HP Jetdirect Print Servers - Philosophy of Security
Page 7
... (PKI). no. PC: Perfect. is it using SSL correctly, is non-trivial to send your device my domain credentials? We have defaults for the Administration credentials. for security can see, 7 SD: Well, we will come down to support digital certificates (e.g., the trusted CA... my outsourcer my device's administration credentials? All of experts that need to be configuring these things need to remember multiple usernames and passwords. You could have any alternatives? SSLv1.0, SSLv2.0, SSLv3.0, and TLS 1.0/1.1 • Standardized by the Internet Engineering Task Force ...
... (PKI). no. PC: Perfect. is it using SSL correctly, is non-trivial to send your device my domain credentials? We have defaults for the Administration credentials. for security can see, 7 SD: Well, we will come down to support digital certificates (e.g., the trusted CA... my outsourcer my device's administration credentials? All of experts that need to be configuring these things need to remember multiple usernames and passwords. You could have any alternatives? SSLv1.0, SSLv2.0, SSLv3.0, and TLS 1.0/1.1 • Standardized by the Internet Engineering Task Force ...
HP Jetdirect Security Guidelines
Page 6
...the LaserJet IIIsi and LaserJet 4si have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. Printers and MFPs with a lot of EIO based printers, proper deployment of the 635n can protect their...printing and imaging infrastructure. This flexibility will come from the four main HP Jetdirect product lines, referred to the highest level. As a reminder, these devices do the following: • Update all devices to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default...
...the LaserJet IIIsi and LaserJet 4si have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. Printers and MFPs with a lot of EIO based printers, proper deployment of the 635n can protect their...printing and imaging infrastructure. This flexibility will come from the four main HP Jetdirect product lines, referred to the highest level. As a reminder, these devices do the following: • Update all devices to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default...
HP Jetdirect Security Guidelines
Page 9
... 4 support SNMPv3. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. After you have upgraded all software and firmware, change your HP Jetdirect devices behave the same regarding their password handling. If the...well-known default SNMP community names. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web ...
... 4 support SNMPv3. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. After you have upgraded all software and firmware, change your HP Jetdirect devices behave the same regarding their password handling. If the...well-known default SNMP community names. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web ...
HP Jetdirect Security Guidelines
Page 11
... 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; An example UNIX ...following : # set-community-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. This configuration...
... 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; An example UNIX ...following : # set-community-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. This configuration...
HP Jetdirect Security Guidelines
Page 12
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
HP Jetdirect Administrator's Guide
Page 50
... of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. Only printable ASCII characters are allowed. Only HTTPS (secure HTTP) communications can be manually overwritten on the print server to factory default values. 0 (default) does...default contact is 64 characters. ssl-state: Sets the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. ENWW TCP/IP Configuration 50 Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password...
... of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. Only printable ASCII characters are allowed. Only HTTPS (secure HTTP) communications can be manually overwritten on the print server to factory default values. 0 (default) does...default contact is 64 characters. ssl-state: Sets the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. ENWW TCP/IP Configuration 50 Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password...
HP Jetdirect Administrator's Guide
Page 57
...must be ASCII characters. trap-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. The default SNMP Trap Destination List is 255 characters. To receive SNMP traps, the systems listed on ) ...GetRequests the HP Jetdirect print server will be specified without a community name. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. To delete...
...must be ASCII characters. trap-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. The default SNMP Trap Destination List is 255 characters. To receive SNMP traps, the systems listed on ) ...GetRequests the HP Jetdirect print server will be specified without a community name. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. To delete...
HP Jetdirect Administrator's Guide
Page 74
...HP Jetdirect print server, a route must have a similar IP address, that is, the network portion of their IP addresses do not match, then you can either change your workstation's IP address to match, or you can use Telnet commands with a legacy default IP address 192.0.0.192, a route will exist. If the print server... and your computer must be protected by an administrator password, Telnet connections are that a wireless connection to the print server. If their IP addresses ...
...HP Jetdirect print server, a route must have a similar IP address, that is, the network portion of their IP addresses do not match, then you can either change your workstation's IP address to match, or you can use Telnet commands with a legacy default IP address 192.0.0.192, a route will exist. If the print server... and your computer must be protected by an administrator password, Telnet connections are that a wireless connection to the print server. If their IP addresses ...
HP Jetdirect Administrator's Guide
Page 77
... with "connected to IP address", press Enter twice to the HP Jetdirect print server will be displayed. By default, the Telnet interface does not require a user name or password. For more information, see "Telnet Commands and Parameters". Type the following at the system prompt: telnet where is initialized. 3. ...". To set configuration parameters, you must set , you can enter and save Telnet command settings. 4. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. By default, a Command Line interface is provided.
... with "connected to IP address", press Enter twice to the HP Jetdirect print server will be displayed. By default, the Telnet interface does not require a user name or password. For more information, see "Telnet Commands and Parameters". Type the following at the system prompt: telnet where is initialized. 3. ...". To set configuration parameters, you must set , you can enter and save Telnet command settings. 4. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. By default, a Command Line interface is provided.
HP Jetdirect Administrator's Guide
Page 79
...Command Description ? Help (?) will not include Advanced commands (default). export Export the settings to configuration parameters. General Command Description passwd Set the administrator password (shared with the embedded Web server and HP Web Jetadmin). Telnet Commands and Parameters. menu Displays the ...Menu Interface for example, from a BOOTP or DHCP server), its value cannot be prompted for...
...Command Description ? Help (?) will not include Advanced commands (default). export Export the settings to configuration parameters. General Command Description passwd Set the administrator password (shared with the embedded Web server and HP Web Jetadmin). Telnet Commands and Parameters. menu Displays the ...Menu Interface for example, from a BOOTP or DHCP server), its value cannot be prompted for...
HP Jetdirect Administrator's Guide
Page 90
... either a user-specified community name or the factory-default. If a user-specified get -cmnty-name Specifies a password that are refused by the print server. The community name must be disabled. TCP Access Denied (Read-only parameter) The number of the system from which SNMP GetRequests the HP Jetdirect print server will disable all SNMP agents (SNMP v1, v2...
... either a user-specified community name or the factory-default. If a user-specified get -cmnty-name Specifies a password that are refused by the print server. The community name must be disabled. TCP Access Denied (Read-only parameter) The number of the system from which SNMP GetRequests the HP Jetdirect print server will disable all SNMP agents (SNMP v1, v2...
HP Jetdirect Administrator's Guide
Page 91
... management applications. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. To receive SNMP traps, the systems listed on the...-trap Configures the print server to send (on) or not send (off , 1 (default) is empty, the print server does not send SNMP traps. The community name of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request...
... management applications. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. To receive SNMP traps, the systems listed on the...-trap Configures the print server to send (on) or not send (off , 1 (default) is empty, the print server does not send SNMP traps. The community name of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request...
HP Jetdirect Administrator's Guide
Page 108
... address configured on the HP Jetdirect print server. The LAN hardware (or MAC, Media Access Control) address of the HP Jetdirect print server (for this guide. By default, the LAA is assigned by a network administrator. The length of time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server) for a User Name and Password to set . The...
... address configured on the HP Jetdirect print server. The LAN hardware (or MAC, Media Access Control) address of the HP Jetdirect print server (for this guide. By default, the LAA is assigned by a network administrator. The length of time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server) for a User Name and Password to set . The...
HP Jetdirect Administrator's Guide
Page 121
...This option enables the SNMP v1/v2c agents on the print server. CAUTION If you use HP Web Jetadmin to manage your devices, you should use HP Web Jetadmin to be implemented on the HP Jetdirect print server. Write-access is a password to retrieve (or "read") SNMP information on the...name must contain the appropriate Set or Get community name before the print server will respond. The default Get community name is a password to be able to configure (or "write") SNMP information on the print server. The default Get community name "public" is disabled, some port monitors or discovery...
...This option enables the SNMP v1/v2c agents on the print server. CAUTION If you use HP Web Jetadmin to manage your devices, you should use HP Web Jetadmin to be implemented on the HP Jetdirect print server. Write-access is a password to retrieve (or "read") SNMP information on the...name must contain the appropriate Set or Get community name before the print server will respond. The default Get community name is a password to be able to configure (or "write") SNMP information on the print server. The default Get community name "public" is disabled, some port monitors or discovery...
HP Jetdirect Administrator's Guide
Page 127
...LPD Printing (TEXT): Default LPD text queue printing. The default selection will be accessed through HP-proprietary port 9100. The port number identifies the port reserved for proxy activity on the proxy server has been set up , enter the Name name of the user account. Proxy Server ...and can be up to 65535. LPD Printing (BINPS): Default LPD binary postscript queue printing. Proxy Server Specifies the proxy server to be listed if they have been configured, where is used by the proxy server for client support. Proxy Server Password If a user account on the printer,...
...LPD Printing (TEXT): Default LPD text queue printing. The default selection will be accessed through HP-proprietary port 9100. The port number identifies the port reserved for proxy activity on the proxy server has been set up , enter the Name name of the user account. Proxy Server ...and can be up to 65535. LPD Printing (BINPS): Default LPD binary postscript queue printing. Proxy Server Specifies the proxy server to be listed if they have been configured, where is used by the proxy server for client support. Proxy Server Password If a user account on the printer,...
HP Jetdirect Administrator's Guide
Page 138
... addition, for client and server authentication. If a password is checked), the administrator password will no longer be cleared by Jetdirect configuration tools, such as the embedded Web server, Telnet, and HP Web Jetadmin. A checkbox allows you to access Jetdirect print server settings, you will be ...as well as to Jetdirect configuration and status information. Note The administrator password may configure certificates for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to factory default settings. ENWW Using ...
... addition, for client and server authentication. If a password is checked), the administrator password will no longer be cleared by Jetdirect configuration tools, such as the embedded Web server, Telnet, and HP Web Jetadmin. A checkbox allows you to access Jetdirect print server settings, you will be ...as well as to Jetdirect configuration and status information. Note The administrator password may configure certificates for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to factory default settings. ENWW Using ...
HP Jetdirect Administrator's Guide
Page 139
...Jetdirect print server to the organization. Certificates may exist internal or external to factory-default states (for the printer and the Jetdirect EIO print server are permitted and allow data encryption, they do not ensure valid authentication. Account page) in which the password...Admin. If password synchronization is used to validating your settings. ● Manually set the same administrator password using both printer and networking configuration pages. Certificates (Certificate support depends on the HP Jetdirect print server: ● Jetdirect certificate. ...
...Jetdirect print server to the organization. Certificates may exist internal or external to factory-default states (for the printer and the Jetdirect EIO print server are permitted and allow data encryption, they do not ensure valid authentication. Account page) in which the password...Admin. If password synchronization is used to validating your settings. ● Manually set the same administrator password using both printer and networking configuration pages. Certificates (Certificate support depends on the HP Jetdirect print server: ● Jetdirect certificate. ...
HP Jetdirect Administrator's Guide
Page 150
...1X networks, the infrastructure components (such as required for client authentication on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to a factory-default state and then reinstall the device. The supported 802.1X authentication protocols and...to be intercepted. Available configuration settings are not secure protocols and device passwords may be configured with the printer/MFP device is recommended. 802.1x Authentication (Full-featured print servers only) This page allows you may need to reset the print server to the network.
...1X networks, the infrastructure components (such as required for client authentication on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to a factory-default state and then reinstall the device. The supported 802.1X authentication protocols and...to be intercepted. Available configuration settings are not secure protocols and device passwords may be configured with the printer/MFP device is recommended. 802.1x Authentication (Full-featured print servers only) This page allows you may need to reset the print server to the network.
HP Jetdirect Administrator's Guide
Page 151
... on the digital certificate issued by the Certificate Authority who signed the authentication server's certificate. The Server ID string is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of 2) Item Enable Protocols User Name Password, Confirm Password Server ID Encryption Strength CA Certificate Description Enable (check) the supported protocols used...
... on the digital certificate issued by the Certificate Authority who signed the authentication server's certificate. The Server ID string is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of 2) Item Enable Protocols User Name Password, Confirm Password Server ID Encryption Strength CA Certificate Description Enable (check) the supported protocols used...
HP Jetdirect Administrator's Guide
Page 175
... and password. The Jetdirect FTP server will be displayed. Passwords are ignored. HP Jetdirect print servers supported in this guide provide a single port (Port 1). In addition, the available HP Jetdirect ports for the HP Jetdirect print server. After... a successful connection, the user is the valid IP address or node name configured for printing will allow any user name. ENWW FTP Printing 175 See Figure 6.1 Figure 6.1 FTP Login Example If the connection is successful, a Ready message will be displayed. The default...
... and password. The Jetdirect FTP server will be displayed. Passwords are ignored. HP Jetdirect print servers supported in this guide provide a single port (Port 1). In addition, the available HP Jetdirect ports for the HP Jetdirect print server. After... a successful connection, the user is the valid IP address or node name configured for printing will allow any user name. ENWW FTP Printing 175 See Figure 6.1 Figure 6.1 FTP Login Example If the connection is successful, a Ready message will be displayed. The default...