Practical considerations for imaging and printing security
Page 6
..., are confidential and prevent unauthorized modification by hostile network environments. • Chai HP's Chai provides a means to extend an imaging and printing device's functionality. IPsec Allows for Wired Networks Provides access control to the Ethernet network. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to-clunk performance...
..., are confidential and prevent unauthorized modification by hostile network environments. • Chai HP's Chai provides a means to extend an imaging and printing device's functionality. IPsec Allows for Wired Networks Provides access control to the Ethernet network. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to-clunk performance...
HP Jetdirect Security Guidelines
Page 5
... certain printers/MFP devices) J7997G 630n EIO 10/100/1000 Print Server J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Security Features Non-Cryptographic Security, not upgradeable to newer firmware after purchase Non-Cryptographic Security, not upgradeable to do so, HP can provide some popular HP Jetdirect devices that are no longer being sold by no means a requirement...
... certain printers/MFP devices) J7997G 630n EIO 10/100/1000 Print Server J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Security Features Non-Cryptographic Security, not upgradeable to newer firmware after purchase Non-Cryptographic Security, not upgradeable to do so, HP can provide some popular HP Jetdirect devices that are no longer being sold by no means a requirement...
HP Jetdirect Security Guidelines
Page 6
... located here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj05999. Printers and MFPs with a lot of EIO based printers, proper deployment of those attacks. As a reminder, these devices is to install a J7961G 635n IPv6/IPsec print server. The Firewall can take an ...8226; SET 4: The 635n model and the CM8000 Color MFP series (J7974E). With security configurations, one thing can see, replacing a discontinued 400n MIO model with a new external parallel port print server like the HP LaserJet 4000 and give it the latest in HP Jetdirect's product line. As...
... located here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj05999. Printers and MFPs with a lot of EIO based printers, proper deployment of those attacks. As a reminder, these devices is to install a J7961G 635n IPv6/IPsec print server. The Firewall can take an ...8226; SET 4: The 635n model and the CM8000 Color MFP series (J7974E). With security configurations, one thing can see, replacing a discontinued 400n MIO model with a new external parallel port print server like the HP LaserJet 4000 and give it the latest in HP Jetdirect's product line. As...
HP Jetdirect Security Guidelines
Page 7
.../100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n EIO 10/100 Print Server J7960A/J7960G 625n EIO 10/100/1000 Print Server J7961A/J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Firmware Version...
.../100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n EIO 10/100 Print Server J7960A/J7960G 625n EIO 10/100/1000 Print Server J7961A/J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Firmware Version...
HP Jetdirect Security Guidelines
Page 33
Further Reading 802.1X: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00731218/c00731218.pdf IPsec: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01048192/c01048192.pdf IPv6: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00840100/c00840100.pdf Using the networking infrastructure to better protect your printing and imaging devices: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00707837/c00707837.pdf 33
Further Reading 802.1X: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00731218/c00731218.pdf IPsec: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c01048192/c01048192.pdf IPv6: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00840100/c00840100.pdf Using the networking infrastructure to better protect your printing and imaging devices: http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00707837/c00707837.pdf 33
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 5
... 1 Introducing the HP Jetdirect Print Server Supported Print Servers ...1 Supported Network Protocols ...2 Security Protocols ...4 SNMP (IP and IPX) ...4 HTTPS ...4 Authentication ...4 EAP/802.1X Server-Based Authentication 4 IPsec/Firewall ...5 Supplied Manuals ...5 HP Support ...5 HP Online Support ...5 Firmware Upgrades ...5 Firmware Installation Tools 6 HP Support By Phone ...6 Product Registration ...6 Product Accessibility ...7 2 HP Software Solutions Summary HP Install Network Printer Wizard (Windows 10 Requirements ...10 HP Jetdirect Printer Installer...
... 1 Introducing the HP Jetdirect Print Server Supported Print Servers ...1 Supported Network Protocols ...2 Security Protocols ...4 SNMP (IP and IPX) ...4 HTTPS ...4 Authentication ...4 EAP/802.1X Server-Based Authentication 4 IPsec/Firewall ...5 Supplied Manuals ...5 HP Support ...5 HP Online Support ...5 Firmware Upgrades ...5 Firmware Installation Tools 6 HP Support By Phone ...6 Product Registration ...6 Product Accessibility ...7 2 HP Software Solutions Summary HP Install Network Printer Wizard (Windows 10 Requirements ...10 HP Jetdirect Printer Installer...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 8
...IPsec Template 106 IPsec Protocols (Manual Keys 111 Rule Summary ...112 Configuring Windows Systems ...112 6 Security Features (V.36.xx) Using Security Features ...116 7 Troubleshooting the HP Jetdirect Print Server Resetting to Factory Defaults ...118 Example: Cold Reset Using the Service Menu 119 To Disable a Jetdirect Embedded Print Server... Page Format 128 Configuration Page Messages 129 HP Jetdirect Configuration/General Information 129 Security Settings 131 Network Statistics 133 TCP/IP Protocol Information 133 IPv4 Section 134 IPv6 Section 136 IPX/SPX Protocol Information 137 ...
...IPsec Template 106 IPsec Protocols (Manual Keys 111 Rule Summary ...112 Configuring Windows Systems ...112 6 Security Features (V.36.xx) Using Security Features ...116 7 Troubleshooting the HP Jetdirect Print Server Resetting to Factory Defaults ...118 Example: Cold Reset Using the Service Menu 119 To Disable a Jetdirect Embedded Print Server... Page Format 128 Configuration Page Messages 129 HP Jetdirect Configuration/General Information 129 Security Settings 131 Network Statistics 133 TCP/IP Protocol Information 133 IPv4 Section 134 IPv6 Section 136 IPX/SPX Protocol Information 137 ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 12
... Network Protocols Supported Network Protocols Network Printing Environments1 Product Support TCP/IPv4 (Direct Mode printing) Microsoft Windows 2000, XP (32- HP Jetdirect print server support for IPsec (Internet Protocol security) depends on the print server and the printer/MFP in which it is installed. 2 HP embedded Jetdirect print server support for 1000T (Gigabit) depends on both the print server and the printer/MFP in which...
... Network Protocols Supported Network Protocols Network Printing Environments1 Product Support TCP/IPv4 (Direct Mode printing) Microsoft Windows 2000, XP (32- HP Jetdirect print server support for IPsec (Internet Protocol security) depends on the print server and the printer/MFP in which it is installed. 2 HP embedded Jetdirect print server support for 1000T (Gigabit) depends on both the print server and the printer/MFP in which...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 15
Value-featured print servers, such as HP Jetdirect en1700 do not support IPsec may control IP traffic using both IPv4 and IPv6 networks. Firmware upgrade files may be downloaded and installed on the print server over your print server model, firmware upgrade files may control IP traffic using Firewall protection only. A Firewall provides simple control of new or enhanced features. it...
Value-featured print servers, such as HP Jetdirect en1700 do not support IPsec may control IP traffic using both IPv4 and IPv6 networks. Firmware upgrade files may be downloaded and installed on the print server over your print server model, firmware upgrade files may control IP traffic using Firewall protection only. A Firewall provides simple control of new or enhanced features. it...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 69
... using BOOTP, DHCP or RARP, edit the appropriate system files with addresses on the HP Jetdirect print server to a new network, make sure that can set basic network parameters. Depending on the HP Jetdirect print server and printer, configuration of selected IPv4/IPv6 and IPsec networking parameters through the control panel is installed on page 169 for other subsystems such...
... using BOOTP, DHCP or RARP, edit the appropriate system files with addresses on the HP Jetdirect print server to a new network, make sure that can set basic network parameters. Depending on the HP Jetdirect print server and printer, configuration of selected IPv4/IPv6 and IPsec networking parameters through the control panel is installed on page 169 for other subsystems such...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 72
.... However, Jetdirect MIB configuration objects (such as IPv6 and IPsec objects) may differ. For supported browsers with an IP address. It is available from HP online support at the following browsers: ● Netscape Navigator 6.2.x with the HP Jetdirect embedded Web server. Requirements Compatible...for selected printers), Telnet, 62 Chapter 4 Embedded Web Server (V.36.xx) ENWW Or, you must use the embedded Web server, the HP Jetdirect print server must be viewed over IPv6 protocols. In general, the embedded Web server can be used with Web browsers that you can use...
.... However, Jetdirect MIB configuration objects (such as IPv6 and IPsec objects) may differ. For supported browsers with an IP address. It is available from HP online support at the following browsers: ● Netscape Navigator 6.2.x with the HP Jetdirect embedded Web server. Requirements Compatible...for selected printers), Telnet, 62 Chapter 4 Embedded Web Server (V.36.xx) ENWW Or, you must use the embedded Web server, the HP Jetdirect print server must be viewed over IPv6 protocols. In general, the embedded Web server can be used with Web browsers that you can use...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 73
... example, printer1). By factory default, HP Jetdirect print servers and printers/MFPs with IPsec support are configured as the URL. Enter the IP address or fully qualified domain name (FQDN) of the print server as a secure site, using an X.509v3-compliant certificate installed on , an HP Jetdirect print server that support direct IPv6 address entries, an IPv6 address is typically enclosed in the...
... example, printer1). By factory default, HP Jetdirect print servers and printers/MFPs with IPsec support are configured as the URL. Enter the IP address or fully qualified domain name (FQDN) of the print server as a secure site, using an X.509v3-compliant certificate installed on , an HP Jetdirect print server that support direct IPv6 address entries, an IPv6 address is typically enclosed in the...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 107
... for secure client-server applications (for example, client-server authentication or HTTPS Web browsing). IPsec and Firewall policy pages are illustrated below. NOTE: To ensure communications with an HP Jetdirect print server configured with an IPsec policy, be sure that support IPsec may be relatively ... at the network layer and can be controlled using both IPv4 and IPv6 networks. otherwise, connections will be compatible; After a policy is configured, it is relatively complex. IPsec policies configured on the print server until you must be allowed access.
... for secure client-server applications (for example, client-server authentication or HTTPS Web browsing). IPsec and Firewall policy pages are illustrated below. NOTE: To ensure communications with an HP Jetdirect print server configured with an IPsec policy, be sure that support IPsec may be relatively ... at the network layer and can be controlled using both IPv4 and IPv6 networks. otherwise, connections will be compatible; After a policy is configured, it is relatively complex. IPsec policies configured on the print server until you must be allowed access.
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 112
... is not subject to this limitation and will include all IPv6 remote addresses NOTE: If multiple rules for which a rule will apply are not desired, create custom address templates. The maximum number of IPsec templates that can be used . The maximum number of ... 5 Step 1: Specify Address Template The available address templates for these predefined address templates are listed in the Address Templates field by the print server. Select a predefined template, or click New to create a custom template using the Create Address Template page, described below. Table 5-2 Limitations...
... is not subject to this limitation and will include all IPv6 remote addresses NOTE: If multiple rules for which a rule will apply are not desired, create custom address templates. The maximum number of IPsec templates that can be used . The maximum number of ... 5 Step 1: Specify Address Template The available address templates for these predefined address templates are listed in the Address Templates field by the print server. Select a predefined template, or click New to create a custom template using the Create Address Template page, described below. Table 5-2 Limitations...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 115
...used for use by the service. Service Type Specify the service type: ● Printer/MFP Service (default): A local service on the HP Jetdirect print server or device. ● Remote Service: A service on the service, select Port Range or Specific Port, then enter the port range or ...this button to add the custom service to the Configured Custom Services list. If IPsec is Any Port. Table 5-6 Manage Custom Services page (continued) Item Description (Internet Control Message Protocol for IPv4/IPv6 networks), and IGMPv2 (Internet Group Management Protocol version 2). ● For TCP or...
...used for use by the service. Service Type Specify the service type: ● Printer/MFP Service (default): A local service on the HP Jetdirect print server or device. ● Remote Service: A service on the service, select Port Range or Specific Port, then enter the port range or ...this button to add the custom service to the Configured Custom Services list. If IPsec is Any Port. Table 5-6 Manage Custom Services page (continued) Item Description (Internet Control Message Protocol for IPv4/IPv6 networks), and IGMPv2 (Internet Group Management Protocol version 2). ● For TCP or...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 159
Review your HP Jetdirect print server. No Rule Displays the number of packets received for which an IPsec policy rule is provided through ICMP error messages. Table 8-15 IPsec Error Log Message Description Deprecated Template A ...print server. Table 8-16 IPsec Statistics Message Description Fragmentation Errors Displays the number of fragmented packets that is, the message received is the same as the one sent. Client notification of rejected packets is not configured. ENWW HP Jetdirect Security Page 149 Local IP Addresses This section lists the IPv4 and IPv6...
Review your HP Jetdirect print server. No Rule Displays the number of packets received for which an IPsec policy rule is provided through ICMP error messages. Table 8-15 IPsec Error Log Message Description Deprecated Template A ...print server. Table 8-16 IPsec Statistics Message Description Fragmentation Errors Displays the number of fragmented packets that is, the message received is the same as the one sent. Client notification of rejected packets is not configured. ENWW HP Jetdirect Security Page 149 Local IP Addresses This section lists the IPv4 and IPv6...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 195
...Community name Configuration page 132 embedded Web server 76 Security features 114 Telnet 52 TFTP configuration 33 CONFIG BY 135 Configuration HP Web Jetadmin 11 LPD printing 153 Software solutions 9 TCP/IP .../IPv4 134 TCP/IPv6 136 USB 131 Control panel configuration 59, 169 D DATE MANUFACTURED 130 ENWW Index 185 Index A Access List Configuration page entry 133 embedded Web server 90 Security features... 75, 139 arp command 40 ARP DUPLICATE IP ADDRESS 144 ATTACHED SERVER 138 Authentication 802.1X 4 Certificates 87 IKEv1 109 IPsec 106, 107 Kerberos 108 SNMPv3 77, 92 Authentication Header 110, ...
...Community name Configuration page 132 embedded Web server 76 Security features 114 Telnet 52 TFTP configuration 33 CONFIG BY 135 Configuration HP Web Jetadmin 11 LPD printing 153 Software solutions 9 TCP/IP .../IPv4 134 TCP/IPv6 136 USB 131 Control panel configuration 59, 169 D DATE MANUFACTURED 130 ENWW Index 185 Index A Access List Configuration page entry 133 embedded Web server 90 Security features... 75, 139 arp command 40 ARP DUPLICATE IP ADDRESS 144 ATTACHED SERVER 138 Authentication 802.1X 4 Certificates 87 IKEv1 109 IPsec 106, 107 Kerberos 108 SNMPv3 77, 92 Authentication Header 110, ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 198
... See also Community name SNMP v3 embedded Web server 76 HP Web Jetadmin 62 speed, USB 56, 83 SPI. See Security Parameters Index Stateful IPv6 address 19 Stateless IPv6 address 18 Status AppleTalk 139 General 130 IPX/SPX 137 TCP/IPv4 134 TCP/IPv6 136 Subnet mask Bootptab file parameter 26 TFTP ...IPsec policy Configuration limits 101 S SA. See Perfect Forward Secrecy Ping Control panel test 175 Ping(IPv4) command With arp command 40 PORT CONFIG 130 POSTSCRIPT MODE NOT SELECTED 145 Pre-shared key 107 Primary Frame Type 137 Print queue BSD systems 156 LPD 47, 155 SAM (HP-UX) systems 157 PRINT SERVER...
... See also Community name SNMP v3 embedded Web server 76 HP Web Jetadmin 62 speed, USB 56, 83 SPI. See Security Parameters Index Stateful IPv6 address 19 Stateless IPv6 address 18 Status AppleTalk 139 General 130 IPX/SPX 137 TCP/IPv4 134 TCP/IPv6 136 Subnet mask Bootptab file parameter 26 TFTP ...IPsec policy Configuration limits 101 S SA. See Perfect Forward Secrecy Ping Control panel test 175 Ping(IPv4) command With arp command 40 PORT CONFIG 130 POSTSCRIPT MODE NOT SELECTED 145 Pre-shared key 107 Primary Frame Type 137 Print queue BSD systems 156 LPD 47, 155 SAM (HP-UX) systems 157 PRINT SERVER...
HP Jetdirect Print Servers - Administrator's Guide
Page 9
...to configure print queues (HP-UX systems 159 Print a test file 160 LPD on Windows 2000/Server 2003 systems 160 Install TCP/IP software 160 Configure a network printer for Windows 2000/Server 2003 systems 161 Verify the configuration 162 Print from ...print queues 157 Step 3. Network Statistics 137 TCP/IP protocol information 137 IPv4 section 138 IPv6 section 140 IPX/SPX protocol information 140 Novell/NetWare parameters 141 AppleTalk protocol information 142 DLC/LLC protocol information 143 Error messages ...143 HP Jetdirect Security page ...149 Security settings ...150 IPsec...
...to configure print queues (HP-UX systems 159 Print a test file 160 LPD on Windows 2000/Server 2003 systems 160 Install TCP/IP software 160 Configure a network printer for Windows 2000/Server 2003 systems 161 Verify the configuration 162 Print from ...print queues 157 Step 3. Network Statistics 137 TCP/IP protocol information 137 IPv4 section 138 IPv6 section 140 IPX/SPX protocol information 140 Novell/NetWare parameters 141 AppleTalk protocol information 142 DLC/LLC protocol information 143 Error messages ...143 HP Jetdirect Security page ...149 Security settings ...150 IPsec...
HP Jetdirect Print Servers - How to Use 802.1X on HP Jetdirect Print Servers
Page 15
... to http://www.hp.com/go /procurve Rather than generically explain what is supported. For instance, if a web browser is not secure because it has not been signed by that are as a server. PEAP & EAP-TLS support • J7961A/J7961G 635n EIO IPv6 & IPsec Print Server with the latest firmware available - The CA certificate tells Jetdirect which identity...
... to http://www.hp.com/go /procurve Rather than generically explain what is supported. For instance, if a web browser is not secure because it has not been signed by that are as a server. PEAP & EAP-TLS support • J7961A/J7961G 635n EIO IPv6 & IPsec Print Server with the latest firmware available - The CA certificate tells Jetdirect which identity...