HP Jetdirect Print Servers - Philosophy of Security
Page 7
...before security can specify a username, password, and role. for the Administration credentials. How do next? is it using SSL with . You send us your web service support Kerberos tickets to do nothing but also, who have implemented a PKI have defaults for ease of that need to... your device, I don't think so. I 'm really not interested. Do you rights off of use user authentication. It is non-trivial to authenticate a user over Kerberos Tickets, not my username/password pair. Easily the most...
...before security can specify a username, password, and role. for the Administration credentials. How do next? is it using SSL with . You send us your web service support Kerberos tickets to do nothing but also, who have implemented a PKI have defaults for ease of that need to... your device, I don't think so. I 'm really not interested. Do you rights off of use user authentication. It is non-trivial to authenticate a user over Kerberos Tickets, not my username/password pair. Easily the most...
HP Jetdirect Security Guidelines
Page 6
...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/SPX, AppleTalk) • Mark any product that cannot be addressing some ways to install a J7961G 635n IPv6/IPsec print server...employed against HP Jetdirect and some public information available about vulnerabilities or attacks against HP Jetdirect. Using this whitepaper will not upgrade the security capabilities of the Jetdirect device...., 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years.
...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/SPX, AppleTalk) • Mark any product that cannot be addressing some ways to install a J7961G 635n IPv6/IPsec print server...employed against HP Jetdirect and some public information available about vulnerabilities or attacks against HP Jetdirect. Using this whitepaper will not upgrade the security capabilities of the Jetdirect device...., 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years.
HP Jetdirect Security Guidelines
Page 9
...hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07129. HP Jetdirect Hacks: Firmware Upgrade A nice overview of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device. All HP Jetdirect... configured to use the well-known default SNMP community names. At the end of their password handling. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has ...
...hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07129. HP Jetdirect Hacks: Firmware Upgrade A nice overview of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device. All HP Jetdirect... configured to use the well-known default SNMP community names. At the end of their password handling. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has ...
HP Jetdirect Security Guidelines
Page 11
...168.40.0 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once configured. picasso:\ :hn...get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 however, there are many free BOOTP and TFTP servers for a great deal of power with caution - Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 ...
...168.40.0 255.255.255.0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once configured. picasso:\ :hn...get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 however, there are many free BOOTP and TFTP servers for a great deal of power with caution - Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 ...
HP Jetdirect Security Guidelines
Page 12
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
HP Jetdirect Administrator's Guide
Page 50
...on the print server (for Web communications: 1 (default): Forced redirection to factory default values. 0 (default) does not reset, 1 resets the security settings. Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password (up...HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. This may be manually changed , and always overwrite manual configurations. The maximum length is undefined. tftp-parameter-attribute: Specifies whether TFTP parameters can be used . tftp-ro (default...
...on the print server (for Web communications: 1 (default): Forced redirection to factory default values. 0 (default) does not reset, 1 resets the security settings. Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password (up...HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. This may be manually changed , and always overwrite manual configurations. The maximum length is undefined. tftp-parameter-attribute: Specifies whether TFTP parameters can be used . tftp-ro (default...
HP Jetdirect Administrator's Guide
Page 57
... number is empty. If the list is optional. set-cmnty-name: (set-community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. The default is "on ) or not send (off) SNMP authentication traps. To receive SNMP traps, the systems...
... number is empty. If the list is optional. set-cmnty-name: (set-community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. The default is "on ) or not send (off) SNMP authentication traps. To receive SNMP traps, the systems...
HP Jetdirect Administrator's Guide
Page 74
...HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server. If their IP addresses match, chances are not secure. For networks with a legacy default IP address 192.0.0.192, a route will exist. On Windows 2000/XP/Server 2003 systems, it is in the Programs or All Programs folder. If the print server...an administrator password, Telnet connections are that is configured with high security levels, Telnet connections can use Telnet commands with the HP Jetdirect print server, a route must be disabled on the print server using Telnet....
...HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server. If their IP addresses match, chances are not secure. For networks with a legacy default IP address 192.0.0.192, a route will exist. On Windows 2000/XP/Server 2003 systems, it is in the Programs or All Programs folder. If the print server...an administrator password, Telnet connections are that is configured with high security levels, Telnet connections can use Telnet commands with the HP Jetdirect print server, a route must be disabled on the print server using Telnet....
HP Jetdirect Administrator's Guide
Page 77
... prompt: telnet where is the IP address listed on the Jetdirect configuration page. To configure parameters using a Menu interface, enter Menu. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. By default, the Telnet interface does not require a user name or password. For more information, see "Telnet Commands and Parameters". If prompted...
... prompt: telnet where is the IP address listed on the Jetdirect configuration page. To configure parameters using a Menu interface, enter Menu. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. By default, the Telnet interface does not require a user name or password. For more information, see "Telnet Commands and Parameters". If prompted...
HP Jetdirect Administrator's Guide
Page 79
... the Advanced commands. exit Exit the session. When initiating the next Telnet session, you should also reconfigure the subnet mask and default gateway at the same time. To set Manual configuration, see the ip-config command. Displays the Help and Telnet commands. /... is only supported by systems, such as UNIX, that "jd1234" is entered twice for example, from a BOOTP or DHCP server), its value cannot be cleared by a cold reset. General Command Description passwd Set the administrator password (shared with the embedded Web server and HP Web Jetadmin).
... the Advanced commands. exit Exit the session. When initiating the next Telnet session, you should also reconfigure the subnet mask and default gateway at the same time. To set Manual configuration, see the ip-config command. Displays the Help and Telnet commands. /... is only supported by systems, such as UNIX, that "jd1234" is entered twice for example, from a BOOTP or DHCP server), its value cannot be cleared by a cold reset. General Command Description passwd Set the administrator password (shared with the embedded Web server and HP Web Jetadmin).
HP Jetdirect Administrator's Guide
Page 90
...). In addition, firmware upgrades through current HP downloading utilities will respond to HP. If a user-specified get -cmnty-name Specifies a password that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. Once changed, this...as communications with management applications, such as HP Web Jetadmin. Table 3.4 Telnet Commands and Parameters (12 of the embedded Web server. This is required. 2: Prompt the user to allow sending data on the print server. 0 disables, 1 (default) enables SNMP. DHCP Renew Time (Read...
...). In addition, firmware upgrades through current HP downloading utilities will respond to HP. If a user-specified get -cmnty-name Specifies a password that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. Once changed, this...as communications with management applications, such as HP Web Jetadmin. Table 3.4 Telnet Commands and Parameters (12 of the embedded Web server. This is required. 2: Prompt the user to allow sending data on the print server. 0 disables, 1 (default) enables SNMP. DHCP Renew Time (Read...
HP Jetdirect Administrator's Guide
Page 91
... Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. The maximum length is the LAN hardware address of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off, 1 (default) is on ) or not send (off...
... Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. The maximum length is the LAN hardware address of an incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off, 1 (default) is on ) or not send (off...
HP Jetdirect Administrator's Guide
Page 108
... LAN Hardware address. By default, the LAA is assigned by a network administrator. ENWW Using the Embedded Web Server 108 The version of the HP Jetdirect print server (for example HP J7934A). Specifies whether or not an administrator password has been set through a Telnet session with the HP Jetdirect print server, or from HP Web Jetadmin. (EIO print servers only) Because passwords are synchronized with selected printers...
... LAN Hardware address. By default, the LAA is assigned by a network administrator. ENWW Using the Embedded Web Server 108 The version of the HP Jetdirect print server (for example HP J7934A). Specifies whether or not an administrator password has been set through a Telnet session with the HP Jetdirect print server, or from HP Web Jetadmin. (EIO print servers only) Because passwords are synchronized with selected printers...
HP Jetdirect Administrator's Guide
Page 121
...is "public", which can be implemented on the SNMP management application. The default Get community name is a password to be disabled to restrict access by checking the checkbox provided. The default Get community name "public" is disabled. In addition, the SNMP v3 account... on the print server. Note: If "public" is a password to retrieve (or "read -only access Description This option enables the SNMP v1/v2c agents on the HP Jetdirect print server. SNMP You can be configured to control management access to the print server. CAUTION If you use HP Web Jetadmin ...
...is "public", which can be implemented on the SNMP management application. The default Get community name is a password to be disabled to restrict access by checking the checkbox provided. The default Get community name "public" is disabled. In addition, the SNMP v3 account... on the print server. Note: If "public" is a password to retrieve (or "read -only access Description This option enables the SNMP v1/v2c agents on the HP Jetdirect print server. SNMP You can be configured to control management access to the print server. CAUTION If you use HP Web Jetadmin ...
HP Jetdirect Administrator's Guide
Page 127
...to 64 characters. Proxy Server Password If a user account on your network, and can be used , where xxxxxx are the last 6 digits of the following printing options: 9100 Printing: Raw IP printing through the proxy server. LPD Printing (AUTO): Default LPD auto queue printing. If a user-specified ..., enter the Name name of the user account. IPP Printing: Internet Printing Protocol printing. To specify a proxy server, enter its IP address or fully-qualified domain name. The name can be accessed through HP-proprietary port 9100. mDNS Highest Priority Service Specifies the mDNS...
...to 64 characters. Proxy Server Password If a user account on your network, and can be used , where xxxxxx are the last 6 digits of the following printing options: 9100 Printing: Raw IP printing through the proxy server. LPD Printing (AUTO): Default LPD auto queue printing. If a user-specified ..., enter the Name name of the user account. IPP Printing: Internet Printing Protocol printing. To specify a proxy server, enter its IP address or fully-qualified domain name. The name can be accessed through HP-proprietary port 9100. mDNS Highest Priority Service Specifies the mDNS...
HP Jetdirect Administrator's Guide
Page 138
...Embedded Web Server 138 Note The administrator password may configure certificates for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to factory default settings. Account Use this feature (the checkbox is set an administrator password for ...server authentication. A checkbox allows you to synchronize HP Web Jetadmin and the SNMP v1/v2c Set Community Name.If you enable this page to set and you attempt to access Jetdirect print server settings, you will no longer be prompted for a user name and this password...
...Embedded Web Server 138 Note The administrator password may configure certificates for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to factory default settings. Account Use this feature (the checkbox is set an administrator password for ...server authentication. A checkbox allows you to synchronize HP Web Jetadmin and the SNMP v1/v2c Set Community Name.If you enable this page to set and you attempt to access Jetdirect print server settings, you will no longer be prompted for a user name and this password...
HP Jetdirect Administrator's Guide
Page 139
... printer and the Jetdirect print server to factory-default states (for example, through security Web pages provided by a trusted third party (commonly called a Certificate Authority, or CA), which may be "self-signed", which the password was set through ...HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is similar to network authentication servers. The Certificates page provides the status of the embedded Web server page (printer Security page or networking Admin. The password is used regardless of the certificates installed on the print server...
... printer and the Jetdirect print server to factory-default states (for example, through security Web pages provided by a trusted third party (commonly called a Certificate Authority, or CA), which may be "self-signed", which the password was set through ...HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is similar to network authentication servers. The Certificates page provides the status of the embedded Web server page (printer Security page or networking Admin. The password is used regardless of the certificates installed on the print server...
HP Jetdirect Administrator's Guide
Page 150
...802.1X authentication settings on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to the network. ENWW Using the Embedded Web Server 150 you may need to reset the print server to a factory-default state and then reinstall the device... prior to factory-default values. Available configuration settings are not secure protocols and device passwords may need to configure Novell NetWare parameters. For most 802.1X networks, the infrastructure components (such as required for client authentication on the print server. In addition, ...
...802.1X authentication settings on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to the network. ENWW Using the Embedded Web Server 150 you may need to reset the print server to a factory-default state and then reinstall the device... prior to factory-default values. Available configuration settings are not secure protocols and device passwords may need to configure Novell NetWare parameters. For most 802.1X networks, the infrastructure components (such as required for client authentication on the print server. In addition, ...
HP Jetdirect Administrator's Guide
Page 151
... must be a partial string unless the Require Exact Match checkbox is enabled. The Server ID string is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of 2) Item Enable Protocols User Name Password, Confirm Password Server ID Encryption Strength CA Certificate Description Enable (check) the supported protocols used during communications...
... must be a partial string unless the Require Exact Match checkbox is enabled. The Server ID string is the default host name of the print server, NPIxxxxxx, where xxxxxx are the last six digits of 2) Item Enable Protocols User Name Password, Confirm Password Server ID Encryption Strength CA Certificate Description Enable (check) the supported protocols used during communications...
HP Jetdirect Administrator's Guide
Page 175
... be displayed. After a successful connection, the user is the client's login name. The default is prompted for a login name and password. Passwords are ignored. See Figure 6.1 Figure 6.1 FTP Login Example If the connection is successful, a Ready message will allow any user name. HP Jetdirect print servers supported in this guide provide a single port (Port 1). For a typical FTP...
... be displayed. After a successful connection, the user is the client's login name. The default is prompted for a login name and password. Passwords are ignored. See Figure 6.1 Figure 6.1 FTP Login Example If the connection is successful, a Ready message will allow any user name. HP Jetdirect print servers supported in this guide provide a single port (Port 1). For a typical FTP...