HP Jetdirect Print Servers - Philosophy of Security
Page 6
...that means I mean it has to make sure the certificate hasn't expired, it has to make sure that the device name and IP address match, it has to make sure that the certificate hasn't been revoked, it has to make sure that the management station's .... the management station does it automatically! I 'm assuming the device needs to the management station that it is talking to an Online Certificate Status Protocol server. I believe you can configure the digital certificate manually as well. I 'll just have a digital certificate? SD: We use Digital Certificates? SD:...
...that means I mean it has to make sure the certificate hasn't expired, it has to make sure that the device name and IP address match, it has to make sure that the certificate hasn't been revoked, it has to make sure that the management station's .... the management station does it automatically! I 'm assuming the device needs to the management station that it is talking to an Online Certificate Status Protocol server. I believe you can configure the digital certificate manually as well. I 'll just have a digital certificate? SD: We use Digital Certificates? SD:...
HP Jetdirect Security Guidelines
Page 2
...use as LPD to your desktop computer system or printer spooler, and then forgetting about them as fast and painlessly as TCP/IP. At the time HP Jetdirect was introduced, there was designed to promote 'Ease-of-Use', to reduce support calls, and to deploy them . Customers... of the type of device in question. Today's security configurations and protocols that this growth period in network printing, functionality within HP Jetdirect was a variety of the first print servers to remember that last part sound like your PC. At one of competition in the market place regarding protocol...
...use as LPD to your desktop computer system or printer spooler, and then forgetting about them as fast and painlessly as TCP/IP. At the time HP Jetdirect was introduced, there was designed to promote 'Ease-of-Use', to reduce support calls, and to deploy them . Customers... of the type of device in question. Today's security configurations and protocols that this growth period in network printing, functionality within HP Jetdirect was a variety of the first print servers to remember that last part sound like your PC. At one of competition in the market place regarding protocol...
HP Jetdirect Security Guidelines
Page 7
...HP Jetdirect Product Number J7949E Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700...presented in a variety of delivering data to a printer using the TCP/IP protocol suite. How does an Administrator prevent TCP Port 9100 from being ...
...HP Jetdirect Product Number J7949E Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700...presented in a variety of delivering data to a printer using the TCP/IP protocol suite. How does an Administrator prevent TCP Port 9100 from being ...
HP Jetdirect Security Guidelines
Page 8
... be formed. It is important to note that all print protocols that is allowed to any TCP/IP traffic. These attacks can target any device (not just HP Jetdirect) that really is to disable all TCP/IP traffic to print but keeps changing the display or doing other subnets, but... SSL/TLS to IP address spoofing and Man-in the administrative guidelines for the local subnet. Otherwise, SSL/TLS is subject to be found in -the-Middle (MITM) attacks. Eliminate the default gateway (set to print? Setup a rule to successfully authenticate the server endpoint (and optionally...
... be formed. It is important to note that all print protocols that is allowed to any TCP/IP traffic. These attacks can target any device (not just HP Jetdirect) that really is to disable all TCP/IP traffic to print but keeps changing the display or doing other subnets, but... SSL/TLS to IP address spoofing and Man-in the administrative guidelines for the local subnet. Otherwise, SSL/TLS is subject to be found in -the-Middle (MITM) attacks. Eliminate the default gateway (set to print? Setup a rule to successfully authenticate the server endpoint (and optionally...
HP Jetdirect Security Guidelines
Page 10
... a node by sending it with the TCP/IP protocol suite. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it can "open it to all the data sent between an FTP client and an FTP server, it to block PJL commands. A node...
... a node by sending it with the TCP/IP protocol suite. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it can "open it to all the data sent between an FTP client and an FTP server, it to block PJL commands. A node...
HP Jetdirect Security Guidelines
Page 11
... access allow: 192.168.40.0 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd...SNMP # use with UNIX or Linux environments; picasso:\ :hn:\ :ht=ether:\ :vm=rfc1048:\ :ha=0001E6123456:\ :ip=192.168.40.39:\ :sm=255.255.255.0:\ :gw=192.168.40.1:\ :lg=192.168.40.3:\ :T144... # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. An example of ...
... access allow: 192.168.40.0 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd...SNMP # use with UNIX or Linux environments; picasso:\ :hn:\ :ht=ether:\ :vm=rfc1048:\ :ha=0001E6123456:\ :ip=192.168.40.39:\ :sm=255.255.255.0:\ :gw=192.168.40.1:\ :lg=192.168.40.3:\ :T144... # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. An example of ...
HP Jetdirect Security Guidelines
Page 18
Click "Finish" to have the Security Wizard for SET 2 executed. Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to set the configuration. Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to a specific IP subnet range: 18 Configuration Review Configuration review.
Click "Finish" to have the Security Wizard for SET 2 executed. Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to set the configuration. Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to a specific IP subnet range: 18 Configuration Review Configuration review.
HP Jetdirect Security Guidelines
Page 20
Click "New" again. Now for increased security. NOTE: If IPv6 is not used on your network, go to TCP/IP settings and disable IPv6 for IPv6. You can also skips which use IPv6 in this address template very clearly. We've also named this configuration. 20 Select "All IPv4 Addresses" for Local Address and then we specified the 192.168.0/24 subnet for the Remote Address. We'll define the IPv4 address range first.
Click "New" again. Now for increased security. NOTE: If IPv6 is not used on your network, go to TCP/IP settings and disable IPv6 for IPv6. You can also skips which use IPv6 in this address template very clearly. We've also named this configuration. 20 Select "All IPv4 Addresses" for Local Address and then we specified the 192.168.0/24 subnet for the Remote Address. We'll define the IPv4 address range first.
HP Jetdirect Security Guidelines
Page 25
Now we select "All IP addresses" which encompasses both IPv4 and IPv6. Click "Next". 25 Click "Create another rule". We have allowed management traffic from our IPv4/IPv6 administrative subnet. Here we must create a rule to throw away all other management traffic.
Now we select "All IP addresses" which encompasses both IPv4 and IPv6. Click "Next". 25 Click "Create another rule". We have allowed management traffic from our IPv4/IPv6 administrative subnet. Here we must create a rule to throw away all other management traffic.
HP Jetdirect Security Guidelines
Page 28
Be sure that all IP addresses must use IPsec to utilize a management protocol. Let's go through the same process as we did with a management protocol to Jetdirect without using IPsec, the packets are using HTTPS before navigating to this page. Select "Allow" for SET 2 executed.... Once the Security Wizard configuration has been completed, then we 'll simply say that you are dropped by the IP layer. Select "All IP Addresses" and ...
Be sure that all IP addresses must use IPsec to utilize a management protocol. Let's go through the same process as we did with a management protocol to Jetdirect without using IPsec, the packets are using HTTPS before navigating to this page. Select "Allow" for SET 2 executed.... Once the Security Wizard configuration has been completed, then we 'll simply say that you are dropped by the IP layer. Select "All IP Addresses" and ...
HP Jetdirect Administrator's Guide
Page 4
... Links 153 ENWW 4 HP Software Solutions Summary Introduction 15 HP Install Network Printer Wizard (Windows 18 HP Jetdirect Printer Installer for UNIX 19 HP Web Jetadmin 20 Internet Printer Connection Software 23 HP IP/IPX Printer Gateway for NDPS 26 HP WPS Assistant (Mac OS X 27 HP LaserJet Utilities for Mac OS 28 3. Introducing the HP Jetdirect Print Server Introduction 7 Supported Print Servers 8 Supported Network...
... Links 153 ENWW 4 HP Software Solutions Summary Introduction 15 HP Install Network Printer Wizard (Windows 18 HP Jetdirect Printer Installer for UNIX 19 HP Web Jetadmin 20 Internet Printer Connection Software 23 HP IP/IPX Printer Gateway for NDPS 26 HP WPS Assistant (Mac OS X 27 HP LaserJet Utilities for Mac OS 28 3. Introducing the HP Jetdirect Print Server Introduction 7 Supported Print Servers 8 Supported Network...
HP Jetdirect Administrator's Guide
Page 5
... Session 178 7. Troubleshooting the HP Jetdirect Print Server Introduction 185 Resetting to Factory Defaults 186 General Troubleshooting 188 Troubleshooting Wireless Print Servers 196 Troubleshooting an LPD UNIX Configuration 200 9. HP Jetdirect Configuration Page Introduction 202 Configuration Page Format 203 Configuration Page Messages 205 Error Messages 225 A. TCP/IP Overview Introduction 236 IP Address 237 Configuring IP Parameters 240 Subnets 241 Gateways...
... Session 178 7. Troubleshooting the HP Jetdirect Print Server Introduction 185 Resetting to Factory Defaults 186 General Troubleshooting 188 Troubleshooting Wireless Print Servers 196 Troubleshooting an LPD UNIX Configuration 200 9. HP Jetdirect Configuration Page Introduction 202 Configuration Page Format 203 Configuration Page Messages 205 Error Messages 225 A. TCP/IP Overview Introduction 236 IP Address 237 Configuring IP Parameters 240 Subnets 241 Gateways...
HP Jetdirect Administrator's Guide
Page 8
.... ENWW Introducing the HP Jetdirect Print Server 8 See Table 1.2. *** xx represents a release number. For firmware updates, see Chapter 4), and network management applications. Table 1.1 Supported Products Model Product Printer Network Number Connect Connect Network Firmware Protocols Version*** and Features ew2400 J7951A USB 2.0 10/100TX wired, or 802.11g wireless Limited* V.28.xx.nnnnnnnn en3700 J7942A USB...
.... ENWW Introducing the HP Jetdirect Print Server 8 See Table 1.2. *** xx represents a release number. For firmware updates, see Chapter 4), and network management applications. Table 1.1 Supported Products Model Product Printer Network Number Connect Connect Network Firmware Protocols Version*** and Features ew2400 J7951A USB 2.0 10/100TX wired, or 802.11g wireless Limited* V.28.xx.nnnnnnnn en3700 J7942A USB...
HP Jetdirect Administrator's Guide
Page 9
...only), Direct Mode printing J7951A (ew2400)*** J7942A (en3700) J7934A (620n) AppleTalk (EtherTalk only) Apple Mac OS J7951A (ew2400) J7942A (en3700) J7934A (620n) DLC/LLC Microsoft Windows NT** J7942A (en3700) J7934A (620n) * Refer to the current HP Jetdirect product data sheets...ENWW Introducing the HP Jetdirect Print Server 9 For operation with this product, HP network setup and management software for additional network systems and versions. Table 1.2 Supported Network Protocols Supported Network Protocols TCP/IP IPX/SPX and compatible Network Printing Environments* Product ...
...only), Direct Mode printing J7951A (ew2400)*** J7942A (en3700) J7934A (620n) AppleTalk (EtherTalk only) Apple Mac OS J7951A (ew2400) J7942A (en3700) J7934A (620n) DLC/LLC Microsoft Windows NT** J7942A (en3700) J7934A (620n) * Refer to the current HP Jetdirect product data sheets...ENWW Introducing the HP Jetdirect Print Server 9 For operation with this product, HP network setup and management software for additional network systems and versions. Table 1.2 Supported Network Protocols Supported Network Protocols TCP/IP IPX/SPX and compatible Network Printing Environments* Product ...
HP Jetdirect Administrator's Guide
Page 10
... Authentication Protocol (EAP) with an authentication server, such as 620n and en3700) support an SNMP v1/v2c agent, and an SNMP v3 agent for device management. Security Protocols SNMP (IP and IPX) SNMP (Simple Network Management Protocol) is used by network management applications for enhanced security. HP Jetdirect print servers support SNMP and standard MIB-II (Management...
... Authentication Protocol (EAP) with an authentication server, such as 620n and en3700) support an SNMP v1/v2c agent, and an SNMP v3 agent for device management. Security Protocols SNMP (IP and IPX) SNMP (Simple Network Management Protocol) is used by network management applications for enhanced security. HP Jetdirect print servers support SNMP and standard MIB-II (Management...
HP Jetdirect Administrator's Guide
Page 13
... ftp> put ftp>######### ftp> bye ENWW Introducing the HP Jetdirect Print Server 13 After user login, typical FTP commands to log into the device. Firmware upgrades for supported HP Jetdirect print servers may be used to transfer a firmware upgrade image file to the print server. To start an FTP session, use the device IP address or host name. If a password is...
... ftp> put ftp>######### ftp> bye ENWW Introducing the HP Jetdirect Print Server 13 After user login, typical FTP commands to log into the device. Firmware upgrades for supported HP Jetdirect print servers may be used to transfer a firmware upgrade image file to the print server. To start an FTP session, use the device IP address or host name. If a password is...
HP Jetdirect Administrator's Guide
Page 15
... configure wireless parameters for direct-mode (peer-to set up or manage your network. See Table 2.1 to your HP Jetdirect-connected network devices. Wireless print servers: With version 4.0, allows you to install (or add) a single network printer on your system for an 802...11g wireless connection to help you . ENWW 15 2 HP Software Solutions Summary Introduction HP provides a variety of 3) Operating Environment Function Remarks HP Install Network Printer Wizard (Windows) Windows 98, Me, NT 4.0, 2000, XP*, Server 2003 For direct mode IP and IPX printing. *32-bit mode only.
... configure wireless parameters for direct-mode (peer-to set up or manage your network. See Table 2.1 to your HP Jetdirect-connected network devices. Wireless print servers: With version 4.0, allows you to install (or add) a single network printer on your system for an 802...11g wireless connection to help you . ENWW 15 2 HP Software Solutions Summary Introduction HP provides a variety of 3) Operating Environment Function Remarks HP Install Network Printer Wizard (Windows) Windows 98, Me, NT 4.0, 2000, XP*, Server 2003 For direct mode IP and IPX printing. *32-bit mode only.
HP Jetdirect Administrator's Guide
Page 16
...; Browser-based management Asset tracking and utilization analysis. Remote firmware upgrades for HP Jetdirect print servers. ● HP's preferred solution for supported system updates.) Windows 2000, XP Professional, Server 2003 HP-UX* Solaris* Linux* NetWare* TCP/IP, IPX/SPX *Supports queue creation and peripheral management from HP's Website ● Not supported on value-based products, such as ew2400 ENWW...
...; Browser-based management Asset tracking and utilization analysis. Remote firmware upgrades for HP Jetdirect print servers. ● HP's preferred solution for supported system updates.) Windows 2000, XP Professional, Server 2003 HP-UX* Solaris* Linux* NetWare* TCP/IP, IPX/SPX *Supports queue creation and peripheral management from HP's Website ● Not supported on value-based products, such as ew2400 ENWW...
HP Jetdirect Administrator's Guide
Page 17
... Remarks HP IP/IPX Printer Gateway for Mac OS Mac OS 9.x, X 10.x(Classic Mode) Configuration and management of HP Jetdirect-connected printers into NDPS. HP WPS Assistant (Mac OS X) Mac OS X 10.1.5 or later Configuration of HP Jetdirect wireless print servers. ● Distributed on the HP Jetdirect CD-ROM HP LaserJet Utilities for NDPS NetWare 5.x, 6.x Simplified installation, printing, and bidirectional management of HP Jetdirect-connected...
... Remarks HP IP/IPX Printer Gateway for Mac OS Mac OS 9.x, X 10.x(Classic Mode) Configuration and management of HP Jetdirect-connected printers into NDPS. HP WPS Assistant (Mac OS X) Mac OS X 10.1.5 or later Configuration of HP Jetdirect wireless print servers. ● Distributed on the HP Jetdirect CD-ROM HP LaserJet Utilities for NDPS NetWare 5.x, 6.x Simplified installation, printing, and bidirectional management of HP Jetdirect-connected...
HP Jetdirect Administrator's Guide
Page 18
..., Windows NT 4.0, Windows 98/Me, Server 2003 ◆ TCP/IP or IPX/SPX network protocol ENWW HP Software Solutions Summary 18 This is included on a TCP/IP or IPX/SPX network. A version that will send print jobs directly to first configure wireless settings on the Jetdirect CD-ROM interface. For wireless print servers, the wizard includes modules that...
..., Windows NT 4.0, Windows 98/Me, Server 2003 ◆ TCP/IP or IPX/SPX network protocol ENWW HP Software Solutions Summary 18 This is included on a TCP/IP or IPX/SPX network. A version that will send print jobs directly to first configure wireless settings on the Jetdirect CD-ROM interface. For wireless print servers, the wizard includes modules that...