HP Jetdirect Security Guidelines
Page 6
... some public information available about vulnerabilities or attacks against HP Jetdirect and some ways to install a J7961G 635n IPv6/IPsec print server. Printers that cannot be upgraded. Using this operation ...from the four main HP Jetdirect product lines, referred to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET ... but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years. SET 3 can use the administrative guideline ...
... some public information available about vulnerabilities or attacks against HP Jetdirect and some ways to install a J7961G 635n IPv6/IPsec print server. Printers that cannot be upgraded. Using this operation ...from the four main HP Jetdirect product lines, referred to the latest firmware. • An Embedded Web Server (EWS) password has been specified • The default SNMPv1/v2c SET ... but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years. SET 3 can use the administrative guideline ...
HP Jetdirect Security Guidelines
Page 9
...upgrades. To better protect passwords from being used to use the well-known default SNMP community names. This behavior allows an administrator to restart the upgrade process from HP, and upgrade to the latest Web Jetadmin management software. HP Jetdirect uses this information to... establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device. HP Web Jetadmin can...
...upgrades. To better protect passwords from being used to use the well-known default SNMP community names. This behavior allows an administrator to restart the upgrade process from HP, and upgrade to the latest Web Jetadmin management software. HP Jetdirect uses this information to... establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device. HP Web Jetadmin can...
HP Jetdirect Security Guidelines
Page 11
....0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once..., there are many free BOOTP and TFTP servers for a great deal of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. Many customers associate BOOTP/TFTP...-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11
....0 # # Disable Telnet telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once..., there are many free BOOTP and TFTP servers for a great deal of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. Many customers associate BOOTP/TFTP...-name: Security4Me3 # get-community-name: notpublic # default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11
HP Jetdirect Security Guidelines
Page 12
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are available to a customer. 12 Press the "Start Wizard" button...
... is recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are available to a customer. 12 Press the "Start Wizard" button...
HP Jetdirect Administrator's Guide
Page 50
The password may include how to contact this person. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. The ...the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. security-reset: Reset security settings on the print server (for Web communications: 1 (default): Forced redirection to the HTTPS port. Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password ...
The password may include how to contact this person. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server configuration parameters through Telnet) after it has been configured by a cold reset. The ...the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. security-reset: Reset security settings on the print server (for Web communications: 1 (default): Forced redirection to the HTTPS port. Table 3.3 TFTP Configuration File Parameters (1 of 12) General passwd: (passwd-admin:) A password ...
HP Jetdirect Administrator's Guide
Page 57
...-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. the default SNMP port number is empty. ENWW TCP/IP Configuration 57 The default SNMP Trap Destination List is "162". The community name must be ...default community name is specified in each "trap-dest" command. To receive SNMP traps, the systems listed on ) or not send (off) SNMP authentication traps. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server...
...-dest: (trap-destination:) Enters a host's IP address into the HP Jetdirect print server's SNMP trap destination list. the default SNMP port number is empty. ENWW TCP/IP Configuration 57 The default SNMP Trap Destination List is "162". The community name must be ...default community name is specified in each "trap-dest" command. To receive SNMP traps, the systems listed on ) or not send (off) SNMP authentication traps. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server...
HP Jetdirect Administrator's Guide
Page 74
... default IP address 192.0.0.192, a route will exist. If their IP addresses match, chances are not secure. On Windows 2000/XP/Server 2003 systems, it is in the Programs or All Programs folder. For information on the print server using Telnet. Using Telnet Note For HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server...
... default IP address 192.0.0.192, a route will exist. If their IP addresses match, chances are not secure. On Windows 2000/XP/Server 2003 systems, it is in the Programs or All Programs folder. For information on the print server using Telnet. Using Telnet Note For HP Jetdirect wireless print servers, this section assumes that a wireless connection to the print server...
HP Jetdirect Administrator's Guide
Page 77
... command settings. 4. For more information, see "Telnet Commands and Parameters". By default, the Telnet interface does not require a user name or password. A connection to make sure that the Telnet connection is provided. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. For a list of supported commands and parameters, see "User Interface...
... command settings. 4. For more information, see "Telnet Commands and Parameters". By default, the Telnet interface does not require a user name or password. A connection to make sure that the Telnet connection is provided. User Interface Options The HP Jetdirect print server provides two interface options to the HP Jetdirect print server. 1. For a list of supported commands and parameters, see "User Interface...
HP Jetdirect Administrator's Guide
Page 90
...) The IP address of times that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. For HP to collect data, Internet access is the factory-default and cold-reset value. If a user-specified get -cmnty-name Specifies a password that client systems were denied access to the Networking tab...
...) The IP address of times that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. For HP to collect data, Internet access is the factory-default and cold-reset value. If a user-specified get -cmnty-name Specifies a password that client systems were denied access to the Networking tab...
HP Jetdirect Administrator's Guide
Page 91
... incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is on ) or not send (off , 1 (default) is off ) SNMP authentication traps. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will disable IPX/SPX operation. IPX...
... incoming SNMP SetRequest must match the print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is on ) or not send (off , 1 (default) is off ) SNMP authentication traps. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will disable IPX/SPX operation. IPX...
HP Jetdirect Administrator's Guide
Page 108
... time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server. For more information, click Help, or see Appendix A. The product number of the HP Jetdirect print server (for a User Name and Password to access network parameters. By default, the LAA is assigned by a network administrator. The length of the HP Jetdirect print server. See the Networking...
... time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server. For more information, click Help, or see Appendix A. The product number of the HP Jetdirect print server (for a User Name and Password to access network parameters. By default, the LAA is assigned by a network administrator. The length of the HP Jetdirect print server. See the Networking...
HP Jetdirect Administrator's Guide
Page 121
... Community Name is "public", which can be configured to control management access to the print server. The default Get community name is a password to retrieve (or "read -only access Description This option enables the SNMP v1/v2c agents on the HP Jetdirect print server. Table 4.7 SNMP Settings (1 of 2) Item Enable SNMPv1/v2 read-write access Enable SNMPv1/v2...
... Community Name is "public", which can be configured to control management access to the print server. The default Get community name is a password to retrieve (or "read -only access Description This option enables the SNMP v1/v2c agents on the HP Jetdirect print server. Table 4.7 SNMP Settings (1 of 2) Item Enable SNMPv1/v2 read-write access Enable SNMPv1/v2...
HP Jetdirect Administrator's Guide
Page 138
...password is shared with the printer (see Printer Password Synchronization below). Note If you are allowed access. The administrator password is shared by a cold reset of the print server, which resets the print server to Jetdirect configuration and status information. If a password is set an administrator password for controlled access to factory default...the SNMP Set Community Name for SNMP v1/v2c management applications. ENWW Using the Embedded Web Server 138 A checkbox allows you to synchronize HP Web Jetadmin and the SNMP v1/v2c Set Community Name.If you to control access to ...
...password is shared with the printer (see Printer Password Synchronization below). Note If you are allowed access. The administrator password is shared by a cold reset of the print server, which resets the print server to Jetdirect configuration and status information. If a password is set an administrator password for controlled access to factory default...the SNMP Set Community Name for SNMP v1/v2c management applications. ENWW Using the Embedded Web Server 138 A checkbox allows you to synchronize HP Web Jetadmin and the SNMP v1/v2c Set Community Name.If you to control access to ...
HP Jetdirect Administrator's Guide
Page 139
.... Many EIO printers provide password-protected access to factory-default states (for encryption and decryption) and a digital signature. For these printers, recovery may require one of the certificates installed on the print server model) This tab provides access to installation, configuration and management services for the printer and the Jetdirect EIO print server are permitted and allow...
.... Many EIO printers provide password-protected access to factory-default states (for encryption and decryption) and a digital signature. For these printers, recovery may require one of the certificates installed on the print server model) This tab provides access to installation, configuration and management services for the printer and the Jetdirect EIO print server are permitted and allow...
HP Jetdirect Administrator's Guide
Page 150
... authentication on your network, you may need to reset the print server to configure 802.1X authentication settings on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to configure Novell NetWare parameters. In addition, you to a factory-default state and then reinstall the device. Table 4.13 Other Protocols...
... authentication on your network, you may need to reset the print server to configure 802.1X authentication settings on the Jetdirect print server as LAN switches) must use 802.1X protocols to control a port's access to configure Novell NetWare parameters. In addition, you to a factory-default state and then reinstall the device. Table 4.13 Other Protocols...
HP Jetdirect Administrator's Guide
Page 175
...default is the valid IP address or node name configured for the HP Jetdirect print server. HP Jetdirect print servers supported in this guide provide a single port (Port 1). After a successful connection, the user is prompted for printing will be displayed. Passwords are ignored. If login is successful, a Ready message will allow any user name. For a typical FTP printing... "230" will be displayed. In addition, the available HP Jetdirect ports for a login name and password. ENWW FTP Printing 175 The Jetdirect FTP server will be displayed on the client system. FTP Login To...
...default is the valid IP address or node name configured for the HP Jetdirect print server. HP Jetdirect print servers supported in this guide provide a single port (Port 1). After a successful connection, the user is prompted for printing will be displayed. Passwords are ignored. If login is successful, a Ready message will allow any user name. For a typical FTP printing... "230" will be displayed. In addition, the available HP Jetdirect ports for a login name and password. ENWW FTP Printing 175 The Jetdirect FTP server will be displayed on the client system. FTP Login To...
HP Jetdirect Administrator's Guide
Page 180
IP Administrator Password ● Used by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be enabled or disabled. ENWW Security Features 180 Network Protocol Control ● Network printing, printing services, device discovery, and management protocols on the HP Jetdirect print server can be used in HP Web...
IP Administrator Password ● Used by Telnet, HP Web Jetadmin, and the embedded Web server to control access to HP Jetdirect configuration parameters. ● Up to 16 alphanumeric characters may be enabled or disabled. ENWW Security Features 180 Network Protocol Control ● Network printing, printing services, device discovery, and management protocols on the HP Jetdirect print server can be used in HP Web...
HP Jetdirect Administrator's Guide
Page 181
...host systems, that use HTTP (for example, using the embedded Web server or IPP) are not checked against entries in the list. ● By factory default, host systems that are allowed access to the HP Jetdirect print server and the attached network device. ● Access is not secure....including WPA-PSK. SNMP v1/v2c Set Community Name (IP/IPX) (SNMP v1/v2c only) ● A password on the HP Jetdirect print server using TFTP (Chapter 3), Telnet (Chapter 3), embedded Web server (Chapter 4), or Management application services. ● SNMP v1/v2c uses plain text and can be disabled through ...
...host systems, that use HTTP (for example, using the embedded Web server or IPP) are not checked against entries in the list. ● By factory default, host systems that are allowed access to the HP Jetdirect print server and the attached network device. ● Access is not secure....including WPA-PSK. SNMP v1/v2c Set Community Name (IP/IPX) (SNMP v1/v2c only) ● A password on the HP Jetdirect print server using TFTP (Chapter 3), Telnet (Chapter 3), embedded Web server (Chapter 4), or Management application services. ● SNMP v1/v2c uses plain text and can be disabled through ...
HP Jetdirect Administrator's Guide
Page 183
... Set Community Name set ● Default SNMP v1/v2c community names used ● No authentication or encryption ● Access control list empty Low Best suited for non-trusted environment. Passwords are known, access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through HTTP (embedded Web server), SNMP v1/v2c applications, or...
... Set Community Name set ● Default SNMP v1/v2c community names used ● No authentication or encryption ● Access control list empty Low Best suited for non-trusted environment. Passwords are known, access is limited to HP Jetdirect configuration parameters can access the HP Jetdirect configuration parameters through HTTP (embedded Web server), SNMP v1/v2c applications, or...
HP Jetdirect Administrator's Guide
Page 234
....254.x.x. 62 DEFAULT IP CONFIGURED An IP address could not be retrieved over the network. Reconfigure the DHCP lease times on the WINS server failed. ENWW HP Jetdirect Configuration Page 234 Verify that the password consists of a maximum of 16 printable characters. 65 DOWNLOAD NOT ALLOWED ON WIRELESS For this print server, attempting to register the print server's name...
....254.x.x. 62 DEFAULT IP CONFIGURED An IP address could not be retrieved over the network. Reconfigure the DHCP lease times on the WINS server failed. ENWW HP Jetdirect Configuration Page 234 Verify that the password consists of a maximum of 16 printable characters. 65 DOWNLOAD NOT ALLOWED ON WIRELESS For this print server, attempting to register the print server's name...