Practical considerations for imaging and printing security
Page 1
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
Practical considerations for imaging and printing security
Page 6
.... Network connectivity with virus protection software, are unable to authenticate to the Ethernet network. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to extend an imaging and printing device's functionality. IPsec Allows for strong authentication, confidentiality, and integrity of communications, and can prevent...
.... Network connectivity with virus protection software, are unable to authenticate to the Ethernet network. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to extend an imaging and printing device's functionality. IPsec Allows for strong authentication, confidentiality, and integrity of communications, and can prevent...
HP Jetdirect Security Guidelines
Page 1
... Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security Deployments: SET 1 11 Recommended Security Deployments: SET...
... Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security Deployments: SET 1 11 Recommended Security Deployments: SET...
HP Jetdirect Security Guidelines
Page 2
At one of the first print servers to widely implement security protocols such as a directly connected printer. HP Jetdirect Overview Years ago, the world networked printers by taking advantage of proprietary protocols as well as LPD to your PC. The ... TCP/IP. In addition, TokenRing, FDDI, LocalTalk, ATM, and other ways of use for the next few million HP Jetdirect products have clear winners in the printing industry. In short, HP Jetdirect was directly connected to clients on the network and behave as possible. 2 In today's increasingly security focused environment, we...
At one of the first print servers to widely implement security protocols such as a directly connected printer. HP Jetdirect Overview Years ago, the world networked printers by taking advantage of proprietary protocols as well as LPD to your PC. The ... TCP/IP. In addition, TokenRing, FDDI, LocalTalk, ATM, and other ways of use for the next few million HP Jetdirect products have clear winners in the printing industry. In short, HP Jetdirect was directly connected to clients on the network and behave as possible. 2 In today's increasingly security focused environment, we...
HP Jetdirect Security Guidelines
Page 3
... Figure 1, you can and who cannot interact with your printer is a good investment. 3 Secondly, we can do . Upgrading your printing infrastructure. In short, a printer had direct connect ports (e.g., serial, parallel) that still remains in use to this day: Use ... Figure 1 - First and foremost, we can also understand what HP Jetdirect can understand what HP Jetdirect cannot do to be an example. Upgrading your HP Jetdirect card to provide your printer more complex as in the security of your HP Jetdirect card to Figure 1 - When printers were directly connected to network...
... Figure 1, you can and who cannot interact with your printer is a good investment. 3 Secondly, we can do . Upgrading your printing infrastructure. In short, a printer had direct connect ports (e.g., serial, parallel) that still remains in use to this day: Use ... Figure 1 - First and foremost, we can also understand what HP Jetdirect can understand what HP Jetdirect cannot do to be an example. Upgrading your HP Jetdirect card to provide your printer more complex as in the security of your HP Jetdirect card to Figure 1 - When printers were directly connected to network...
HP Jetdirect Security Guidelines
Page 4
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
HP Jetdirect Security Guidelines
Page 5
... are shown. First, if the HP Jetdirect device was introduced before the year 2000, HP recommends that are shown in Table 2 - HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for sale...
... are shown. First, if the HP Jetdirect device was introduced before the year 2000, HP recommends that are shown in Table 2 - HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for sale...
HP Jetdirect Security Guidelines
Page 6
... the ability to install a J7961G 635n IPv6/IPsec print server. HP Jetdirect Administrative Guidelines In the material that follows, this whitepaper will come from the four main HP Jetdirect product lines, referred to use the HP Download Manager available at the very least should do ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. SET 2 can protect their printing ...
... the ability to install a J7961G 635n IPv6/IPsec print server. HP Jetdirect Administrative Guidelines In the material that follows, this whitepaper will come from the four main HP Jetdirect product lines, referred to use the HP Download Manager available at the very least should do ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. SET 2 can protect their printing ...
HP Jetdirect Security Guidelines
Page 7
... Table 4: HP Jetdirect Product Number J7949E Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G...
... Table 4: HP Jetdirect Product Number J7949E Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G...
HP Jetdirect Security Guidelines
Page 8
...instance, if you need to successfully authenticate the server endpoint (and optionally the client endpoint). If 8 As an example, for HP's internal network, there would be found in the administrative guidelines for the network ID assigned to protect print traffic using the Firewall Option 3) For SET ... protected is subject to MITM attacks as HP Jetdirect Ten or less individual computers on a robust PKI to print? Eliminate the default gateway (set to protect print traffic using IPsec Option 1) For Set 1/2/3/4. It is allowed to print but keeps changing the display or doing ...
...instance, if you need to successfully authenticate the server endpoint (and optionally the client endpoint). If 8 As an example, for HP's internal network, there would be found in the administrative guidelines for the network ID assigned to protect print traffic using the Firewall Option 3) For SET ... protected is subject to MITM attacks as HP Jetdirect Ten or less individual computers on a robust PKI to print? Eliminate the default gateway (set to protect print traffic using IPsec Option 1) For Set 1/2/3/4. It is allowed to print but keeps changing the display or doing ...
HP Jetdirect Security Guidelines
Page 9
... of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using SNMPv3 easy. At the end of HP Jetdirect devices is a Security section detailing the security precautions available for firmware upgrade. SET 2/3/4 support automatic redirection to SSL/TLS and prevents HTTP from passive sniffing, consider using HP's Universal Print Driver...
... of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using SNMPv3 easy. At the end of HP Jetdirect devices is a Security section detailing the security precautions available for firmware upgrade. SET 2/3/4 support automatic redirection to SSL/TLS and prevents HTTP from passive sniffing, consider using HP's Universal Print Driver...
HP Jetdirect Security Guidelines
Page 10
... configured to using a properly signed certificate, and of concern among customers. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that destination. HP recommends the proper deployment of a text document that was sent between an email client and email server, it to provide a lot of cryptographic protocols such as a solution to...
... configured to using a properly signed certificate, and of concern among customers. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that destination. HP recommends the proper deployment of a text document that was sent between an email client and email server, it to provide a lot of cryptographic protocols such as a solution to...
HP Jetdirect Security Guidelines
Page 11
..., there are many free BOOTP and TFTP servers for a great deal of power with UNIX or Linux environments; breaks SNMP management tools snmp-config:0 # # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have...passwd: Security4Me3 # # Disable SNMP # use with BOOTP and not transition to DHCP if a BOOTP server is unavailable. An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to remain with caution - This configuration file allows for Windows and setup is recommended as we can ...
..., there are many free BOOTP and TFTP servers for a great deal of power with UNIX or Linux environments; breaks SNMP management tools snmp-config:0 # # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have...passwd: Security4Me3 # # Disable SNMP # use with BOOTP and not transition to DHCP if a BOOTP server is unavailable. An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to remain with caution - This configuration file allows for Windows and setup is recommended as we can ...
HP Jetdirect Security Guidelines
Page 12
... sample configuration is sent to this page. The security wizard can be sure to use HTTPS when navigating to the printer on Jetdirect. The Security level you want to a parameter file called "pjlprotection". The TFTP configuration file points to implement on power-up....DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. Press the "Start Wizard" button to a customer. 12 Here is...
... sample configuration is sent to this page. The security wizard can be sure to use HTTPS when navigating to the printer on Jetdirect. The Security level you want to a parameter file called "pjlprotection". The TFTP configuration file points to implement on power-up....DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. Press the "Start Wizard" button to a customer. 12 Here is...
HP Jetdirect Security Guidelines
Page 17
For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic. Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. Special equipment is skipped. 17 For now, this configuration step is required. Disable unused print protocols and services.
For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic. Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. Special equipment is skipped. 17 For now, this configuration step is required. Disable unused print protocols and services.
HP Jetdirect Security Guidelines
Page 22
Click "Next" 22 Select "Allow Traffic". Click "Next". We are concerned with management services, so select the service template "All Jetdirect Management Services".
Click "Next" 22 Select "Allow Traffic". Click "Next". We are concerned with management services, so select the service template "All Jetdirect Management Services".
HP Jetdirect Security Guidelines
Page 24
Click Next. 24 Select the "All Jetdirect Management Services" service template. Click "Next". Select "Allow Traffic".
Click Next. 24 Select the "All Jetdirect Management Services" service template. Click "Next". Select "Allow Traffic".
HP Jetdirect Security Guidelines
Page 26
Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26 Select "Drop".
Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26 Select "Drop".
HP Jetdirect Security Guidelines
Page 28
... using IPsec, the packets are dropped by the IP layer. Select "Allow" for SET 2 executed. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Select "All IP Addresses" and click...
... using IPsec, the packets are dropped by the IP layer. Select "Allow" for SET 2 executed. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Select "All IP Addresses" and click...
HP Jetdirect Security Guidelines
Page 29
Click "Next". Click "Next". 29 Select "Require traffic to be protected with an IPsec/Firewall Policy". Select "All Jetdirect Management Services".
Click "Next". Click "Next". 29 Select "Require traffic to be protected with an IPsec/Firewall Policy". Select "All Jetdirect Management Services".