HP Jetdirect Security Guidelines
Page 6
... attacks employed against HP Jetdirect and some public information available about vulnerabilities or attacks against HP Jetdirect. These models have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years. HP recommends always upgrading only...windows open. This flexibility will come from the four main HP Jetdirect product lines, referred to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All...
... attacks employed against HP Jetdirect and some public information available about vulnerabilities or attacks against HP Jetdirect. These models have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years. HP recommends always upgrading only...windows open. This flexibility will come from the four main HP Jetdirect product lines, referred to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All...
HP Jetdirect Security Guidelines
Page 9
... firmware, change your HP Jetdirect devices behave the same regarding their password handling. Also, consider migrating to properly avoid MITM attacks. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the...
... firmware, change your HP Jetdirect devices behave the same regarding their password handling. Also, consider migrating to properly avoid MITM attacks. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the...
HP Jetdirect Security Guidelines
Page 11
... configuration provides the following : # set-community-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 An example of the... Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX ...; Syslog server: 192.168.40.3 • TFTP configuration file: picasso.cfg under the subdirectory of "hpnp" of the TFTP daemon's home directory • Forces HP Jetdirect to remain...
... configuration provides the following : # set-community-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 An example of the... Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX ...; Syslog server: 192.168.40.3 • TFTP configuration file: picasso.cfg under the subdirectory of "hpnp" of the TFTP daemon's home directory • Forces HP Jetdirect to remain...
HP Jetdirect Security Guidelines
Page 12
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the...
HP Jetdirect Administrator's Guide
Page 50
... always overwrite manual configurations. tftp-ro (default): Do not allow TFTP parameters to overwrite manually configured parameters. tftp-rw: Allow TFTP parameters to be cleared by TFTP. The password may include how to contact this person. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it...
... always overwrite manual configurations. tftp-ro (default): Do not allow TFTP parameters to overwrite manually configured parameters. tftp-rw: Allow TFTP parameters to be cleared by TFTP. The password may include how to contact this person. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it...
HP Jetdirect Administrator's Guide
Page 57
... which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to. set-cmnty-name: (set-community-name:) Specifies a password that determines which SNMP GetRequests the HP Jetdirect print server will respond to. Authentication traps indicate that an SNMP request was received, but the community name check failed. The default is "on the print server: 0 disables, 1 (default) enables. The port number cannot...
... which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to. set-cmnty-name: (set-community-name:) Specifies a password that determines which SNMP GetRequests the HP Jetdirect print server will respond to. Authentication traps indicate that an SNMP request was received, but the community name check failed. The default is "on the print server: 0 disables, 1 (default) enables. The port number cannot...
HP Jetdirect Administrator's Guide
Page 74
... addresses do not match, then you can be protected by an administrator password, Telnet connections are that is in the Programs or All Programs folder. This section describes how to the print server. If their IP addresses match, chances are not secure. Although a...command to create a route to the print server. (For example, if the print server is configured with the HP Jetdirect print server, a route must have a similar IP address, that a route will not likely exist.) On Windows systems, you can use Telnet commands with a legacy default IP address 192.0.0.192, a route will...
... addresses do not match, then you can be protected by an administrator password, Telnet connections are that is in the Programs or All Programs folder. This section describes how to the print server. If their IP addresses match, chances are not secure. Although a...command to create a route to the print server. (For example, if the print server is configured with the HP Jetdirect print server, a route must have a similar IP address, that a route will not likely exist.) On Windows systems, you can use Telnet commands with a legacy default IP address 192.0.0.192, a route will...
HP Jetdirect Administrator's Guide
Page 77
.... User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. For more information, see "Telnet Commands and Parameters". A connection to make sure that the Telnet connection is provided. If an administrator password has been set, you will be prompted for a user name and password, enter the correct values. By default, a Command Line interface...
.... User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. For more information, see "Telnet Commands and Parameters". A connection to make sure that the Telnet connection is provided. If an administrator password has been set, you will be prompted for a user name and password, enter the correct values. By default, a Command Line interface...
HP Jetdirect Administrator's Guide
Page 90
... of the system from which SNMP GetRequests the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. TCP Conns Refused (Read-only parameter) The number of client TCP connections that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. DHCP Lease Time (Read...
... of the system from which SNMP GetRequests the HP Jetdirect print server will respond to either a user-specified community name or the factory-default. TCP Conns Refused (Read-only parameter) The number of client TCP connections that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. DHCP Lease Time (Read...
HP Jetdirect Administrator's Guide
Page 91
... IP address into the HP Jetdirect print server's SNMP trap destination list. To receive SNMP traps, the systems listed on the SNMP trap destination list must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off ) SNMP authentication traps. By default, the name will respond...
... IP address into the HP Jetdirect print server's SNMP trap destination list. To receive SNMP traps, the systems listed on the SNMP trap destination list must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off ) SNMP authentication traps. By default, the name will respond...
HP Jetdirect Administrator's Guide
Page 108
... The LAN hardware (or MAC, Media Access Control) address of the HP Jetdirect print server (for a User Name and Password to access network parameters. By default, the LAA is assigned by a network administrator. Table 4.1 HP Jetdirect Home Page Items (2 of 2) Item Host Name System Up Time System Contact System Location HP Jetdirect Firmware Version IP Address Hardware Address LAA Admin...
... The LAN hardware (or MAC, Media Access Control) address of the HP Jetdirect print server (for a User Name and Password to access network parameters. By default, the LAA is assigned by a network administrator. Table 4.1 HP Jetdirect Home Page Items (2 of 2) Item Host Name System Up Time System Contact System Location HP Jetdirect Firmware Version IP Address Hardware Address LAA Admin...
HP Jetdirect Administrator's Guide
Page 121
... or change the SNMP (Simple Network Management Protocol) parameters provided. Write-access is a password to retrieve (or "read") SNMP information on the HP Jetdirect print server. A community name must contain the appropriate Set or Get community name before the print server will respond. The default Get community name "public" is "public", which can be configured to control management...
... or change the SNMP (Simple Network Management Protocol) parameters provided. Write-access is a password to retrieve (or "read") SNMP information on the HP Jetdirect print server. A community name must contain the appropriate Set or Get community name before the print server will respond. The default Get community name "public" is "public", which can be configured to control management...
HP Jetdirect Administrator's Guide
Page 138
...access Jetdirect print server settings, you will no longer be prompted for a user name and this feature (the checkbox is set an administrator password for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to synchronize HP ...Web Jetadmin and the SNMP v1/v2c Set Community Name.If you enable this password before you to factory default settings. Note The administrator password...
...access Jetdirect print server settings, you will no longer be prompted for a user name and this feature (the checkbox is set an administrator password for selected EIO printers, the password is shared by a cold reset of the print server, which resets the print server to synchronize HP ...Web Jetadmin and the SNMP v1/v2c Set Community Name.If you enable this password before you to factory default settings. Note The administrator password...
HP Jetdirect Administrator's Guide
Page 139
...on the HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is used for example, through security Web pages provided by a trusted third party (commonly called a Certificate Authority, or CA), which may be "self-signed", which the password was set ... password using both the printer and the Jetdirect print server to network authentication servers. For these printers, recovery may require one of the Jetdirect device to clients and to factory-default states (for encryption and decryption) and a digital signature. If password synchronization...
...on the HP Jetdirect print server: ● Jetdirect certificate. A digital certificate is used for example, through security Web pages provided by a trusted third party (commonly called a Certificate Authority, or CA), which may be "self-signed", which the password was set ... password using both the printer and the Jetdirect print server to network authentication servers. For these printers, recovery may require one of the Jetdirect device to clients and to factory-default states (for encryption and decryption) and a digital signature. If password synchronization...
HP Jetdirect Administrator's Guide
Page 150
... the print server may need to reset the print server to a factory-default state and then reinstall the device. To configure initial 802.1X settings before connecting to your 802.1X parameters prior to connection. Available configuration settings are not secure protocols and device passwords may ...the infrastructure components (such as required for client authentication on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to the network. ENWW Using the Embedded Web Server 150 Disabling Telnet, FTP firmware upgrades, and RCFG is lost,...
... the print server may need to reset the print server to a factory-default state and then reinstall the device. To configure initial 802.1X settings before connecting to your 802.1X parameters prior to connection. Available configuration settings are not secure protocols and device passwords may ...the infrastructure components (such as required for client authentication on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to the network. ENWW Using the Embedded Web Server 150 Disabling Telnet, FTP firmware upgrades, and RCFG is lost,...
HP Jetdirect Administrator's Guide
Page 175
... Login Example If the connection is successful, a Ready message will be displayed. Passwords are ignored. In addition, the available HP Jetdirect ports for printing will be displayed on the client system. ENWW FTP Printing 175 The default is prompted for the HP Jetdirect print server. The Jetdirect FTP server will be displayed. If login is the valid IP address or node name...
... Login Example If the connection is successful, a Ready message will be displayed. Passwords are ignored. In addition, the available HP Jetdirect ports for printing will be displayed on the client system. ENWW FTP Printing 175 The default is prompted for the HP Jetdirect print server. The Jetdirect FTP server will be displayed. If login is the valid IP address or node name...
HP Jetdirect Administrator's Guide
Page 180
... HTTP) access to the embedded Web server from your browser. ● Digital certificates issued by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be configured with your Web browser. Table 7.1 Summary of HP Jetdirect Security Features (1 of the print server to factory default settings.
... HTTP) access to the embedded Web server from your browser. ● Digital certificates issued by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be configured with your Web browser. Table 7.1 Summary of HP Jetdirect Security Features (1 of the print server to factory default settings.
HP Jetdirect Administrator's Guide
Page 181
...; (Value-based wired/wireless print servers) In wireless mode, enhanced wireless authentication and encryption methods are limited to 3KB. Telnet access is not secure. SNMP v1/v2c Set Community Name (IP/IPX) (SNMP v1/v2c only) ● A password on the HP Jetdirect print server that use HTTP (for example..., using the embedded Web server or IPP) are not checked against entries in the list. ● By factory default, host systems that allows incoming SNMP Set commands (for example,...
...; (Value-based wired/wireless print servers) In wireless mode, enhanced wireless authentication and encryption methods are limited to 3KB. Telnet access is not secure. SNMP v1/v2c Set Community Name (IP/IPX) (SNMP v1/v2c only) ● A password on the HP Jetdirect print server that use HTTP (for example..., using the embedded Web server or IPP) are not checked against entries in the list. ● By factory default, host systems that allows incoming SNMP Set commands (for example,...
HP Jetdirect Administrator's Guide
Page 183
... can be controlled through combined use of the available security features. Passwords are known, access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through the embedded Web server, Telnet, or SNMP management software. Medium Limited security for trusted ... Settings Level of access control. If the Administrator password and SNMP v1/v2c Set Community Name are not required. ● Administrator password set ● User-specified SNMP v1/v2 Set Community Name set ● Default SNMP v1/v2c community names used ● No...
... can be controlled through combined use of the available security features. Passwords are known, access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through the embedded Web server, Telnet, or SNMP management software. Medium Limited security for trusted ... Settings Level of access control. If the Administrator password and SNMP v1/v2c Set Community Name are not required. ● Administrator password set ● User-specified SNMP v1/v2 Set Community Name set ● Default SNMP v1/v2c community names used ● No...
HP Jetdirect Administrator's Guide
Page 234
... in the form 169.254.x.x. 64 INVALID PASSWORD An invalid password was specified through the printer's control panel. 5F WINS REGISTRATION FAILED Attempts to a legacy default IP address 192.0.0.192. 63 AUTO IP IN PROGRESS The print server is automatically assigning an IP address using link...network protocol. 84 DHCP LEASE TIMERS ADJUSTED The print server detected a DHCP lease error due to one of 11) Error Code and Message Description 5C DHCP BAD REPLY A bad reply was received from the DHCP server. ENWW HP Jetdirect Configuration Page 234 Reconfigure the DHCP lease times ...
... in the form 169.254.x.x. 64 INVALID PASSWORD An invalid password was specified through the printer's control panel. 5F WINS REGISTRATION FAILED Attempts to a legacy default IP address 192.0.0.192. 63 AUTO IP IN PROGRESS The print server is automatically assigning an IP address using link...network protocol. 84 DHCP LEASE TIMERS ADJUSTED The print server detected a DHCP lease error due to one of 11) Error Code and Message Description 5C DHCP BAD REPLY A bad reply was received from the DHCP server. ENWW HP Jetdirect Configuration Page 234 Reconfigure the DHCP lease times ...