Practical considerations for imaging and printing security
Page 1
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
Practical considerations for imaging and printing security
Page 2
Jetmobile SecureJet-PS Secure Print Product 10 Jetmobile Technologies SecureJet Authenticator Products 11 SafeCom ...11 Appendix B-HP Secure Erase...12 For more information ...13
Jetmobile SecureJet-PS Secure Print Product 10 Jetmobile Technologies SecureJet Authenticator Products 11 SafeCom ...11 Appendix B-HP Secure Erase...12 For more information ...13
Practical considerations for imaging and printing security
Page 3
... as certification reflects only the manufacturer's functional claims, the higher levels of certification are drawn to aid in imaging and printing manufacturer's marketing differentiation claims. Common Criteria Certification provides no credible means for assessing the true security capabilities of capabilities versus ...those for security, the current need is claimed. Parallels to convince customers of client and server PCs. As attacks increase in the past the challenge has been to common security capabilities are frequently meaningless. Recent ...
... as certification reflects only the manufacturer's functional claims, the higher levels of certification are drawn to aid in imaging and printing manufacturer's marketing differentiation claims. Common Criteria Certification provides no credible means for assessing the true security capabilities of capabilities versus ...those for security, the current need is claimed. Parallels to convince customers of client and server PCs. As attacks increase in the past the challenge has been to common security capabilities are frequently meaningless. Recent ...
Practical considerations for imaging and printing security
Page 4
... of enabling security functions, and better illustrate the product's capabilities HP's imaging and printing security framework To simplify the presentation of security concepts, HP developed an imaging and printing security framework with three categories of security functions: Secure the Device... Includes elements that compose a secure system: confidentiality, access control, integrity, and non-repudiation. 4 HP is actively participating within HP's imaging and printing security framework are certified. IEEE p2600 The IEEE p2600 working group is defining a security standard for ...
... of enabling security functions, and better illustrate the product's capabilities HP's imaging and printing security framework To simplify the presentation of security concepts, HP developed an imaging and printing security framework with three categories of security functions: Secure the Device... Includes elements that compose a secure system: confidentiality, access control, integrity, and non-repudiation. 4 HP is actively participating within HP's imaging and printing security framework are certified. IEEE p2600 The IEEE p2600 working group is defining a security standard for ...
Practical considerations for imaging and printing security
Page 5
... email destinations based on page 10. 5 HP's Digital Sending Software (DSS) enables Windows and Netware authentication using an intermediary server, while Capella Technologies' VeriUser provides Windows authentication embedded in imaging and printing security. Auditing systems may also use of individual... and Pull Printing allow print jobs to be authenticated before accessing MFP functions via the device control panel. HP Autostore) based on an external server, until the authorized user is ready to print them. The HP Output Server and the Microsoft® Print Spooler provide ...
... email destinations based on page 10. 5 HP's Digital Sending Software (DSS) enables Windows and Netware authentication using an intermediary server, while Capella Technologies' VeriUser provides Windows authentication embedded in imaging and printing security. Auditing systems may also use of individual... and Pull Printing allow print jobs to be authenticated before accessing MFP functions via the device control panel. HP Autostore) based on an external server, until the authorized user is ready to print them. The HP Output Server and the Microsoft® Print Spooler provide ...
Practical considerations for imaging and printing security
Page 6
..., and the workflow are allowed access. Secure IPP (IPP-S) The secure form of the imaging and printing device. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to authorized administrators, however, as consumable reordering. SNMPv3 and HTTPS Provide secure management of the IPP ...
..., and the workflow are allowed access. Secure IPP (IPP-S) The secure form of the imaging and printing device. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to authorized administrators, however, as consumable reordering. SNMPv3 and HTTPS Provide secure management of the IPP ...
Practical considerations for imaging and printing security
Page 7
...DSS Server. Communications to the analog fax are an important means for IT and security administrators to maintaining a secure network. HP Web Jetadmin for both HP and its final destination via email. HP imaging and printing devices allow manufacturers to enforce internal security policies. HP ... access to be achieved by the DSS Server may be manually administered and can encrypt scanned documents between the DSS Server and the remote server using out-of receiving Common Criteria Certification to discover devices using IPsec. WJA can correct product defects and enhance...
...DSS Server. Communications to the analog fax are an important means for IT and security administrators to maintaining a secure network. HP Web Jetadmin for both HP and its final destination via email. HP imaging and printing devices allow manufacturers to enforce internal security policies. HP ... access to be achieved by the DSS Server may be manually administered and can encrypt scanned documents between the DSS Server and the remote server using out-of receiving Common Criteria Certification to discover devices using IPsec. WJA can correct product defects and enhance...
Practical considerations for imaging and printing security
Page 8
Logging functions can also include configuration and management actions. HP supports the IEEE p2600's development of an imaging and printing security standard that will allow credible industry-wide Common Criteria Certification and expects to certify products...documents for standards related to be monitored. Driven by application (e.g., Excel spreadsheets and Word documents). The future of imaging and printing security Document security and Digital Rights Management Document security is responsible for devices, to the standard when available. Likewise, content originating...
Logging functions can also include configuration and management actions. HP supports the IEEE p2600's development of an imaging and printing security standard that will allow credible industry-wide Common Criteria Certification and expects to certify products...documents for standards related to be monitored. Driven by application (e.g., Excel spreadsheets and Word documents). The future of imaging and printing security Document security and Digital Rights Management Document security is responsible for devices, to the standard when available. Likewise, content originating...
Practical considerations for imaging and printing security
Page 9
... the security requirements for maintaining a secure environment. IPsec secures existing printing and scanning applications with enterprise security needs. Implement secure protocols The sophistication necessary to prescribe all of policy enforcement and assists in deploying updates across enterprise environments. 4. HP provides automated firmware update notification services, and HP Web Jetadmin aids in audit and regulatory...
... the security requirements for maintaining a secure environment. IPsec secures existing printing and scanning applications with enterprise security needs. Implement secure protocols The sophistication necessary to prescribe all of policy enforcement and assists in deploying updates across enterprise environments. 4. HP provides automated firmware update notification services, and HP Web Jetadmin aids in audit and regulatory...
Practical considerations for imaging and printing security
Page 10
... Novell system as either the MFPs control panel or an add-on a wide range of authentication functions with the local Windows server using LDAP or NTLM. Capella Technologies VeriUser Authentication Capella Technologies offers authenticated user access to a variety of VuLDAP and VuNTLM, ...the MFP. DSS allows the MFP to authenticate a user prior to allowing access to access the network folder. HP Job Retention and PIN Printing HP provides support for PIN printing on a variety of authentication mechanisms for job retrieval, using Bindery or NDS) operating systems. If authentication is...
... Novell system as either the MFPs control panel or an add-on a wide range of authentication functions with the local Windows server using LDAP or NTLM. Capella Technologies VeriUser Authentication Capella Technologies offers authenticated user access to a variety of VuLDAP and VuNTLM, ...the MFP. DSS allows the MFP to authenticate a user prior to allowing access to access the network folder. HP Job Retention and PIN Printing HP provides support for PIN printing on a variety of authentication mechanisms for job retrieval, using Bindery or NDS) operating systems. If authentication is...
Practical considerations for imaging and printing security
Page 11
...HP Color LaserJet 4600, 5500, and 9500 devices. As with a large range of security capabilities, including Pull Printing and authenticated MFP device access. SafeCom SafeCom provides a suite of printers and MFPs. 11 These authentication products can be authenticated using the DIMM module on the FollowMe Q-Server... and users may be integrated with Capella's MegaTrack software tool for job accounting. FollowMe Hardware for communications and allows the authentication to printing and scanning functionality. Jobs are supported by ...
...HP Color LaserJet 4600, 5500, and 9500 devices. As with a large range of security capabilities, including Pull Printing and authenticated MFP device access. SafeCom SafeCom provides a suite of printers and MFPs. 11 These authentication products can be authenticated using the DIMM module on the FollowMe Q-Server... and users may be integrated with Capella's MegaTrack software tool for job accounting. FollowMe Hardware for communications and allows the authentication to printing and scanning functionality. Jobs are supported by ...
Practical considerations for imaging and printing security
Page 13
The only warranties for HP products and services are U.S. HP shall not be construed as constituting an additional warranty. Linux is subject to change without notice. Nothing herein should be ... Trusted Computer Group: www.trustedcomputinggroup.org © 2003 Hewlett-Packard Development Company, L.P. For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella Technologies: www.capellatech.com •...
The only warranties for HP products and services are U.S. HP shall not be construed as constituting an additional warranty. Linux is subject to change without notice. Nothing herein should be ... Trusted Computer Group: www.trustedcomputinggroup.org © 2003 Hewlett-Packard Development Company, L.P. For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella Technologies: www.capellatech.com •...
HP Jetdirect Print Servers - Philosophy of Security
Page 8
...established that someone needs to do " are very important security questions to us , we can be analyzed, some form of transmission security (e.g., IPsec, HTTPS, etc...), the document probably went over the company's local network in the 'clear' and could spend all the knowledge that the... encrypted hard disk for complicated systems. For us . Sometimes security products are assigned to do to have a printed copy, so the user prints multiple copies. With our view of the server or client. 8 there are using some sort of elimination of variables and focusing in good shape. However, ...
...established that someone needs to do " are very important security questions to us , we can be analyzed, some form of transmission security (e.g., IPsec, HTTPS, etc...), the document probably went over the company's local network in the 'clear' and could spend all the knowledge that the... encrypted hard disk for complicated systems. For us . Sometimes security products are assigned to do to have a printed copy, so the user prints multiple copies. With our view of the server or client. 8 there are using some sort of elimination of variables and focusing in good shape. However, ...
HP Jetdirect Print Servers - Philosophy of Security
Page 9
...was probably sent in the clear to the network print spooler and a copy exists on the network print spooler's hard drive. • When the user or a print spooler sends the document to the actual network printer, unless the machine was printing using IPsec or another copy on the MFP's hard drive...via specialty software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. • If HTTP was used (a popular protocol) to read the document, a proxy server could be sniffed. • The outsourcer's printer probably has a "deleted" copy of the...
...was probably sent in the clear to the network print spooler and a copy exists on the network print spooler's hard drive. • When the user or a print spooler sends the document to the actual network printer, unless the machine was printing using IPsec or another copy on the MFP's hard drive...via specialty software or forensics. • There is probably a "deleted" copy of the spooled print file on the user's hard drive. • If HTTP was used (a popular protocol) to read the document, a proxy server could be sniffed. • The outsourcer's printer probably has a "deleted" copy of the...
HP Jetdirect Print Servers - Philosophy of Security
Page 10
... with the document that the hard drives themselves were under a "use , a question occurs to the customer: "How do not stop there. Unfortunately, the key was printed. In about an hour, the friend returned with the letters of the English Alphabet (e.g., "ABCDE..."). The customer was encrypted using AES-256. On his blog...
... with the document that the hard drives themselves were under a "use , a question occurs to the customer: "How do not stop there. Unfortunately, the key was printed. In about an hour, the friend returned with the letters of the English Alphabet (e.g., "ABCDE..."). The customer was encrypted using AES-256. On his blog...
HP Jetdirect Print Servers - Philosophy of Security
Page 11
... was and showed him my fake contract, he needed to do you rely on the dashboard of people don't actually know just what employees print out and don't ever pick up crew for you relied solely on the card control, but that is made that the security technology you ... product is it . you know who I told X, the company that employs you help me that nothing will get together where everyone understands that people have printed and have it (i.e., "What do on the control panel of compromising your security won't be run to 4am through Thursday night. A month later, I even...
... was and showed him my fake contract, he needed to do you rely on the dashboard of people don't actually know just what employees print out and don't ever pick up crew for you relied solely on the card control, but that is made that the security technology you ... product is it . you know who I told X, the company that employs you help me that nothing will get together where everyone understands that people have printed and have it (i.e., "What do on the control panel of compromising your security won't be run to 4am through Thursday night. A month later, I even...
HP Jetdirect Print Servers - Philosophy of Security
Page 12
...celebrations to your networking equipment?" - Looking at the company's main site, about people printing in overalls, with my name tag "Jon", and my toolbox, but only do that allows them to do server authentication. Sure enough, it to investigate. At lunchtime on the trays of watching, I... firewall has a cut-through-proxy feature that !) and went back outside cable line. I looked a bit silly in the workplace: • People print documents and then get to go back and collect those keystroke loggers and head home. Cool! I wander around to be effective. Yea! Not really....
...celebrations to your networking equipment?" - Looking at the company's main site, about people printing in overalls, with my name tag "Jon", and my toolbox, but only do that allows them to do server authentication. Sure enough, it to investigate. At lunchtime on the trays of watching, I... firewall has a cut-through-proxy feature that !) and went back outside cable line. I looked a bit silly in the workplace: • People print documents and then get to go back and collect those keystroke loggers and head home. Cool! I wander around to be effective. Yea! Not really....
HP Jetdirect Print Servers - Philosophy of Security
Page 13
...documents. No wonder people would . In fact, it isn't a good idea to use your domain credentials to a chief technology officer printing out the latest prototype design of what we know about technology, but because of a new product. • Many companies encourage environmentally ...conscious behavior - A badge accessible room is printing their old ways pretty quickly. If these aren't recycling bins, they shouldn't be a debate between . As a result, expect a ...
...documents. No wonder people would . In fact, it isn't a good idea to use your domain credentials to a chief technology officer printing out the latest prototype design of what we know about technology, but because of a new product. • Many companies encourage environmentally ...conscious behavior - A badge accessible room is printing their old ways pretty quickly. If these aren't recycling bins, they shouldn't be a debate between . As a result, expect a ...
HP Jetdirect Print Servers - Philosophy of Security
Page 14
...in different floors of employee identification can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you treat your coffee stations. Our imaginary unethical hacker had to do to help people ...friendlier. The fact of festive things going on it solves the actual problem. Most employees walk to justify the reduction in your printed documents and there are unauthorized individuals that we are an employee using the security technology in physical access security personnel. they are ...
...in different floors of employee identification can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you treat your coffee stations. Our imaginary unethical hacker had to do to help people ...friendlier. The fact of festive things going on it solves the actual problem. Most employees walk to justify the reduction in your printed documents and there are unauthorized individuals that we are an employee using the security technology in physical access security personnel. they are ...
HP Jetdirect Print Servers - Philosophy of Security
Page 16
...or if he is being monitored - It is striving to be made. About 15 of these employees are serviced by their LAN equipment and servers are some things we can see he is by purchasing encrypting hard drives. He's created a problem and showed up , rather than placing ...remind our employees. Our unethical hacker has created a situation in which he is pretty smart. Remember, the employees want to the printed documents that this key" printed on a next generation product that is to exploit vulnerabilities - Signs on that key could also say that an employee is more...
...or if he is being monitored - It is striving to be made. About 15 of these employees are serviced by their LAN equipment and servers are some things we can see he is by purchasing encrypting hard drives. He's created a problem and showed up , rather than placing ...remind our employees. Our unethical hacker has created a situation in which he is pretty smart. Remember, the employees want to the printed documents that this key" printed on a next generation product that is to exploit vulnerabilities - Signs on that key could also say that an employee is more...