HP Jetdirect Security Guidelines
Page 2
...unbreakable for years and have been in intranet networking connectivity: TCP/IP and Ethernet. In addition, TokenRing, FDDI, LocalTalk, ATM, ...print servers to have clear winners in use as Ethernet. In today's increasingly security focused environment, we have the same ease of use for the next few million HP Jetdirect...HP Jetdirect would automatically initialize all protocols to the best of printers increased and the need of competition in network printing, functionality within HP Jetdirect was to widely implement security protocols such as well-known default security settings...
...unbreakable for years and have been in intranet networking connectivity: TCP/IP and Ethernet. In addition, TokenRing, FDDI, LocalTalk, ATM, ...print servers to have clear winners in use as Ethernet. In today's increasingly security focused environment, we have the same ease of use for the next few million HP Jetdirect...HP Jetdirect would automatically initialize all protocols to the best of printers increased and the need of competition in network printing, functionality within HP Jetdirect was to widely implement security protocols such as well-known default security settings...
HP Jetdirect Security Guidelines
Page 8
... to successfully authenticate the server endpoint (and optionally the client endpoint). Option 3) For SET 3. Option 4) For SET 4. Setup an access control list for each individual IP address with a mask of consumables with the printer using the Firewall Option 3) For SET 4. Setup a rule to... print? Option 1) For SET 1/2/3/4. These attacks can be used by SSL/TLS to protect print traffic using TCP Port 9100? Options Option 1) For SET 1/2/3/4. This doesn't prevent HP Jetdirect from receiving packets from other mischief with large print jobs, etc... How to disable all TCP/IP...
... to successfully authenticate the server endpoint (and optionally the client endpoint). Option 3) For SET 3. Option 4) For SET 4. Setup an access control list for each individual IP address with a mask of consumables with the printer using the Firewall Option 3) For SET 4. Setup a rule to... print? Option 1) For SET 1/2/3/4. These attacks can be used by SSL/TLS to protect print traffic using TCP Port 9100? Options Option 1) For SET 1/2/3/4. This doesn't prevent HP Jetdirect from receiving packets from other mischief with large print jobs, etc... How to disable all TCP/IP...
HP Jetdirect Security Guidelines
Page 10
... are where another node and then forwards the IP packets to printing. Active attacks are a good defense against TCP/IP MITM attacks is not a vulnerability specific to the next correct node so it with a text editor. HP recommends following NIST checklist as a solution to open... perform effective MITM attacks against the TCP/IP protocol suite does. For users of IPsec (SET 4) as a guideline to all the data sent between an email client and email server, it . A node intercepts IP packets from our functional diagram, HP Jetdirect controls the networking stack and does not...
... are where another node and then forwards the IP packets to printing. Active attacks are a good defense against TCP/IP MITM attacks is not a vulnerability specific to the next correct node so it with a text editor. HP recommends following NIST checklist as a solution to open... perform effective MITM attacks against the TCP/IP protocol suite does. For users of IPsec (SET 4) as a guideline to all the data sent between an email client and email server, it . A node intercepts IP packets from our functional diagram, HP Jetdirect controls the networking stack and does not...
HP Jetdirect Security Guidelines
Page 11
...the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is fairly easy. An example UNIX configuration will be enabled, comment out the "snmp-config" command and # uncomment out the following : • Syslog server: 192.168.40.3 • TFTP configuration file...snmp-config:0 # # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. picasso:\ :hn:\ :ht=ether:\ :vm=rfc1048:\ :ha=0001E6123456:\ :ip=192.168.40.39:\ :sm=255.255.255.0:\ :gw=192.168.40...
...the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is fairly easy. An example UNIX configuration will be enabled, comment out the "snmp-config" command and # uncomment out the following : • Syslog server: 192.168.40.3 • TFTP configuration file...snmp-config:0 # # if SNMP must be provided here. Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. picasso:\ :hn:\ :ht=ether:\ :vm=rfc1048:\ :ha=0001E6123456:\ :ip=192.168.40.39:\ :sm=255.255.255.0:\ :gw=192.168.40...
HP Jetdirect Security Guidelines
Page 28
... all IP addresses must use IPsec to Jetdirect without using IPsec, the packets are using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Select "All IP Addresses" and click "Next". 28 If an end station tries to communicate with SET 3, ...only this page. Let's go through the same process as we can begin the IPsec configuration. Select "Allow" for SET 2 executed. Once the Security Wizard configuration ...
... all IP addresses must use IPsec to Jetdirect without using IPsec, the packets are using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Select "All IP Addresses" and click "Next". 28 If an end station tries to communicate with SET 3, ...only this page. Let's go through the same process as we can begin the IPsec configuration. Select "Allow" for SET 2 executed. Once the Security Wizard configuration ...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 8
... the following HP JetDirect print servers with this product, HP network configuration and management software for network configuration on other systems, consult your system vendor. 2 Introducing the HP JetDirect Print Server EN For software to set up network printing on the ... or later. q HP JetDirect 600N/400N internal print servers q HP JetDirect 500X/300X external print servers Supported Networks HP JetDirect print servers support a variety of network protocol suites, including TCP/IP, IPX/SPX, DLC/LLC, and AppleTalk protocols. In addition, HP provides software for supported...
... the following HP JetDirect print servers with this product, HP network configuration and management software for network configuration on other systems, consult your system vendor. 2 Introducing the HP JetDirect Print Server EN For software to set up network printing on the ... or later. q HP JetDirect 600N/400N internal print servers q HP JetDirect 500X/300X external print servers Supported Networks HP JetDirect print servers support a variety of network protocol suites, including TCP/IP, IPX/SPX, DLC/LLC, and AppleTalk protocols. In addition, HP provides software for supported...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 17
... Internet printer, proceed as follows: 1. This link executes an installation wizard that automatically sets up the print path to a printer on the Internet and enter the print server's URL: http://IP_address/ipp/[port#] where IP_address is the IP address configured on the HP JetDirect print server, and [port#] is an optional parameter that the printer is connected to. Windows...
... Internet printer, proceed as follows: 1. This link executes an installation wizard that automatically sets up the print path to a printer on the Internet and enter the print server's URL: http://IP_address/ipp/[port#] where IP_address is the IP address configured on the HP JetDirect print server, and [port#] is an optional parameter that the printer is connected to. Windows...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 20
... NetWare 4.11, NetWare 4.2, intraNetWare, and NetWare 5 environments. Features Features and benefits provided by HP to set up and link print queues, printer objects, and print servers. It eliminates the need to provide functionality and compatibility with Hewlett-Packard. HP IP/IPX Printer Gateway for HP JetDirect-connected printers. NDPS simplifies and streamlines the administration of required NetWare User Licenses...
... NetWare 4.11, NetWare 4.2, intraNetWare, and NetWare 5 environments. Features Features and benefits provided by HP to set up and link print queues, printer objects, and print servers. It eliminates the need to provide functionality and compatibility with Hewlett-Packard. HP IP/IPX Printer Gateway for HP JetDirect-connected printers. NDPS simplifies and streamlines the administration of required NetWare User Licenses...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 30
... not provide Dynamic Domain Name Services (DDNS) for the IP address to infinite. q By setting configuration parameters using Dynamic Host Configuration Protocol (DHCP). This ensures that you to the HP JetDirect print server using RARP (Reverse Address Resolution Protocol) answering the print server's RARP request and supplying the print server with the IP address. This protocol is 192.0.0.192. q By using...
... not provide Dynamic Domain Name Services (DDNS) for the IP address to infinite. q By setting configuration parameters using Dynamic Host Configuration Protocol (DHCP). This ensures that you to the HP JetDirect print server using RARP (Reverse Address Resolution Protocol) answering the print server's RARP request and supplying the print server with the IP address. This protocol is 192.0.0.192. q By using...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 31
... configuration parameters (IP address, subnet mask, default gateway address, and idle timeout). Therefore, control panel configuration is used to download network configuration data from a server to set up HP JetDirect configuration via BOOTP. q By manually entering the configuration data using BOOTP (Bootstrap Protocol) and TFTP (Trivial File Transfer Protocol) services on the HP JetDirect print server and setting the configuration...
... configuration parameters (IP address, subnet mask, default gateway address, and idle timeout). Therefore, control panel configuration is used to download network configuration data from a server to set up HP JetDirect configuration via BOOTP. q By manually entering the configuration data using BOOTP (Bootstrap Protocol) and TFTP (Trivial File Transfer Protocol) services on the HP JetDirect print server and setting the configuration...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 32
...benefits: q Enhanced configuration control of the HP JetDirect print server. Configuring the BOOTP Server For the HP JetDirect print server to obtain entries in one location. q Ease of HP JetDirect print server configuration. BOOTP is used to operate ...servers must be set up with the BOOTP service before performing the BOOTP configuration steps. Complete network configuration can be automatically downloaded each time the print server is powered on a BOOTP server, while TFTP is to obtain additional configuration information from a configuration file on a TFTP server. 26 TCP/IP...
...benefits: q Enhanced configuration control of the HP JetDirect print server. Configuring the BOOTP Server For the HP JetDirect print server to obtain entries in one location. q Ease of HP JetDirect print server configuration. BOOTP is used to operate ...servers must be set up with the BOOTP service before performing the BOOTP configuration steps. Complete network configuration can be automatically downloaded each time the print server is powered on a BOOTP server, while TFTP is to obtain additional configuration information from a configuration file on a TFTP server. 26 TCP/IP...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 34
... rfc1048. ip The IP address tag (required). Bootptab File Entries An example of a /etc/bootptab file entry for an HP JetDirect print server is the link-level, or station address of the HP JetDirect print server. The host name will be found on a label attached to identify the various HP JetDirect parameters and their settings. ha The hardware address tag. For the HP JetDirect print server, set this...
... rfc1048. ip The IP address tag (required). Bootptab File Entries An example of a /etc/bootptab file entry for an HP JetDirect print server is the link-level, or station address of the HP JetDirect print server. The host name will be found on a label attached to identify the various HP JetDirect parameters and their settings. ha The hardware address tag. For the HP JetDirect print server, set this...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 35
...IP address that the HP JetDirect print server will use for communications with a letter and can be in the BOOTP reply using TFTP. Maximum length of a TFTP configuration file is provided below (the symbol '#' denotes a remark and is 33 characters. Names, such as SNMP (Simple Network Management Protocol) or non-default settings... refer to the path. EN TCP/IP Configuration 29 This address identifies the IP address of a field, and a backslash (\) indicates that the HP JetDirect print server sends syslog messages to your HP JetDirect print server, such as host names, must be ...
...IP address that the HP JetDirect print server will use for communications with a letter and can be in the BOOTP reply using TFTP. Maximum length of a TFTP configuration file is provided below (the symbol '#' denotes a remark and is 33 characters. Names, such as SNMP (Simple Network Management Protocol) or non-default settings... refer to the path. EN TCP/IP Configuration 29 This address identifies the IP address of a field, and a backslash (\) indicates that the HP JetDirect print server sends syslog messages to your HP JetDirect print server, such as host names, must be ...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 36
# # Example of an HP JetDirect TFTP Configuration File # # Allow only Subnet 13.10.10 access to peripheral. # Up to four 'allow' entries can be written via TFTP. # Up to 10 'allow' entries can be written via SNMP. # 'allow' may include single IP addresses. # allow: 13.10.10.0 255.255.255.0 # # # Disable Telnet # telnet: 0 # # Enable the embedded web server # ews-config: 1 # # Detect SNMP unauthorized usage # authentication-trap: on # # Send Traps to 13.10.10.1 # trap-dest: 13.10.10.1 # # Specify the Set Community Name # set-community-name: 1homer2 # # End of file 30 TCP/IP Configuration EN
# # Example of an HP JetDirect TFTP Configuration File # # Allow only Subnet 13.10.10 access to peripheral. # Up to four 'allow' entries can be written via TFTP. # Up to 10 'allow' entries can be written via SNMP. # 'allow' may include single IP addresses. # allow: 13.10.10.0 255.255.255.0 # # # Disable Telnet # telnet: 0 # # Enable the embedded web server # ews-config: 1 # # Detect SNMP unauthorized usage # authentication-trap: on # # Send Traps to 13.10.10.1 # trap-dest: 13.10.10.1 # # Specify the Set Community Name # set-community-name: 1homer2 # # End of file 30 TCP/IP Configuration EN
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 37
.... If "0" is typed, the timeout mechanism is undefined. (Example: 1st floor, south wall) EN TCP/IP Configuration 31 Provides an entry into the host access list stored on the HP JetDirect print server. Up to the printer. To enable, set to be included in the TFTP configuration file. The format is "allow : 15.1.2.3 allows a single host...
.... If "0" is typed, the timeout mechanism is undefined. (Example: 1st floor, south wall) EN TCP/IP Configuration 31 Provides an entry into the host access list stored on the HP JetDirect print server. Up to the printer. To enable, set to be included in the TFTP configuration file. The format is "allow : 15.1.2.3 allows a single host...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 38
... from hosts that determines which SNMP SetRequests (control functions) the HP JetDirect print server will be ASCII characters. SetRequests must be set -communityname: Specifies a password that are configured in the SNMP Trap Destination List.) 32 TCP/IP Configuration EN trap-dest: Enters a host's IP address into the HP JetDirect print server's SNMP trap destination list. The default SNMP Trap Destination List...
... from hosts that determines which SNMP SetRequests (control functions) the HP JetDirect print server will be ASCII characters. SetRequests must be set -communityname: Specifies a password that are configured in the SNMP Trap Destination List.) 32 TCP/IP Configuration EN trap-dest: Enters a host's IP address into the HP JetDirect print server's SNMP trap destination list. The default SNMP Trap Destination List...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 57
... This procedure resets all TCP/IP parameters, but only affects the TCP/IP subsystem. For more information, refer to Appendix B. Parameters for other subsystems such as IPX/SPX (Novell NetWare) or AppleTalk are not affected. Using the Embedded Web Server You can set IP parameters on HP JetDirect print servers that support the embedded web server. Type cold-reset, then...
... This procedure resets all TCP/IP parameters, but only affects the TCP/IP subsystem. For more information, refer to Appendix B. Parameters for other subsystems such as IPX/SPX (Novell NetWare) or AppleTalk are not affected. Using the Embedded Web Server You can set IP parameters on HP JetDirect print servers that support the embedded web server. Type cold-reset, then...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 98
... the information on the configuration page. 11. s Verify network and HP JetDirect settings on the configuration page. s Use the following Telnet command: telnet where is the IP address assigned to the HP JetDirect print server and is 9100. (HP JetDirect data port 9101 or 9102 can you use Telnet to print directly to the printer (a manual form feed may be used...
... the information on the configuration page. 11. s Verify network and HP JetDirect settings on the configuration page. s Use the following Telnet command: telnet where is the IP address assigned to the HP JetDirect print server and is 9100. (HP JetDirect data port 9101 or 9102 can you use Telnet to print directly to the printer (a manual form feed may be used...
HP Jetdirect Print Server Administrator's Guide (300x, 510x)
Page 39
... IP address during a Telnet session: 1. Type quit, then press Enter to exit Telnet. After this has been done the print server should be power cycled. Parameters for other subsystems such as IPX/SPX (Novell NetWare) or AppleTalk are not affected. Using the Embedded Web Server You can set IP parameters on HP Jetdirect print servers that support the embedded web server...
... IP address during a Telnet session: 1. Type quit, then press Enter to exit Telnet. After this has been done the print server should be power cycled. Parameters for other subsystems such as IPX/SPX (Novell NetWare) or AppleTalk are not affected. Using the Embedded Web Server You can set IP parameters on HP Jetdirect print servers that support the embedded web server...
HP Jetdirect Print Server Administrator's Guide (300x, 510x)
Page 63
...'s section on a TCP/IP network, can you use Telnet to print directly to the printer? ■ Use the following Telnet command: telnet where is the IP address assigned to the HP Jetdirect print server and is 9100. (HP Jetdirect data port 9101 or 9102...IP network, can also be required). 11. If you communicate with the print server. ■ Use a ping command to the printer (a manual form feed may be used for descriptions of a Jetdirect multiport external print server.) ■ In the Telnet session, type in the HP Web Jetadmin software? ■ Verify network and HP Jetdirect settings...
...'s section on a TCP/IP network, can you use Telnet to print directly to the printer? ■ Use the following Telnet command: telnet where is the IP address assigned to the HP Jetdirect print server and is 9100. (HP Jetdirect data port 9101 or 9102...IP network, can also be required). 11. If you communicate with the print server. ■ Use a ping command to the printer (a manual form feed may be used for descriptions of a Jetdirect multiport external print server.) ■ In the Telnet session, type in the HP Web Jetadmin software? ■ Verify network and HP Jetdirect settings...