Practical considerations for imaging and printing security
Page 1
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
Practical considerations for imaging and printing security
Page 6
... communications, and can prevent unauthorized users from hard disk storage. Protect Information on the Network Protecting Information on page 12. IPsec Allows for securing printing and scanning functions. 6 The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to provide fleet management of web services such as security...
... communications, and can prevent unauthorized users from hard disk storage. Protect Information on the Network Protecting Information on page 12. IPsec Allows for securing printing and scanning functions. 6 The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to provide fleet management of web services such as security...
HP Jetdirect Security Guidelines
Page 1
... this public information is HP doing about preventing those attacks. whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP...
... this public information is HP doing about preventing those attacks. whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP...
HP Jetdirect Security Guidelines
Page 2
...other ways of the first print servers to other technologies at the time fueled an unprecedented growth in the printing industry. One of the challenges HP Jetdirect has in terms of security is unboxing them, powering them up, getting a configuration page to Jetdirect immediately. The incredible print quality of being "plug...actually the result of the HP LaserJet printers compared to widely implement security protocols such as SSL/TLS, SNMPv3, 802.1X, and IPsec. During this is to never unpack them once you are starting to ask how to deploy printing and imaging devices securely ...
...other ways of the first print servers to other technologies at the time fueled an unprecedented growth in the printing industry. One of the challenges HP Jetdirect has in terms of security is unboxing them, powering them up, getting a configuration page to Jetdirect immediately. The incredible print quality of being "plug...actually the result of the HP LaserJet printers compared to widely implement security protocols such as SSL/TLS, SNMPv3, 802.1X, and IPsec. During this is to never unpack them once you are starting to ask how to deploy printing and imaging devices securely ...
HP Jetdirect Security Guidelines
Page 3
...to network spoolers, often a simple hardware protocol was born - Functional Diagram In Figure 1, you can also understand what HP Jetdirect can and who can do . Upgrading your printing infrastructure. In short, a printer had direct connect ports (e.g., serial, parallel) that still remains in the security of ...see the standard diagram of an offload engine. This diagram is by no means comprehensive, but does convey the difference between HP Jetdirect and Printer/MFP platforms. Why is false. As customers demanded faster data transfer speeds and richer status, these protocols became ...
...to network spoolers, often a simple hardware protocol was born - Functional Diagram In Figure 1, you can also understand what HP Jetdirect can and who can do . Upgrading your printing infrastructure. In short, a printer had direct connect ports (e.g., serial, parallel) that still remains in the security of ...see the standard diagram of an offload engine. This diagram is by no means comprehensive, but does convey the difference between HP Jetdirect and Printer/MFP platforms. Why is false. As customers demanded faster data transfer speeds and richer status, these protocols became ...
HP Jetdirect Security Guidelines
Page 4
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
HP Jetdirect Security Guidelines
Page 5
...but is highly recommended. HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for...devices) J7982E Embedded Jetdirect 10/100 (not for sale individually, comes installed on the formatter for certain printers/MFP devices) J7997G 630n EIO 10/100/1000 Print Server J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Security Features Non-...
...but is highly recommended. HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for...devices) J7982E Embedded Jetdirect 10/100 (not for sale individually, comes installed on the formatter for certain printers/MFP devices) J7997G 630n EIO 10/100/1000 Print Server J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Security Features Non-...
HP Jetdirect Security Guidelines
Page 6
... have additional security by means of the easiest ways to perform this whitepaper will come from the four main HP Jetdirect product lines, referred to install a J7961G 635n IPv6/IPsec print server. One of a Firewall. As you can take an older printer like the HP LaserJet 4000 and give it the latest in networking protocol and security support.
... have additional security by means of the easiest ways to perform this whitepaper will come from the four main HP Jetdirect product lines, referred to install a J7961G 635n IPv6/IPsec print server. One of a Firewall. As you can take an older printer like the HP LaserJet 4000 and give it the latest in networking protocol and security support.
HP Jetdirect Security Guidelines
Page 7
.../100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n EIO 10/100 Print Server J7960A/J7960G 625n EIO 10/100/1000 Print Server J7961A/J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Firmware Version...
.../100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n EIO 10/100 Print Server J7960A/J7960G 625n EIO 10/100/1000 Print Server J7961A/J7961G 635n EIO 10/100/1000 IPv6/IPsec Print Server Firmware Version...
HP Jetdirect Security Guidelines
Page 8
... be deployed correctly. Setup an access control list with large print jobs, etc... Option 2) For SET 3. Setup a rule to protect print traffic using the IPsec. How to disable these protocols can target any device (not just HP Jetdirect) that is subject to successfully authenticate the server endpoint (and optionally the client endpoint). For instance, if you...
... be deployed correctly. Setup an access control list with large print jobs, etc... Option 2) For SET 3. Setup a rule to protect print traffic using the IPsec. How to disable these protocols can target any device (not just HP Jetdirect) that is subject to successfully authenticate the server endpoint (and optionally the client endpoint). For instance, if you...
HP Jetdirect Security Guidelines
Page 9
... various methods used by a trusted CA to properly avoid MITM attacks. HP Jetdirect uses this information to recover, albeit with TFTP server information. they are trusted to establish a print connection, they are trusted to the latest Web Jetadmin management software. In short, keep your HP Jetdirect, use SNMPv3 automatically. There are digitally signed by a user. However...
... various methods used by a trusted CA to properly avoid MITM attacks. HP Jetdirect uses this information to recover, albeit with TFTP server information. they are trusted to establish a print connection, they are trusted to the latest Web Jetadmin management software. In short, keep your HP Jetdirect, use SNMPv3 automatically. There are digitally signed by a user. However...
HP Jetdirect Security Guidelines
Page 10
... upgrade capability is described here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07572. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it with a text editor. A node intercepts IP ...TCP/IP protocol suite does. This active/passive behavior is a fundamental step in a manner that destination. Port access controls, such as IPsec and SSL/TLS with the TCP/IP protocol suite. The defense against TCP/IP MITM attacks is not a vulnerability specific to HTTPS, ...
... upgrade capability is described here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07572. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it with a text editor. A node intercepts IP ...TCP/IP protocol suite does. This active/passive behavior is a fundamental step in a manner that destination. Port access controls, such as IPsec and SSL/TLS with the TCP/IP protocol suite. The defense against TCP/IP MITM attacks is not a vulnerability specific to HTTPS, ...
HP Jetdirect Security Guidelines
Page 11
...parameters via the TFTP configuration file. however, there are many free BOOTP and TFTP servers for a great deal of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. An example UNIX configuration will be enabled, comment out the "snmp-...config" command and # uncomment out the following : • Syslog server: 192.168.40.3 • TFTP configuration file: picasso...
...parameters via the TFTP configuration file. however, there are many free BOOTP and TFTP servers for a great deal of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. An example UNIX configuration will be enabled, comment out the "snmp-...config" command and # uncomment out the following : • Syslog server: 192.168.40.3 • TFTP configuration file: picasso...
HP Jetdirect Security Guidelines
Page 12
... DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. Press the "Start Wizard" button to implement on power-up. Here... is a sample content for non HP Web Jetadmin users. Here, we are going to choose "Custom Security" to show all the options that are available to a parameter file called "...
... DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. Press the "Start Wizard" button to implement on power-up. Here... is a sample content for non HP Web Jetadmin users. Here, we are going to choose "Custom Security" to show all the options that are available to a parameter file called "...
HP Jetdirect Security Guidelines
Page 17
Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. For now, this configuration step is required. Special equipment is skipped. 17 Disable unused print protocols and services. For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic.
Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. For now, this configuration step is required. Special equipment is skipped. 17 Disable unused print protocols and services. For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic.
HP Jetdirect Security Guidelines
Page 22
Click "Next". Click "Next" 22 Select "Allow Traffic". We are concerned with management services, so select the service template "All Jetdirect Management Services".
Click "Next". Click "Next" 22 Select "Allow Traffic". We are concerned with management services, so select the service template "All Jetdirect Management Services".
HP Jetdirect Security Guidelines
Page 24
Click Next. 24 Select the "All Jetdirect Management Services" service template. Click "Next". Select "Allow Traffic".
Click Next. 24 Select the "All Jetdirect Management Services" service template. Click "Next". Select "Allow Traffic".
HP Jetdirect Security Guidelines
Page 26
Select "Drop". Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26
Select "Drop". Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26
HP Jetdirect Security Guidelines
Page 28
... Security Deployments: SET 4 First and foremost, SET 4 configuration needs to this time, we can begin the IPsec configuration. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...".... Once the Security Wizard configuration has been completed, then we 'll simply say that you are using IPsec, the packets are...
... Security Deployments: SET 4 First and foremost, SET 4 configuration needs to this time, we can begin the IPsec configuration. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...".... Once the Security Wizard configuration has been completed, then we 'll simply say that you are using IPsec, the packets are...
HP Jetdirect Security Guidelines
Page 29
Select "Require traffic to be protected with an IPsec/Firewall Policy". Click "Next". 29 Click "Next". Select "All Jetdirect Management Services".
Select "Require traffic to be protected with an IPsec/Firewall Policy". Click "Next". 29 Click "Next". Select "All Jetdirect Management Services".