Practical considerations for imaging and printing security
Page 7
...and printing products, for imaging and printing ...Server may be bridged to the digital network, preventing the threat of security vulnerabilities. HP releases firmware updates based on enterprise networks. In addition to the secondary email function, secure sending to email, fax, and network folders may be manually...printing devices support many network protocols and services. HP...server used by securing the network communications between the MFP and the DSS Server. Effectively managing network resources is currently in the HP LaserJet 4345mfp and 4730mfp. HP imaging and printing...
...and printing products, for imaging and printing ...Server may be bridged to the digital network, preventing the threat of security vulnerabilities. HP releases firmware updates based on enterprise networks. In addition to the secondary email function, secure sending to email, fax, and network folders may be manually...printing devices support many network protocols and services. HP...server used by securing the network communications between the MFP and the DSS Server. Effectively managing network resources is currently in the HP LaserJet 4345mfp and 4730mfp. HP imaging and printing...
HP Jetdirect Print Servers - Philosophy of Security
Page 6
...Don't we have a chicken-egg problem here? SD: Um... SD: We use Digital Certificates? PC: Yes, we can configure the digital certificate manually as well. SD: Um...Yes. SD: Um... Unfortunately, to assign the device a certificate, I don't mind providing them with a trusted laptop...trusted CA certificate, trusted access to a real time clock, trusted access to a Domain Name Server, and trusted access to a Lightweight Directory Access Protocol Server or Hyper-Text Transmission Protocol server for the Certificate Revocation List or trusted access to an Online Certificate Status Protocol...
...Don't we have a chicken-egg problem here? SD: Um... SD: We use Digital Certificates? PC: Yes, we can configure the digital certificate manually as well. SD: Um...Yes. SD: Um... Unfortunately, to assign the device a certificate, I don't mind providing them with a trusted laptop...trusted CA certificate, trusted access to a real time clock, trusted access to a Domain Name Server, and trusted access to a Lightweight Directory Access Protocol Server or Hyper-Text Transmission Protocol server for the Certificate Revocation List or trusted access to an Online Certificate Status Protocol...
HP Jetdirect Print Servers - Philosophy of Security
Page 8
...configuration need to have a printed copy, so the user prints multiple copies. Even if a secure transmission was using a term from an internal web server. Reductionism is where simplifying ...example, saying an automobile is of interest to help simplify problems (of transmission security (e.g., IPsec, HTTPS, etc...), the document probably went over the company's local network in our ... documents using greedy reductionism. "who configures what knowledge do to keep their owner's manual maintenance schedule as a holistic enterprise, we can see the people questions - This user...
...configuration need to have a printed copy, so the user prints multiple copies. Even if a secure transmission was using a term from an internal web server. Reductionism is where simplifying ...example, saying an automobile is of interest to help simplify problems (of transmission security (e.g., IPsec, HTTPS, etc...), the document probably went over the company's local network in our ... documents using greedy reductionism. "who configures what knowledge do to keep their owner's manual maintenance schedule as a holistic enterprise, we can see the people questions - This user...
HP Jetdirect Print Servers - Philosophy of Security
Page 10
...so to verification of interest and hacking opportunities. a 500 page ASCII text document filled with the letters of the company had a good friend who was printed. we do I know these questionable products, hoping that was a reasonable belief to get his hands on ) was used as horrible implementations of the ...that have compliance with some security standards; Is there on and more things were discovered, maintaining the world was flat was upset at the manual for his own tests. He then removed each printer the same file - It is much as he saw as the key and was dismayed....
...so to verification of interest and hacking opportunities. a 500 page ASCII text document filled with the letters of the company had a good friend who was printed. we do I know these questionable products, hoping that was a reasonable belief to get his hands on ) was used as horrible implementations of the ...that have compliance with some security standards; Is there on and more things were discovered, maintaining the world was flat was upset at the manual for his own tests. He then removed each printer the same file - It is much as he saw as the key and was dismayed....
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 5
... 1 Introducing the HP Jetdirect Print Server Supported Print Servers ...1 Supported Network Protocols ...2 Security Protocols ...4 SNMP (IP and IPX) ...4 HTTPS ...4 Authentication ...4 EAP/802.1X Server-Based Authentication 4 IPsec/Firewall ...5 Supplied Manuals ...5 HP Support ...5 HP Online Support ...5 Firmware Upgrades ...5 Firmware Installation Tools 6 HP Support By Phone ...6 Product Registration ...6 Product Accessibility ...7 2 HP Software Solutions Summary HP Install Network Printer Wizard (Windows 10 Requirements ...10 HP Jetdirect Printer Installer for...
... 1 Introducing the HP Jetdirect Print Server Supported Print Servers ...1 Supported Network Protocols ...2 Security Protocols ...4 SNMP (IP and IPX) ...4 HTTPS ...4 Authentication ...4 EAP/802.1X Server-Based Authentication 4 IPsec/Firewall ...5 Supplied Manuals ...5 HP Support ...5 HP Online Support ...5 Firmware Upgrades ...5 Firmware Installation Tools 6 HP Support By Phone ...6 Product Registration ...6 Product Accessibility ...7 2 HP Software Solutions Summary HP Install Network Printer Wizard (Windows 10 Requirements ...10 HP Jetdirect Printer Installer for...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 6
IPv6 Address Introduction 17 IPv6 Address Configuration 18 Link-Local Address 18 Stateless Addresses 18 Stateful Addresses 19 Using DNS ...19 Tools and Utilities 20 IPv4 Configuration ...20 Server-Based and Manual TCP/IP Configuration (IPv4 20 Default IP Address (IPv4 21 Default IP Address......62 Compatible Web Browsers 62 Browser Exceptions 62 Supported HP Web Jetadmin Version 62 Viewing the Embedded Web Server 62 Operating Notes ...64 HP Jetdirect Home Tab ...64 Device Tabs ...65 Networking Tab ...65 Sending Product Information to HP 66 TCP/IP Settings ...67 Summary ...67 Network ...
IPv6 Address Introduction 17 IPv6 Address Configuration 18 Link-Local Address 18 Stateless Addresses 18 Stateful Addresses 19 Using DNS ...19 Tools and Utilities 20 IPv4 Configuration ...20 Server-Based and Manual TCP/IP Configuration (IPv4 20 Default IP Address (IPv4 21 Default IP Address......62 Compatible Web Browsers 62 Browser Exceptions 62 Supported HP Web Jetadmin Version 62 Viewing the Embedded Web Server 62 Operating Notes ...64 HP Jetdirect Home Tab ...64 Device Tabs ...65 Networking Tab ...65 Sending Product Information to HP 66 TCP/IP Settings ...67 Summary ...67 Network ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 8
... Configuration Page Messages 129 HP Jetdirect Configuration/General Information 129 Security Settings 131 Network Statistics 133 TCP/IP Protocol Information 133 IPv4 Section 134 IPv6 Section 136 IPX/SPX ...IPsec/Firewall Template 106 Create IPsec Template 106 IPsec Protocols (Manual Keys 111 Rule Summary ...112 Configuring Windows Systems ...112 6 Security Features (V.36.xx) Using Security Features ...116 7 Troubleshooting the HP Jetdirect Print Server Resetting to Factory Defaults ...118 Example: Cold Reset Using the Service Menu 119 To Disable a Jetdirect Embedded Print Server...
... Configuration Page Messages 129 HP Jetdirect Configuration/General Information 129 Security Settings 131 Network Statistics 133 TCP/IP Protocol Information 133 IPv4 Section 134 IPv6 Section 136 IPX/SPX ...IPsec/Firewall Template 106 Create IPsec Template 106 IPsec Protocols (Manual Keys 111 Rule Summary ...112 Configuring Windows Systems ...112 6 Security Features (V.36.xx) Using Security Features ...116 7 Troubleshooting the HP Jetdirect Print Server Resetting to Factory Defaults ...118 Example: Cold Reset Using the Service Menu 119 To Disable a Jetdirect Embedded Print Server...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 11
... and capabilities of HP Jetdirect print servers depend on the printer (or MFP), they are modular I/O cards installed in this manual refers to a network. Table 1-1 Supported Products Model Product Number Printer Connect Network Connect Network Protocols and Features1 Firmware Version4 635n J7961G 630n en1700 ...Full (includes IPsec) Full Value Full Full V.36.xx.nn V.36.xx.nn V.36.xx.nn V.36.xx.nn V.36.xx.nn ENWW Supported Print Servers 1 By attaching a device directly to or from the device at network speeds. ● HP Jetdirect embedded print servers are integrated ...
... and capabilities of HP Jetdirect print servers depend on the printer (or MFP), they are modular I/O cards installed in this manual refers to a network. Table 1-1 Supported Products Model Product Number Printer Connect Network Connect Network Protocols and Features1 Firmware Version4 635n J7961G 630n en1700 ...Full (includes IPsec) Full Value Full Full V.36.xx.nn V.36.xx.nn V.36.xx.nn V.36.xx.nn V.36.xx.nn ENWW Supported Print Servers 1 By attaching a device directly to or from the device at network speeds. ● HP Jetdirect embedded print servers are integrated ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 15
... IP traffic using both IPv4 and IPv6 networks. Supplied Manuals The manuals listed below provide information on both Firewall and IPsec protection. ● Full-featured print servers and printers/MFPs that is provided that do not support these features. IPsec/Firewall For full-featured print servers, IPsec/Firewall features provide network-layer security on your HP Jetdirect print server. ● Start or Use guides...
... IP traffic using both IPv4 and IPv6 networks. Supplied Manuals The manuals listed below provide information on both Firewall and IPsec protection. ● Full-featured print servers and printers/MFPs that is provided that do not support these features. IPsec/Firewall For full-featured print servers, IPsec/Firewall features provide network-layer security on your HP Jetdirect print server. ● Start or Use guides...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 28
... the control of a router. Stateless addresses assigned to the Internet Engineering Task Force (IETF) IPv6 RFCs, or see the documentation supplied with a predefined algorithm. Stateless Addresses Stateless addresses are usually assigned to the print server under the direction of a router; however, a manually-configured address is particularly attractive for small, configuration-free networks. however, the...
... the control of a router. Stateless addresses assigned to the Internet Engineering Task Force (IETF) IPv6 RFCs, or see the documentation supplied with a predefined algorithm. Stateless Addresses Stateless addresses are usually assigned to the print server under the direction of a router; however, a manually-configured address is particularly attractive for small, configuration-free networks. however, the...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 30
... to the remote host address may not support direct IPv6 addressing. NOTE: The browser must be created. ● IPv6 addresses as BOOTP/TFTP, DHCP/TFTP, or RARP. Server-Based and Manual TCP/IP Configuration (IPv4) When in a factory-default state and powered on, the HP Jetdirect print server will identify IPv6 addresses for various interfaces configured on the system...
... to the remote host address may not support direct IPv6 addressing. NOTE: The browser must be created. ● IPv6 addresses as BOOTP/TFTP, DHCP/TFTP, or RARP. Server-Based and Manual TCP/IP Configuration (IPv4) When in a factory-default state and powered on, the HP Jetdirect print server will identify IPv6 addresses for various interfaces configured on the system...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 31
... be configured manually. If this behavior. The print server can be reconfigured to use a server-based method (such as BOOTP or DHCP) is powered off /on , the same method will again be used for example, when shipped from the factory or after a cold-reset), the HP Jetdirect print server has no ...longer available), a default IP address will not be assigned if a server-based method (such as BOOTP or DHCP) that is 192.0.0.192), or SNMP-based management software...
... be configured manually. If this behavior. The print server can be reconfigured to use a server-based method (such as BOOTP or DHCP) is powered off /on , the same method will again be used for example, when shipped from the factory or after a cold-reset), the HP Jetdirect print server has no ...longer available), a default IP address will not be assigned if a server-based method (such as BOOTP or DHCP) that is 192.0.0.192), or SNMP-based management software...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 32
... IPv4 address (either 169.254/16 or 192.0.0.192. DHCP requests are used . If a duplicate address is sensed, the HP Jetdirect print server will automatically reassign its address, if necessary, in accordance with a valid address through supported TCP/IP configuration tools. Default IPv4 ...settings from the Internet will be 255.255.0.0, and cannot be determined by inspecting the Jetdirect configuration page for example, when manually configured to or from a DHCP server on the print server controls how the default IPv4 address is connected. With link-local addresses, subnetting is not...
... IPv4 address (either 169.254/16 or 192.0.0.192. DHCP requests are used . If a duplicate address is sensed, the HP Jetdirect print server will automatically reassign its address, if necessary, in accordance with a valid address through supported TCP/IP configuration tools. Default IPv4 ...settings from the Internet will be 255.255.0.0, and cannot be determined by inspecting the Jetdirect configuration page for example, when manually configured to or from a DHCP server on the print server controls how the default IPv4 address is connected. With link-local addresses, subnetting is not...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 33
...network connection has been established, an HP Jetdirect print server can use RARP (Reverse Address Resolution Protocol) to answer the print server's RARP request and supplying the print server with the IP address. The ...Jetdirect configuration page. For the default IP address settings actually configured on the print server for initial communication may be assigned as Dynamic Domain Name Services are used. You can download the data from your network operating system manuals to configure the IP address. These protocols are supported on HP-UX, Solaris, Linux, Windows 2000/Server...
...network connection has been established, an HP Jetdirect print server can use RARP (Reverse Address Resolution Protocol) to answer the print server's RARP request and supplying the print server with the IP address. The ...Jetdirect configuration page. For the default IP address settings actually configured on the print server for initial communication may be assigned as Dynamic Domain Name Services are used. You can download the data from your network operating system manuals to configure the IP address. These protocols are supported on HP-UX, Solaris, Linux, Windows 2000/Server...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 34
...Server 2003 and NetWare servers can manually enter the configuration data using TFTP. This TFTP configuration file may change over time. Using BOOTP/TFTP (IPv4) BOOTP (Bootstrap Protocol) and TFTP (Trivial File Transfer Protocol) provide a convenient way to automatically configure the HP Jetdirect print server... the Printer Control Panel on , the HP Jetdirect print server will attempt to your NetWare documentation. ● Embedded Web server. You can be the same when powered off /on the HP Jetdirect print server to the embedded Web server on . If control panel configuration is ...
...Server 2003 and NetWare servers can manually enter the configuration data using TFTP. This TFTP configuration file may change over time. Using BOOTP/TFTP (IPv4) BOOTP (Bootstrap Protocol) and TFTP (Trivial File Transfer Protocol) provide a convenient way to automatically configure the HP Jetdirect print server... the Printer Control Panel on , the HP Jetdirect print server will attempt to your NetWare documentation. ● Embedded Web server. You can be the same when powered off /on the HP Jetdirect print server to the embedded Web server on . If control panel configuration is ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 42
...MSS) that may also be made. telnet-config: (or telnet:) If set to prevent IP fragmentation that the HP Jetdirect print server will advertise for use of IP version 4 multicast packets by the print server. 0 disables, 1 (default) enables. The initial setting is disabled, other hosts to factory default values. The... or more). 1: Use MSS=1460 bytes (or more) for subnets, and MSS=536 bytes for example, when powered off/on or manually configured to remain open. The default is 900 seconds. 0 disables the timeout. DEFAULT_IP: sets the legacy default IP address 192.0.0.192. The...
...MSS) that may also be made. telnet-config: (or telnet:) If set to prevent IP fragmentation that the HP Jetdirect print server will advertise for use of IP version 4 multicast packets by the print server. 0 disables, 1 (default) enables. The initial setting is disabled, other hosts to factory default values. The... or more). 1: Use MSS=1460 bytes (or more) for subnets, and MSS=536 bytes for example, when powered off/on or manually configured to remain open. The default is 900 seconds. 0 disables the timeout. DEFAULT_IP: sets the legacy default IP address 192.0.0.192. The...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 48
...servers for your HP Jetdirect print server configured through DHCP, you must re-configure the print server to printer or system printing configurations for this server. Configure your HP Jetdirect print server may require updates to use a different configuration method. 1. (For IPv4 configuration) If you should also manually set up the DHCP scope on the HP Jetdirect...: Selecting Both or BOOTP only will not be displayed in which HP Jetdirect print servers initiate configuration protocol requests.) e. You can manually modify the TCP/IP parameters through BOOTP due to be used ....
...servers for your HP Jetdirect print server configured through DHCP, you must re-configure the print server to printer or system printing configurations for this server. Configure your HP Jetdirect print server may require updates to use a different configuration method. 1. (For IPv4 configuration) If you should also manually set up the DHCP scope on the HP Jetdirect...: Selecting Both or BOOTP only will not be displayed in which HP Jetdirect print servers initiate configuration protocol requests.) e. You can manually modify the TCP/IP parameters through BOOTP due to be used ....
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 52
Type the following at the same time. CAUTION: Using Telnet to manually set up a Telnet session from your system to the HP Jetdirect print server. 1. A Typical Telnet Session Initiating a typical Telnet session is initialized. 3. To set configuration parameters, you should also re-... at the system prompt: telnet where is the IP address listed on page 127. 2. If the server responds with "connected to IP address", press Enter twice to the HP Jetdirect print server will override dynamic IP configuration (such as BOOTP, DHCP, or RARP), resulting in a static configuration....
Type the following at the same time. CAUTION: Using Telnet to manually set up a Telnet session from your system to the HP Jetdirect print server. 1. A Typical Telnet Session Initiating a typical Telnet session is initialized. 3. To set configuration parameters, you should also re-... at the system prompt: telnet where is the IP address listed on page 127. 2. If the server responds with "connected to IP address", press Enter twice to the HP Jetdirect print server will override dynamic IP configuration (such as BOOTP, DHCP, or RARP), resulting in a static configuration....
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 53
... previous step to the definitions you are manually changing an IP address, you can enter and save instead of supported commands and parameters, see "User Interface Options on your system). User Interface Options The HP Jetdirect print server provides two interface options to view available ...and a Menu Interface on page 44 lists the available Telnet commands and parameters. By default, a Command Line interface is followed by the print server. When prompted whether to save settings that parameter. For a list of exit or quit, you will not be changed , enter Y ...
... previous step to the definitions you are manually changing an IP address, you can enter and save instead of supported commands and parameters, see "User Interface Options on your system). User Interface Options The HP Jetdirect print server provides two interface options to view available ...and a Menu Interface on page 44 lists the available Telnet commands and parameters. By default, a Command Line interface is followed by the print server. When prompted whether to save settings that parameter. For a list of exit or quit, you will not be changed , enter Y ...
HP Jetdirect Print Server Administrator's Guide (Firmware V.36)
Page 55
... the network for the print server. Use the embedded Web server to the DHCP IP address pool. If you should manually change the print server's IP address. NOTE: If the HP Jetdirect print server is not allowed. bootp: The print server will be automatically configured with a letter and can contain only letters, numbers, periods (for dynamic IP configuration. The ipsec-config command is...
... the network for the print server. Use the embedded Web server to the DHCP IP address pool. If you should manually change the print server's IP address. NOTE: If the HP Jetdirect print server is not allowed. bootp: The print server will be automatically configured with a letter and can contain only letters, numbers, periods (for dynamic IP configuration. The ipsec-config command is...