Practical considerations for imaging and printing security
Page 6
... While Secure IPP may be installed from hard disk storage. HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for securing printing and scanning functions. 6 For example, Capella Technologies' VeriUser ...HP imaging and printing devices. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to provide fleet management of hackers continues to evolve, HP ensures its partners. For more information on HP Secure Erase, see Appendix B, "HP...
... While Secure IPP may be installed from hard disk storage. HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for securing printing and scanning functions. 6 For example, Capella Technologies' VeriUser ...HP imaging and printing devices. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to provide fleet management of hackers continues to evolve, HP ensures its partners. For more information on HP Secure Erase, see Appendix B, "HP...
HP Jetdirect Security Guidelines
Page 10
...block PJL commands. These tools often claim to upgrade HP Jetdirect devices is protected. HP recommends following NIST checklist as 802.1X, help hinder active attacks. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that ...server, it is not a vulnerability specific to record a meeting conversation. However, printer/MFPs can be opened using listening device hidden in a manner that was sent between an email client and email server, it . While a valid vulnerability, it can be configured to behave in a conference room to printing...
...block PJL commands. These tools often claim to upgrade HP Jetdirect devices is protected. HP recommends following NIST checklist as 802.1X, help hinder active attacks. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that ...server, it is not a vulnerability specific to record a meeting conversation. However, printer/MFPs can be opened using listening device hidden in a manner that was sent between an email client and email server, it . While a valid vulnerability, it can be configured to behave in a conference room to printing...
HP Jetdirect Administrator's Guide
Page 37
... network is made, the IP address will likely be reconfigured because DHCP requests on the print server are enabled by default. Configuration tools that require a specific default IP address on the print server for initial communication may be transmitted. HP Jetdirect Wireless Print Server. ENWW TCP/IP Configuration 37 If a network connection to send, or not send, periodic DHCP...
... network is made, the IP address will likely be reconfigured because DHCP requests on the print server are enabled by default. Configuration tools that require a specific default IP address on the print server for initial communication may be transmitted. HP Jetdirect Wireless Print Server. ENWW TCP/IP Configuration 37 If a network connection to send, or not send, periodic DHCP...
HP Jetdirect Administrator's Guide
Page 43
The name of the HP Jetdirect print server. For the HP Jetdirect print server, set this parameter to rfc1048. Set this to a list of parameters for Ethernet). ip -- This name identifies an entry point to ether (for a specific peripheral. nodename must precede the ha tag. vm -- The hardware address tag. On HP Jetdirect external print servers, it is provided below: picasso:\ :hn:\ :ht=ether...
The name of the HP Jetdirect print server. For the HP Jetdirect print server, set this parameter to rfc1048. Set this to a list of parameters for Ethernet). ip -- This name identifies an entry point to ether (for a specific peripheral. nodename must precede the ha tag. vm -- The hardware address tag. On HP Jetdirect external print servers, it is provided below: picasso:\ :hn:\ :ht=ether...
HP Jetdirect Administrator's Guide
Page 44
.... dn 15 Domain name tag. ef 18 Extensions file tag that the HP Jetdirect print server sends syslog messages to the HP Jetdirect print server. It does not include the host name; The subnet mask will be used ...printed on the Jetdirect configuration page, or returned on an SNMP sysName request by the HP Jetdirect print server to the vendor-specific tag T144, described below. gw 3 The gateway IP address tag. ds 6 DNS (Domain Name System) server's IP address tag. Specifies the domain name for the HP Jetdirect print server (for example, support.hp...
.... dn 15 Domain name tag. ef 18 Extensions file tag that the HP Jetdirect print server sends syslog messages to the HP Jetdirect print server. It does not include the host name; The subnet mask will be used ...printed on the Jetdirect configuration page, or returned on an SNMP sysName request by the HP Jetdirect print server to the vendor-specific tag T144, described below. gw 3 The gateway IP address tag. ds 6 DNS (Domain Name System) server's IP address tag. Specifies the domain name for the HP Jetdirect print server (for example, support.hp...
HP Jetdirect Administrator's Guide
Page 46
... to specify either "BOOTP-ONLY" or "DHCP-ONLY" requests be downloaded using the /etc/bootptab file's T144 vendor-specific tag (or the "ef" standard BOOTP tag) entry. An HP-proprietary tag to your HP Jetdirect print server, such as host names, must begin with a letter and can be sent. ENWW TCP/IP Configuration 46 Names, such...
... to specify either "BOOTP-ONLY" or "DHCP-ONLY" requests be downloaded using the /etc/bootptab file's T144 vendor-specific tag (or the "ef" standard BOOTP tag) entry. An HP-proprietary tag to your HP Jetdirect print server, such as host names, must begin with a letter and can be sent. ENWW TCP/IP Configuration 46 Names, such...
HP Jetdirect Administrator's Guide
Page 52
...the printer is 1. For current HP Jetdirect print servers, the Port Number is allowed to TCP port 9100. write-mode: Controls the setting of 12) ipp-printing: (ipp-config:, ipp:) Enables or disables the ability to print through IPP: 0 disables, ... TCP/IP Raw Print Ports raw-port: (addrawport:) Specifies additional ports for printing to close a Port 9100 print connection. interlock: (interlock-mode:) Specifies whether an acknowledgement (ACK) on the Jetdirect print server. 0 disables, 1 (default) enables. banner: A port-specific parameter that specifies printing an LPD banner ...
...the printer is 1. For current HP Jetdirect print servers, the Port Number is allowed to TCP port 9100. write-mode: Controls the setting of 12) ipp-printing: (ipp-config:, ipp:) Enables or disables the ability to print through IPP: 0 disables, ... TCP/IP Raw Print Ports raw-port: (addrawport:) Specifies additional ports for printing to close a Port 9100 print connection. interlock: (interlock-mode:) Specifies whether an acknowledgement (ACK) on the Jetdirect print server. 0 disables, 1 (default) enables. banner: A port-specific parameter that specifies printing an LPD banner ...
HP Jetdirect Administrator's Guide
Page 53
...(for example, to 10 access list entries are disabled. syslog-priority: Controls the filtering of hosts that can be sent by the HP Jetdirect print server on a per minute. The default is 0 to the printer. In this case, the default mask 255.255.255.255 is ... to connect to 8, with 0 being the most specific and 8 the most general. allow: 0 This entry clears the host access list. If it's set to . Only messages that the HP Jetdirect print server sends syslog messages to zero, the number of print servers. For additional information, see Appendix A. Each entry specifies...
...(for example, to 10 access list entries are disabled. syslog-priority: Controls the filtering of hosts that can be sent by the HP Jetdirect print server on a per minute. The default is 0 to the printer. In this case, the default mask 255.255.255.255 is ... to connect to 8, with 0 being the most specific and 8 the most general. allow: 0 This entry clears the host access list. If it's set to . Only messages that the HP Jetdirect print server sends syslog messages to zero, the number of print servers. For additional information, see Appendix A. Each entry specifies...
HP Jetdirect Administrator's Guide
Page 63
...its IP configuration. Windows Systems HP Jetdirect print servers support IP configuration from IP addresses that change, HP recommends that the Windows server can assign or lease to "infinite". Note This information is provided as an overview. For specific information or for additional support,...63 UNIX Systems For more information on setting up DHCP on , the HP Jetdirect print server automatically sends a BOOTP or DHCP request for its DHCP implementations, HP recommends that print server IP addresses remain static until dynamic domain name services are provided. Note ...
...its IP configuration. Windows Systems HP Jetdirect print servers support IP configuration from IP addresses that change, HP recommends that the Windows server can assign or lease to "infinite". Note This information is provided as an overview. For specific information or for additional support,...63 UNIX Systems For more information on setting up DHCP on , the HP Jetdirect print server automatically sends a BOOTP or DHCP request for its DHCP implementations, HP recommends that print server IP addresses remain static until dynamic domain name services are provided. Note ...
HP Jetdirect Administrator's Guide
Page 86
...case, the default mask 255.255.255.255 is assumed and is 0 to 8, with 0 being the most specific and 8 the most general. allow 192.0.0.0 255.0.0.0 allows hosts on the HP Jetdirect print server. For example, syslog-svr: 192.168.40.1 assigns 192.168.40.1 as the source facility code, but ...netnum is a network number or host IP address, and mask is 8, where messages of syslog messages that are reported. By default, the HP Jetdirect print server uses LPR as the IP address of syslog messages is 10 per -minute basis. syslog-priority Controls the filtering of 18) TCP/IP ...
...case, the default mask 255.255.255.255 is assumed and is 0 to 8, with 0 being the most specific and 8 the most general. allow 192.0.0.0 255.0.0.0 allows hosts on the HP Jetdirect print server. For example, syslog-svr: 192.168.40.1 assigns 192.168.40.1 as the source facility code, but ...netnum is a network number or host IP address, and mask is 8, where messages of syslog messages that are reported. By default, the HP Jetdirect print server uses LPR as the IP address of syslog messages is 10 per -minute basis. syslog-priority Controls the filtering of 18) TCP/IP ...
HP Jetdirect Administrator's Guide
Page 94
...config (MFP config) Enable or disable print server support of seconds (1 - 3600) that supports bi-directional communications between the HP Jetdirect print server and the device. ● Full Speed: 12 Mbits/sec as specified in the USB v2.0 specifications, compatible with your multifunction or all...-in the Web Scan server. 0 disables, 1 (default) enables. scan-...
...config (MFP config) Enable or disable print server support of seconds (1 - 3600) that supports bi-directional communications between the HP Jetdirect print server and the device. ● Full Speed: 12 Mbits/sec as specified in the USB v2.0 specifications, compatible with your multifunction or all...-in the Web Scan server. 0 disables, 1 (default) enables. scan-...
HP Jetdirect Administrator's Guide
Page 116
... is allowed to remain open until closed by the HP Jetdirect print server on subnet masks, see Appendix A. Only messages that are sent to receive syslog messages from the HP Jetdirect print server. A value of the primary Windows Internet Naming Service (WINS) server. Up to zero, no maximum number is 8 ... Gateway Identifies the IP address of a host computer that is unavailable. This setting allows administrators to 8, with 0 being the most specific and 8 being the most general. Secondary WINS Specifies the IP Address to an IP address, determines which bits specify the network and...
... is allowed to remain open until closed by the HP Jetdirect print server on subnet masks, see Appendix A. Only messages that are sent to receive syslog messages from the HP Jetdirect print server. A value of the primary Windows Internet Naming Service (WINS) server. Up to zero, no maximum number is 8 ... Gateway Identifies the IP address of a host computer that is unavailable. This setting allows administrators to 8, with 0 being the most specific and 8 being the most general. Secondary WINS Specifies the IP Address to an IP address, determines which bits specify the network and...
HP Jetdirect Administrator's Guide
Page 133
... set the highest level available, starting with IEEE 1284.4. USB Settings If the HP Jetdirect print server provides a USB connection to the network device (such as specified in the USB v2.0 specifications, compatible with USB v1.1 specifications. ● Hi-Speed: 480 Mbits/sec for USB v2.0 devices only.... PostScript and HPGL2. If you change the current setting, unplug and then reconnect the USB cable, or power the print server off/on the Jetdirect configuration page. Table 4.10 USB Settings USB Item USB Speed Desired Communication Mode Status Page Language Description (Read-only ...
... set the highest level available, starting with IEEE 1284.4. USB Settings If the HP Jetdirect print server provides a USB connection to the network device (such as specified in the USB v2.0 specifications, compatible with USB v1.1 specifications. ● Hi-Speed: 480 Mbits/sec for USB v2.0 devices only.... PostScript and HPGL2. If you change the current setting, unplug and then reconnect the USB cable, or power the print server off/on the Jetdirect configuration page. Table 4.10 USB Settings USB Item USB Speed Desired Communication Mode Status Page Language Description (Read-only ...
HP Jetdirect Administrator's Guide
Page 141
.... Use this certificate overwrites the preinstalled certificate. When received, the certificate is a Jetdirect certificate request (to a trusted third party) pending. ENWW Using the Embedded Web Server 141 Install Certificate. Using this option, you are not necessarily secure because the certificate...item: ● Certificate Validity Period With self-signed certificates, the browser will identify the certificate as self-signed for specific device and organizational information in the following screen: ● Certificate Information This option may be used, for example, by...
.... Use this certificate overwrites the preinstalled certificate. When received, the certificate is a Jetdirect certificate request (to a trusted third party) pending. ENWW Using the Embedded Web Server 141 Install Certificate. Using this option, you are not necessarily secure because the certificate...item: ● Certificate Validity Period With self-signed certificates, the browser will identify the certificate as self-signed for specific device and organizational information in the following screen: ● Certificate Information This option may be used, for example, by...
HP Jetdirect Administrator's Guide
Page 193
...that either the 10 Mbps or 100 Mbps light is on the print server. Verify that wireless network settings have already printed a Jetdirect configuration page. 1. Verify that network cable lengths meet network specifications. The network must match the network for use on . 10... the configuration of the network's 802.1X port. ENWW Troubleshooting the HP Jetdirect Print Server 193 For 10/100Base-TX print servers, is attached to your network cables connected properly? For EIO print servers, autonegotiation is communicating with the network. Verify network cabling, connections, and...
...that either the 10 Mbps or 100 Mbps light is on the print server. Verify that wireless network settings have already printed a Jetdirect configuration page. 1. Verify that network cable lengths meet network specifications. The network must match the network for use on . 10... the configuration of the network's 802.1X port. ENWW Troubleshooting the HP Jetdirect Print Server 193 For 10/100Base-TX print servers, is attached to your network cables connected properly? For EIO print servers, autonegotiation is communicating with the network. Verify network cabling, connections, and...
HP Jetdirect Administrator's Guide
Page 194
..., and redirection (capture in the protocol's section on the HP Jetdirect print server? Check your protocol enabled on the Jetdirect configuration page? See Chapter 4.) 9. Is there an error message in Novell NetWare). 7. The problem may be workstation-specific. If you can also use the embedded Web server to print, are they are compatible and that they using the...
..., and redirection (capture in the protocol's section on the HP Jetdirect print server? Check your protocol enabled on the Jetdirect configuration page? See Chapter 4.) 9. Is there an error message in Novell NetWare). 7. The problem may be workstation-specific. If you can also use the embedded Web server to print, are they are compatible and that they using the...
HP Jetdirect Administrator's Guide
Page 207
... standard protocol, a mode for printers and multi-function (All-in-One) devices that allows multiple channels of simultaneous print, scan, and status communication. ● Bidirectional: Two-way printer communication, sending print data to the printing device and returning status information from the printing device. ● Unidirectional: One-way communication to HP Jetdirect external print servers with USB v1.1 specifications.
... standard protocol, a mode for printers and multi-function (All-in-One) devices that allows multiple channels of simultaneous print, scan, and status communication. ● Bidirectional: Two-way printer communication, sending print data to the printing device and returning status information from the printing device. ● Unidirectional: One-way communication to HP Jetdirect external print servers with USB v1.1 specifications.
HP Jetdirect Administrator's Guide
Page 214
... frames not transmitted because of CRC (Cyclic Redundancy Check) errors and framing errors. This number does not include packets specifically addressed to the print server. CRC errors are frames received with errors by the HP Jetdirect print server without error. Framing errors are frames received with your network. Network Statistics Information in Table 9.5. Total number of frames...
... frames not transmitted because of CRC (Cyclic Redundancy Check) errors and framing errors. This number does not include packets specifically addressed to the print server. CRC errors are frames received with errors by the HP Jetdirect print server without error. Framing errors are frames received with your network. Network Statistics Information in Table 9.5. Total number of frames...
HP Jetdirect Administrator's Guide
Page 220
... the network. The third column (RCVD) indicates how many packets have been received for that a specific frame type for each frame type. The second column (Frame Type) identifies the frame type used for communication between a server and the HP Jetdirect print server. Table 9.7 IPX/SPX Configuration Information (2 of 2) Message NETWORK XXXXXX XXXXXX XXXXXX XXXXXX FRAME TYPE...
... the network. The third column (RCVD) indicates how many packets have been received for that a specific frame type for each frame type. The second column (Frame Type) identifies the frame type used for communication between a server and the HP Jetdirect print server. Table 9.7 IPX/SPX Configuration Information (2 of 2) Message NETWORK XXXXXX XXXXXX XXXXXX XXXXXX FRAME TYPE...
HP Jetdirect Administrator's Guide
Page 233
... TAG SIZE The tagsize in a vendor-specific field in the BOOTP reply is complete. Currently downloading MUST DOWNLOAD firmware to the HP Jetdirect print server, or the download did not match the print servers hardware address, or had received IP parameters from a DHCP server, but operation may be degraded until a DHCP server responds. 58 POSTSCRIPT MODE NOT SELECTED The...
... TAG SIZE The tagsize in a vendor-specific field in the BOOTP reply is complete. Currently downloading MUST DOWNLOAD firmware to the HP Jetdirect print server, or the download did not match the print servers hardware address, or had received IP parameters from a DHCP server, but operation may be degraded until a DHCP server responds. 58 POSTSCRIPT MODE NOT SELECTED The...