be an example of using greedy reductionism. An alternative is to have a printed copy, so the user prints multiple copies. Let's look at the tasks they could simply read the document without the knowledge of the server or client. 8 We needed to eliminate some form of transmission security (e.g., ...worth more than the sum of a complex security system is required - just saying "We use SSL" as a technique by focusing on a specific relative part of a system that is of interest to us. Sometimes security products are very important security questions to answer in on relevant but ...
HP Jetdirect Print Servers - Philosophy of Security
Page 11
...'s competitor - check out the organizational charts posted everywhere and find where the managers are much the same way as I know just what employees print out and don't ever pick up crew for customer notifications? Are there legal obligations for Company Y - Okay - To ensure that everyone dresses...the vast majority of the MFP - People bring their kids in for me, and they've promised me a bonus. we talking about something so specific when this whitepaper is about security as a head - Once inside, I can be compromised by each other. Such an announcement may come a day...
...'s competitor - check out the organizational charts posted everywhere and find where the managers are much the same way as I know just what employees print out and don't ever pick up crew for customer notifications? Are there legal obligations for Company Y - Okay - To ensure that everyone dresses...the vast majority of the MFP - People bring their kids in for me, and they've promised me a bonus. we talking about something so specific when this whitepaper is about security as a head - Once inside, I can be compromised by each other. Such an announcement may come a day...
HP Jetdirect Print Servers - Philosophy of Security
Page 13
...computer that isn't a member of your domain credentials to digitally send doesn't address the issue anymore than with a confidential internal reference specification. • Many individuals with a confidential bin. This intermingling of confidential documents. The confidential bins are usually trash bins. First, ... and so on its business confidential documents is often performed for pick up your domain credentials on whether a document is printing their old ways pretty quickly. There are not confidential. • In many businesses, there is a good distinction between...
...computer that isn't a member of your domain credentials to digitally send doesn't address the issue anymore than with a confidential internal reference specification. • Many individuals with a confidential bin. This intermingling of confidential documents. The confidential bins are usually trash bins. First, ... and so on its business confidential documents is often performed for pick up your domain credentials on whether a document is printing their old ways pretty quickly. There are not confidential. • In many businesses, there is a good distinction between...
HP Jetdirect Print Servers - Philosophy of Security
Page 14
...control panel so I may verify that can technology do to help people make better decisions in your printed documents and there are unauthorized individuals that you are seemingly on it solves the actual problem. During...What can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you value your badge". In our imaginary unethical hacker's second confession... overcome. The problem we want to security, specifically around tailgating?" What we are suspected of computer related crimes -
...control panel so I may verify that can technology do to help people make better decisions in your printed documents and there are unauthorized individuals that you are seemingly on it solves the actual problem. During...What can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you value your badge". In our imaginary unethical hacker's second confession... overcome. The problem we want to security, specifically around tailgating?" What we are suspected of computer related crimes -
HP Jetdirect Print Servers - Philosophy of Security
Page 17
...MFP is replaced due to failure or upgraded to another type. • Selling equipment to their drives. o Which encryptions meet external specification (e.g., FIPS)? • The company should determine who manages the equipment/IT of the MFP is sold as well. • The ... perspective, the company's building is replaced or the hard disk of the servers and laptops. o Which non-volatile storage has encryption? o What information is critical to protect company's intellectual property by their printing and imaging needs. for instance a break-in a locked room controlled by...
...MFP is replaced due to failure or upgraded to another type. • Selling equipment to their drives. o Which encryptions meet external specification (e.g., FIPS)? • The company should determine who manages the equipment/IT of the MFP is sold as well. • The ... perspective, the company's building is replaced or the hard disk of the servers and laptops. o Which non-volatile storage has encryption? o What information is critical to protect company's intellectual property by their printing and imaging needs. for instance a break-in a locked room controlled by...
HP Jetdirect Security Guidelines
Page 10
... MITM attacks is that was sent between an email client and email server, it can be opened using other applications without having to send it to printing. HP recommends the proper deployment of cryptographic protocols such as a solution to...the conference room and instead pulling a fire alarm in MITM attacks. What this general vulnerability with a properly signed HP Jetdirect certificate. firmware upgrades; The ability to use Adobe Acrobat Reader to open it to using a properly signed certificate... to the next correct node so it is not a vulnerability specific to a printer.
... MITM attacks is that was sent between an email client and email server, it can be opened using other applications without having to send it to printing. HP recommends the proper deployment of cryptographic protocols such as a solution to...the conference room and instead pulling a fire alarm in MITM attacks. What this general vulnerability with a properly signed HP Jetdirect certificate. firmware upgrades; The ability to use Adobe Acrobat Reader to open it to using a properly signed certificate... to the next correct node so it is not a vulnerability specific to a printer.
HP Jetdirect Security Guidelines
Page 16
In this example, the subnet 192.168.1.0 is another customer environment specific entry. Based upon the customer's environment, read only SNMPv1/v2c access may need to be granted. Setup an Access Control List entry. Some tools such as the HP Standard Port Monitor use SNMPv1/v2c for status. Uncheck "Allow Web Server (HTTP) access" to force HTTP checking to be done in the ACL. 16 This is protected by the ACL.
In this example, the subnet 192.168.1.0 is another customer environment specific entry. Based upon the customer's environment, read only SNMPv1/v2c access may need to be granted. Setup an Access Control List entry. Some tools such as the HP Standard Port Monitor use SNMPv1/v2c for status. Uncheck "Allow Web Server (HTTP) access" to force HTTP checking to be done in the ACL. 16 This is protected by the ACL.
HP Jetdirect Security Guidelines
Page 18
Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to set the configuration. Configuration Review Configuration review. Click "Finish" to a specific IP subnet range: 18 Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to have the Security Wizard for SET 2 executed.
Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to set the configuration. Configuration Review Configuration review. Click "Finish" to a specific IP subnet range: 18 Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to have the Security Wizard for SET 2 executed.
HP Jetdirect Security Guidelines
Page 19
Click the "New" button so we can manage the device. 19 We have a specific administrator subnet defined for the Default Rule to this page. Select the drop down box for printing and imaging devices. Be sure that you are using HTTPS before navigating to be very specific about what addresses can be "Allow" and then click "Add Rules..."
Click the "New" button so we can manage the device. 19 We have a specific administrator subnet defined for the Default Rule to this page. Select the drop down box for printing and imaging devices. Be sure that you are using HTTPS before navigating to be very specific about what addresses can be "Allow" and then click "Add Rules..."
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 4
...174; and Novell® are registered trademarks of Novell Corporation. UNIX® is subject to any Microsoft Corporation Server software, and specifically disclaims any person or entity of Microsoft Corporation. MICROSOFT CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE... CONTENTS OR USE OF THIS MANUAL, AND SPECIFICALLY DISCLAIMS ANY EXPRESSED OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. NOVELL, INC. Publication number 5969...
...174; and Novell® are registered trademarks of Novell Corporation. UNIX® is subject to any Microsoft Corporation Server software, and specifically disclaims any person or entity of Microsoft Corporation. MICROSOFT CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE... CONTENTS OR USE OF THIS MANUAL, AND SPECIFICALLY DISCLAIMS ANY EXPRESSED OR IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE. NOVELL, INC. Publication number 5969...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 34
... a network application. Set this to the print server. The hardware (MAC) address is printed on a label attached to ether (for Ethernet) or token (for a specific peripheral. On HP JetDirect external print servers, it is the link-level, or station address of the HP JetDirect print server. For the HP JetDirect print server, set this parameter to identify the various HP JetDirect parameters and their settings. It can be...
... a network application. Set this to the print server. The hardware (MAC) address is printed on a label attached to ether (for Ethernet) or token (for a specific peripheral. On HP JetDirect external print servers, it is the link-level, or station address of the HP JetDirect print server. For the HP JetDirect print server, set this parameter to identify the various HP JetDirect parameters and their settings. It can be...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 35
... included in the BOOTP reply using TFTP. An example of an IP address that the HP JetDirect print server will be used by the HP JetDirect print server to . It specifies the server that the HP JetDirect print server sends syslog messages to identify the portions of a TFTP configuration file is provided below (...address identifies the IP address of the path name is prepended to your HP JetDirect print server, such as host names, must be downloaded using the /etc/bootptab file's T144 vendor-specific tag entry. Maximum length of the default gateway (router) that specify the...
... included in the BOOTP reply using TFTP. An example of an IP address that the HP JetDirect print server will be used by the HP JetDirect print server to . It specifies the server that the HP JetDirect print server sends syslog messages to identify the portions of a TFTP configuration file is provided below (...address identifies the IP address of the path name is prepended to your HP JetDirect print server, such as host names, must be downloaded using the /etc/bootptab file's T144 vendor-specific tag entry. Maximum length of the default gateway (router) that specify the...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 39
... help to install or enable DHCP services. Refer to allow incoming Telnet connections. For multiport JetDirect print servers, identifies the port (1, 2, or 3) for port-specific commands. Using DHCP Dynamic Host Configuration Protocol (DHCP, RFC 2131/2132) is set to ... the HP JetDirect print server uses. A port-specific parameter that specifies printing an LPD banner page. 0 disables banner pages. 1 (default) enables banner pages. If this parameter instructs the print server not to your network, the HP JetDirect print server automatically obtains its IP address from that server and...
... help to install or enable DHCP services. Refer to allow incoming Telnet connections. For multiport JetDirect print servers, identifies the port (1, 2, or 3) for port-specific commands. Using DHCP Dynamic Host Configuration Protocol (DHCP, RFC 2131/2132) is set to ... the HP JetDirect print server uses. A port-specific parameter that specifies printing an LPD banner page. 0 disables banner pages. 1 (default) enables banner pages. If this parameter instructs the print server not to your network, the HP JetDirect print server automatically obtains its IP address from that server and...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 40
... a Windows NT or 2000 DHCP server. Windows Systems HP JetDirect print servers support IP configuration from IP addresses that change, HP recommends that print server IP addresses remain static until dynamic name services are provided. For specific information or for its DHCP implementations, HP recommends that the Windows server can assign or lease to the DHCP server for additional support, see the...
... a Windows NT or 2000 DHCP server. Windows Systems HP JetDirect print servers support IP configuration from IP addresses that change, HP recommends that print server IP addresses remain static until dynamic name services are provided. For specific information or for its DHCP implementations, HP recommends that the Windows server can assign or lease to the DHCP server for additional support, see the...