HP Jetdirect Security Guidelines
Page 6
... devices do the following: • Update all devices to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/... several things before upgrading all HP Jetdirect firmware to install a J7961G 635n IPv6/IPsec print server. The administrative guideline for SET 1 products, but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. The Firewall...
... devices do the following: • Update all devices to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/... several things before upgrading all HP Jetdirect firmware to install a J7961G 635n IPv6/IPsec print server. The administrative guideline for SET 1 products, but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. The Firewall...
HP Jetdirect Security Guidelines
Page 9
...HP Jetdirect devices behave the same regarding their password handling. At the end of their printing behavior. Some additional protections can be configured to use the latest client software from passive sniffing, consider using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to recover, albeit with TFTP server information. HP...upgrade firmware is required to be sure to update the HP Jetdirect certificate to a certificate issued by HP Jetdirect to use the well-known default SNMP community names. Customers can populate the firmware upgrade ...
...HP Jetdirect devices behave the same regarding their password handling. At the end of their printing behavior. Some additional protections can be configured to use the latest client software from passive sniffing, consider using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to recover, albeit with TFTP server information. HP...upgrade firmware is required to be sure to update the HP Jetdirect certificate to a certificate issued by HP Jetdirect to use the well-known default SNMP community names. Customers can populate the firmware upgrade ...
HP Jetdirect Security Guidelines
Page 11
...of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. breaks SNMP management tools snmp-config:0 # # if ... # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not... Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with BOOTP...
...of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. breaks SNMP management tools snmp-config:0 # # if ... # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not... Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with BOOTP...
HP Jetdirect Security Guidelines
Page 12
... a sample content for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
... a sample content for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
HP Jetdirect Administrator's Guide
Page 50
... the printer (SNMP sysContact object). sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. The password may include how to factory default values. 0 (default) does not reset, 1 resets the security settings. ENWW TCP/IP Configuration 50 This may be used...
... the printer (SNMP sysContact object). sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. The password may include how to factory default values. 0 (default) does not reset, 1 resets the security settings. ENWW TCP/IP Configuration 50 This may be used...
HP Jetdirect Administrator's Guide
Page 57
... community name or the factory-default. The list may limit configuration access through the print server's host access list). trap-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. ...print server will respond to three entries. If a user-specified get -community-name:) Specifies a password that an SNMP request was received, but the community name check failed. ENWW TCP/IP Configuration 57 This is set -community-name:) Specifies a password that determines which SNMP GetRequests the HP Jetdirect print server...
... community name or the factory-default. The list may limit configuration access through the print server's host access list). trap-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. ...print server will respond to three entries. If a user-specified get -community-name:) Specifies a password that an SNMP request was received, but the community name check failed. ENWW TCP/IP Configuration 57 This is set -community-name:) Specifies a password that determines which SNMP GetRequests the HP Jetdirect print server...
HP Jetdirect Administrator's Guide
Page 74
...print server is in the Programs or All Programs folder. For networks with high security levels, Telnet connections can use Telnet commands with a legacy default IP address 192.0.0.192, a route will exist. For information on IP address structure, see your workstation's IP address to match, or you can be protected by an administrator password...Command Prompt). Using Telnet Note For HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server. This section describes how to the print server. ENWW TCP/IP Configuration 74 Although...
...print server is in the Programs or All Programs folder. For networks with high security levels, Telnet connections can use Telnet commands with a legacy default IP address 192.0.0.192, a route will exist. For information on IP address structure, see your workstation's IP address to match, or you can be protected by an administrator password...Command Prompt). Using Telnet Note For HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server. This section describes how to the print server. ENWW TCP/IP Configuration 74 Although...
HP Jetdirect Administrator's Guide
Page 77
..., you will be prompted for a user name and password, enter the correct values. By default, a Command Line interface is initialized. 3. For a list of supported commands and parameters, see "User Interface Options". See Chapter 9. 2. A connection to the HP Jetdirect print server will be displayed. User Interface Options The HP Jetdirect print server provides two interface options to enter Telnet commands: a Command...
..., you will be prompted for a user name and password, enter the correct values. By default, a Command Line interface is initialized. 3. For a list of supported commands and parameters, see "User Interface Options". See Chapter 9. 2. A connection to the HP Jetdirect print server will be displayed. User Interface Options The HP Jetdirect print server provides two interface options to enter Telnet commands: a Command...
HP Jetdirect Administrator's Guide
Page 90
...print server. 0 disables, 1 (default) enables SNMP. get community name is the factory-default and cold-reset value. This is 255 characters. The maximum length is optional. TCP Conns Refused (Read-only parameter) The number of the system from which SNMP GetRequests the HP Jetdirect print server ...specified get -cmnty-name Specifies a password that are refused by the print server. Table 3.4 Telnet Commands and Parameters (12 of 18) phone-home-config Specifies privacy settings on initial access to the Networking tab of the embedded Web server. DHCP Renew Time (Read-only ...
...print server. 0 disables, 1 (default) enables SNMP. get community name is the factory-default and cold-reset value. This is 255 characters. The maximum length is optional. TCP Conns Refused (Read-only parameter) The number of the system from which SNMP GetRequests the HP Jetdirect print server ...specified get -cmnty-name Specifies a password that are refused by the print server. Table 3.4 Telnet Commands and Parameters (12 of 18) phone-home-config Specifies privacy settings on initial access to the Networking tab of the embedded Web server. DHCP Renew Time (Read-only ...
HP Jetdirect Administrator's Guide
Page 91
...HP Jetdirect print server will respond to those traps. If the list is '162'. The community name of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is on the SNMP trap destination list must be ASCII characters. the default...the LAN hardware address. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. The default SNMP Trap Destination List is 255 characters. IPX/SPX Command Description ipx-config...
...HP Jetdirect print server will respond to those traps. If the list is '162'. The community name of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is on the SNMP trap destination list must be ASCII characters. the default...the LAN hardware address. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. The default SNMP Trap Destination List is 255 characters. IPX/SPX Command Description ipx-config...
HP Jetdirect Administrator's Guide
Page 108
.... See TCP/IP on the HP Jetdirect print server. The product number of the HP Jetdirect print server (for a User Name and Password to contact for this guide. This password may be locally administered. Specifies whether or not an administrator password has been set or clear administrator passwords. See TCP/IP on the HP Jetdirect print server) for the name of the HP Jetdirect print server. A text string (stored on...
.... See TCP/IP on the HP Jetdirect print server. The product number of the HP Jetdirect print server (for a User Name and Password to contact for this guide. This password may be locally administered. Specifies whether or not an administrator password has been set or clear administrator passwords. See TCP/IP on the HP Jetdirect print server) for the name of the HP Jetdirect print server. A text string (stored on...
HP Jetdirect Administrator's Guide
Page 121
... to configure (or "write") SNMP information on the print server. The default Get community name "public" is disabled, some port monitors or discovery utilities may not operate properly. An SNMP Set Community Name is a password to seamlessly configure SNMP v3 and other security settings on the HP Jetdirect print server. Note: If "public" is automatically enabled. SNMP You...
... to configure (or "write") SNMP information on the print server. The default Get community name "public" is disabled, some port monitors or discovery utilities may not operate properly. An SNMP Set Community Name is a password to seamlessly configure SNMP v3 and other security settings on the HP Jetdirect print server. Note: If "public" is automatically enabled. SNMP You...
HP Jetdirect Administrator's Guide
Page 138
...Using the Embedded Web Server 138 In addition, you may be cleared by Jetdirect configuration tools, such as the SNMP Set Community Name for SNMP v1/v2c management applications. The administrator password is shared by a cold reset of the print server, which resets the print server to factory default settings. Admin. ...SNMP v1/v2c Set Community Name.If you enable this feature (the checkbox is checked), the administrator password will also be used as the embedded Web server, Telnet, and HP Web Jetadmin. In addition, for example, using the SNMP tab on the Network Settings page or...
...Using the Embedded Web Server 138 In addition, you may be cleared by Jetdirect configuration tools, such as the SNMP Set Community Name for SNMP v1/v2c management applications. The administrator password is shared by a cold reset of the print server, which resets the print server to factory default settings. Admin. ...SNMP v1/v2c Set Community Name.If you enable this feature (the checkbox is checked), the administrator password will also be used as the embedded Web server, Telnet, and HP Web Jetadmin. In addition, for example, using the SNMP tab on the Network Settings page or...
HP Jetdirect Administrator's Guide
Page 139
... one of the certificates installed on the print server model) This tab provides access to factory-default states (for encryption and decryption) and a digital signature. Certificates (Certificate support depends on the HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is similar to validating your settings. ● Manually set the same administrator password using both printer and networking configuration...
... one of the certificates installed on the print server model) This tab provides access to factory-default states (for encryption and decryption) and a digital signature. Certificates (Certificate support depends on the HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is similar to validating your settings. ● Manually set the same administrator password using both printer and networking configuration...
HP Jetdirect Administrator's Guide
Page 150
... (such as required for client authentication on the print server. Available configuration settings are not secure protocols and device passwords may be configured with the printer/MFP device is recommended. 802.1x Authentication (Full-featured print servers only) This page allows you can use an...1X parameters prior to a factory-default state and then reinstall the device. To configure initial 802.1X settings before connecting to be intercepted. The supported 802.1X authentication protocols and associated configuration depend on the Jetdirect print server as LAN switches) must use ...
... (such as required for client authentication on the print server. Available configuration settings are not secure protocols and device passwords may be configured with the printer/MFP device is recommended. 802.1x Authentication (Full-featured print servers only) This page allows you can use an...1X parameters prior to a factory-default state and then reinstall the device. To configure initial 802.1X settings before connecting to be intercepted. The supported 802.1X authentication protocols and associated configuration depend on the Jetdirect print server as LAN switches) must use ...
HP Jetdirect Administrator's Guide
Page 175
... 6.1 Figure 6.1 FTP Login Example If the connection is successful, a message "230" will be displayed. The default is the valid IP address or node name configured for the HP Jetdirect print server. In addition, the available HP Jetdirect ports for a login name and password. FTP Login To start an FTP session, enter the following command from a MS-DOS or...
... 6.1 Figure 6.1 FTP Login Example If the connection is successful, a message "230" will be displayed. The default is the valid IP address or node name configured for the HP Jetdirect print server. In addition, the available HP Jetdirect ports for a login name and password. FTP Login To start an FTP session, enter the following command from a MS-DOS or...
HP Jetdirect Administrator's Guide
Page 180
...Password ● Used by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be used in HP Web Jetadmin SNMP v1/v2c Set commands. ● Cleared by a trusted third party can be installed on the print server...used . ● Configured on the HP Jetdirect print server can be configured with your Web browser. HTTPS (secure HTTP) provides secure, encrypted communications with EAP/802.1X server-based authentication. Up to factory default settings. ENWW Security Features 180 By ...
...Password ● Used by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be used in HP Web Jetadmin SNMP v1/v2c Set commands. ● Cleared by a trusted third party can be installed on the print server...used . ● Configured on the HP Jetdirect print server can be configured with your Web browser. HTTPS (secure HTTP) provides secure, encrypted communications with EAP/802.1X server-based authentication. Up to factory default settings. ENWW Security Features 180 By ...
HP Jetdirect Administrator's Guide
Page 181
...) ● A password on the HP Jetdirect print server that allows incoming SNMP Set commands (for both client-based and server-based authentication. (Installed certificates are limited to 3KB. However, HTTP host access can be disabled. Authentication and Encryption ● (Full-featured print servers) Certificate management for ... factory default, host systems that use HTTP (for example, using the embedded Web server or IPP) are not checked against entries in the Access List and are allowed access. Telnet Control ● Telnet may be disabled through the embedded Web server (see...
...) ● A password on the HP Jetdirect print server that allows incoming SNMP Set commands (for both client-based and server-based authentication. (Installed certificates are limited to 3KB. However, HTTP host access can be disabled. Authentication and Encryption ● (Full-featured print servers) Certificate management for ... factory default, host systems that use HTTP (for example, using the embedded Web server or IPP) are not checked against entries in the Access List and are allowed access. Telnet Control ● Telnet may be disabled through the embedded Web server (see...
HP Jetdirect Administrator's Guide
Page 183
..., access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through HTTP (embedded Web server), SNMP v1/v2c applications, or Telnet ● Administrator password not set ● The Access Control List contains host entries and checks HTTP connections ...through the embedded Web server, Telnet, or SNMP management software. If the Administrator password and SNMP v1/v2c Set Community Name are not required. ● Administrator password set ● User-specified SNMP v1/v2 Set Community Name set ● Default SNMP v1/v2c community...
..., access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through HTTP (embedded Web server), SNMP v1/v2c applications, or Telnet ● Administrator password not set ● The Access Control List contains host entries and checks HTTP connections ...through the embedded Web server, Telnet, or SNMP management software. If the Administrator password and SNMP v1/v2c Set Community Name are not required. ● Administrator password set ● User-specified SNMP v1/v2 Set Community Name set ● Default SNMP v1/v2c community...
HP Jetdirect Administrator's Guide
Page 234
... The print server will default to a legacy default IP address 192.0.0.192. 63 AUTO IP IN PROGRESS The print server is automatically assigning an IP address using link-local addressing in the form 169.254.x.x. 64 INVALID PASSWORD An invalid password was received from the DHCP server. ENWW HP Jetdirect Configuration ... is less than, or equal to, the Rebind time. Verify that the password consists of a maximum of a configuration change or reset request. Check your DHCP server settings for this print server. 5D DHCP LEASE DURATION TOO SHORT The DHCP lease times for duplicate names,...
... The print server will default to a legacy default IP address 192.0.0.192. 63 AUTO IP IN PROGRESS The print server is automatically assigning an IP address using link-local addressing in the form 169.254.x.x. 64 INVALID PASSWORD An invalid password was received from the DHCP server. ENWW HP Jetdirect Configuration ... is less than, or equal to, the Rebind time. Verify that the password consists of a maximum of a configuration change or reset request. Check your DHCP server settings for this print server. 5D DHCP LEASE DURATION TOO SHORT The DHCP lease times for duplicate names,...