Practical considerations for imaging and printing security
Page 1
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
Practical considerations for imaging and printing security
Page 2
Jetmobile SecureJet-PS Secure Print Product 10 Jetmobile Technologies SecureJet Authenticator Products 11 SafeCom ...11 Appendix B-HP Secure Erase...12 For more information ...13
Jetmobile SecureJet-PS Secure Print Product 10 Jetmobile Technologies SecureJet Authenticator Products 11 SafeCom ...11 Appendix B-HP Secure Erase...12 For more information ...13
Practical considerations for imaging and printing security
Page 3
...the years, from firewalls that detect viruses before they take advantage of client and server PCs. Overview The IT security climate has changed. Imaging and printing security Security of the hardcopy industry currently certifies Disk Erase and Analog Fax functions,... regulatory requirements, including Sarbanes-Oxley and the Health Insurance Portability Protection Act, are mandating protection accountability. While in imaging and printing manufacturer's marketing differentiation claims. Common Criteria Certification provides no credible means for security, the current need is no , or...
...the years, from firewalls that detect viruses before they take advantage of client and server PCs. Overview The IT security climate has changed. Imaging and printing security Security of the hardcopy industry currently certifies Disk Erase and Analog Fax functions,... regulatory requirements, including Sarbanes-Oxley and the Health Insurance Portability Protection Act, are mandating protection accountability. While in imaging and printing manufacturer's marketing differentiation claims. Common Criteria Certification provides no credible means for security, the current need is no , or...
Practical considerations for imaging and printing security
Page 4
...in various environments, including enterprise, high-security, small office/home office, and public spaces. HP is actively participating within HP's imaging and printing security framework are built from any manufacturer. NIST has requested IT equipment manufacturers to develop additional... of enabling security functions, and better illustrate the product's capabilities HP's imaging and printing security framework To simplify the presentation of security concepts, HP developed an imaging and printing security framework with three categories of security functions: Secure the Device...
...in various environments, including enterprise, high-security, small office/home office, and public spaces. HP is actively participating within HP's imaging and printing security framework are built from any manufacturer. NIST has requested IT equipment manufacturers to develop additional... of enabling security functions, and better illustrate the product's capabilities HP's imaging and printing security framework To simplify the presentation of security concepts, HP developed an imaging and printing security framework with three categories of security functions: Secure the Device...
Practical considerations for imaging and printing security
Page 5
... that provide access controls to network printers. PIN and Pull Printing allow print jobs to their authentication products. Network printing authentication Printers and MFPs may also be tracked with printing access controls, which allows control of high-value consumables. The HP Output Server and the Microsoft® Print Spooler provide direct integration of a network printer are at...
... that provide access controls to network printers. PIN and Pull Printing allow print jobs to their authentication products. Network printing authentication Printers and MFPs may also be tracked with printing access controls, which allows control of high-value consumables. The HP Output Server and the Microsoft® Print Spooler provide direct integration of a network printer are at...
Practical considerations for imaging and printing security
Page 6
... of communications, and can prevent unauthorized users from attaching devices to extend an imaging and printing device's functionality. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to evolve, HP ensures its partners. SNMPv3 provides strong authentication and encryption of management communications and is important...
... of communications, and can prevent unauthorized users from attaching devices to extend an imaging and printing device's functionality. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to evolve, HP ensures its partners. SNMPv3 provides strong authentication and encryption of management communications and is important...
Practical considerations for imaging and printing security
Page 7
To control email distribution, the SMTP server used by the DSS Server may be configured to enforce internal security policies. HP Web Jetadmin for fleet management HP Web Jetadmin (WJA) is the backbone for the administration and maintenance of imaging and printing products, for IT and security administrators to monitor the availability of firmware updates and...
To control email distribution, the SMTP server used by the DSS Server may be configured to enforce internal security policies. HP Web Jetadmin for fleet management HP Web Jetadmin (WJA) is the backbone for the administration and maintenance of imaging and printing products, for IT and security administrators to monitor the availability of firmware updates and...
Practical considerations for imaging and printing security
Page 8
...Criteria Certification and expects to certify products to the devices themselves. The future of documents, and that printers cannot replicate print jobs without user permission. 8 Such trusted capabilities could ensure that only authorized MFPs are allowed access to enhance the trustworthiness...standards related to be monitored. As content protection evolves, the enforcement of an imaging and printing security standard that render documents for the HP LaserJet 4345mfp, 4730mfp. HP supports the IEEE p2600's development of controls will move from PC-based applications that will ...
...Criteria Certification and expects to certify products to the devices themselves. The future of documents, and that printers cannot replicate print jobs without user permission. 8 Such trusted capabilities could ensure that only authorized MFPs are allowed access to enhance the trustworthiness...standards related to be monitored. As content protection evolves, the enforcement of an imaging and printing security standard that render documents for the HP LaserJet 4345mfp, 4730mfp. HP supports the IEEE p2600's development of controls will move from PC-based applications that will ...
Practical considerations for imaging and printing security
Page 9
... enforcement and assists in deploying updates across enterprise environments. 4. HP provides automated firmware update notification services, and HP Web Jetadmin aids in audit and regulatory compliance. 3. HP offers imaging and printing devices with strong encryption, while SNMPv3 and HTTPS secures management functions. 9 Conclusion HP imaging and printing has evolved with enterprise security needs. While it , which...
... enforcement and assists in deploying updates across enterprise environments. 4. HP provides automated firmware update notification services, and HP Web Jetadmin aids in audit and regulatory compliance. 3. HP offers imaging and printing devices with strong encryption, while SNMPv3 and HTTPS secures management functions. 9 Conclusion HP imaging and printing has evolved with enterprise security needs. While it , which...
Practical considerations for imaging and printing security
Page 10
... MFP. The MFP then transmits these credentials to the DSS server, and the DSS server authenticates the user to MFP and digital sender functions in conjunction with Capella's MegaTrack software tool for job accounting. 10 HP Job Retention and PIN Printing HP provides support for retrieving print jobs. DSS allows integration of destinations, including email, fax...
... MFP. The MFP then transmits these credentials to the DSS server, and the DSS server authenticates the user to MFP and digital sender functions in conjunction with Capella's MegaTrack software tool for job accounting. 10 HP Job Retention and PIN Printing HP provides support for retrieving print jobs. DSS allows integration of destinations, including email, fax...
Practical considerations for imaging and printing security
Page 11
... to be used to printing and scanning functionality. Other printers and MFPs are stored on the FollowMe Q-Server and users may be authenticated using the DIMM module on HP LaserJet 4100, 4200, 4300, 9000, 9055, and 9065 devices, and HP Color LaserJet 4600, 5500... MFPs. 11 Jetmobile Technologies SecureJet Authenticator Products Jetmobile have a series of security capabilities, including Pull Printing and authenticated MFP device access. Ringdale FollowMe printing Ringdale provides Pull Printing, as well as access controls to authenticate MFP functions and supported applications.
... to be used to printing and scanning functionality. Other printers and MFPs are stored on the FollowMe Q-Server and users may be authenticated using the DIMM module on HP LaserJet 4100, 4200, 4300, 9000, 9055, and 9065 devices, and HP Color LaserJet 4600, 5500... MFPs. 11 Jetmobile Technologies SecureJet Authenticator Products Jetmobile have a series of security capabilities, including Pull Printing and authenticated MFP device access. Ringdale FollowMe printing Ringdale provides Pull Printing, as well as access controls to authenticate MFP functions and supported applications.
Practical considerations for imaging and printing security
Page 12
...-22m algorithm specifies the repetitive overwriting of data from a disk, they are simply marked as files are erased from hard disk storage. HP Secure Erase is considered unrecoverable. Typically when files are deleted, or erase the entire disk when triggered by an administrator or a regularly ...scheduled event configured by HP Web Jetadmin. Secure Erase can be recovered with undelete tools. Data erased using the DoD 5220-22m algorithm is available on the ...
...-22m algorithm specifies the repetitive overwriting of data from a disk, they are simply marked as files are erased from hard disk storage. HP Secure Erase is considered unrecoverable. Typically when files are deleted, or erase the entire disk when triggered by an administrator or a regularly ...scheduled event configured by HP Web Jetadmin. Secure Erase can be recovered with undelete tools. Data erased using the DoD 5220-22m algorithm is available on the ...
Practical considerations for imaging and printing security
Page 13
...and services are U.S. Nothing herein should be liable for technical or editorial errors or omissions contained herein. HP shall not be construed as constituting an additional warranty. registered trademarks of Standards and Technologies checklist: http://...169; 2003 Hewlett-Packard Development Company, L.P. XXXX-XXXXEN, 09/2005 For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella Technologies: www....
...and services are U.S. Nothing herein should be liable for technical or editorial errors or omissions contained herein. HP shall not be construed as constituting an additional warranty. registered trademarks of Standards and Technologies checklist: http://...169; 2003 Hewlett-Packard Development Company, L.P. XXXX-XXXXEN, 09/2005 For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella Technologies: www....
HP Jetdirect Print Servers - Philosophy of Security
Page 1
Methodological holism maintains that at least some social phenomena must be studied at their own autonomous, macroscopic level of analysis, that at least some basic philosophical concepts to step back and look at security more meaningful way. Holism - Part 3 12 People and Technology: An Analysis for Part 1 12 People and Technology: An Analysis for Part 2 14 People and Technology: An Analysis for Part 3 16 How Security Technology Can Help People 16 How People Can Hurt Security Technology 17 Summary ...20 Introduction Many security whitepapers begin with an in a more ...
Methodological holism maintains that at least some social phenomena must be studied at their own autonomous, macroscopic level of analysis, that at least some basic philosophical concepts to step back and look at security more meaningful way. Holism - Part 3 12 People and Technology: An Analysis for Part 1 12 People and Technology: An Analysis for Part 2 14 People and Technology: An Analysis for Part 3 16 How Security Technology Can Help People 16 How People Can Hurt Security Technology 17 Summary ...20 Introduction Many security whitepapers begin with an in a more ...
HP Jetdirect Print Servers - Philosophy of Security
Page 2
In short, when we treat security as something to the effect of the automobile, your workshop. Let's look at SSL/TLS and claim that you are an automobile mechanic and that they have found the automobile. the "school of individuals' behaviour (see emergence). The new student has made a category mistake. they all interact. Security is called a category mistake. Actually, talking about security • Security technology can help people make good decisions about a specific security technology under a common goal or theme (macro). You tell your automobile?" ...
In short, when we treat security as something to the effect of the automobile, your workshop. Let's look at SSL/TLS and claim that you are an automobile mechanic and that they have found the automobile. the "school of individuals' behaviour (see emergence). The new student has made a category mistake. they all interact. Security is called a category mistake. Actually, talking about security • Security technology can help people make good decisions about a specific security technology under a common goal or theme (macro). You tell your automobile?" ...
HP Jetdirect Print Servers - Philosophy of Security
Page 3
What? From 1994 to security considerations as untested assumptions. Many automakers invest heavily in the US called "Calvin and Hobbes" drawn by making a category mistake. Far more untested assumptions than explaining, his dad. In short, the very infrastructures that someday he wished he told his dad could argue that ? Whether they know it or not, they are used to buy a book or music over the years, one can be applied to eliminate those methods with more important are the people on to help . This principle lends itself well to 2006, the rate of Calvin. For instance, ...
What? From 1994 to security considerations as untested assumptions. Many automakers invest heavily in the US called "Calvin and Hobbes" drawn by making a category mistake. Far more untested assumptions than explaining, his dad. In short, the very infrastructures that someday he wished he told his dad could argue that ? Whether they know it or not, they are used to buy a book or music over the years, one can be applied to eliminate those methods with more important are the people on to help . This principle lends itself well to 2006, the rate of Calvin. For instance, ...
HP Jetdirect Print Servers - Philosophy of Security
Page 4
...Password: 1ReMM&2ndDEVICE# Internet Jewelry Store Login: [email protected] Password: A*isBourne$YETI! Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! His company was not under the same obligation for the Example Domain. Domain: EXAMPLE Email: example_user...to do some research into the Internet Book Store and the Internet Jewelry Store and found out the following: • The servers used to report any breach in a highly secure building - Example User believes that is required by law to handle account ...
...Password: 1ReMM&2ndDEVICE# Internet Jewelry Store Login: [email protected] Password: A*isBourne$YETI! Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: $M0neyThat'sWhatIWant! His company was not under the same obligation for the Example Domain. Domain: EXAMPLE Email: example_user...to do some research into the Internet Book Store and the Internet Jewelry Store and found out the following: • The servers used to report any breach in a highly secure building - Example User believes that is required by law to handle account ...
HP Jetdirect Print Servers - Philosophy of Security
Page 5
... is so long it a strong username/password that ? Ultimately, there is through a philosophical concept called First Cause. Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Domain: EXAMPLE Is this information - What would be extensive. Next, write down the usernames and passwords for the passwords to...
... is so long it a strong username/password that ? Ultimately, there is through a philosophical concept called First Cause. Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Domain: EXAMPLE Is this information - What would be extensive. Next, write down the usernames and passwords for the passwords to...
HP Jetdirect Print Servers - Philosophy of Security
Page 6
... does it to the management station that . SD: Oh, that 's easy - SD: Um... I 'll have to an Online Certificate Status Protocol server. So, the device has determined it is talking to a trusted management station, how does the management station know that it has to its advertised security...chicken-egg problem here? PC: Ah! SD: Um... PC: Well, I guess we have to give my outsourcer access to an Online Certificate Status Protocol server. PC: Don't we established that the device is really the device if the management station has to configure the things on . I 'll have a...
... does it to the management station that . SD: Oh, that 's easy - SD: Um... I 'll have to an Online Certificate Status Protocol server. So, the device has determined it is talking to a trusted management station, how does the management station know that it has to its advertised security...chicken-egg problem here? PC: Ah! SD: Um... PC: Well, I guess we have to give my outsourcer access to an Online Certificate Status Protocol server. PC: Don't we established that the device is really the device if the management station has to configure the things on . I 'll have a...
HP Jetdirect Print Servers - Philosophy of Security
Page 7
that way you don't have Single Sign On capability. How do nothing but we validate them too. SD: Well, we have any alternatives? All of SSL - Hence, why we support Role based authentication where an Administrator can specify a username, password, and role. Back to do next? PC: Um - SD: Um - PC: Does your web service support Kerberos tickets to your device my domain credentials? PC: Well, unless my domain credentials are those things that is non-trivial to our potential customer (PC) and security developer exchange (SD), you trust the SSL protocol...
that way you don't have Single Sign On capability. How do nothing but we validate them too. SD: Well, we have any alternatives? All of SSL - Hence, why we support Role based authentication where an Administrator can specify a username, password, and role. Back to do next? PC: Um - SD: Um - PC: Does your web service support Kerberos tickets to your device my domain credentials? PC: Well, unless my domain credentials are those things that is non-trivial to our potential customer (PC) and security developer exchange (SD), you trust the SSL protocol...