HP Designjet Printers - Security Features
Page 3
... 3.10 CA/JD Certificates 22 3.11 Hide IP from front panel 22 3.12 Encrypt web communications 22 3.13 Disable USB drive 23 3.14 Disable firmware update through USB 23 3.15 Disable direct print using ePrint&Share 23 3.16 Disable ePrint connectivity 23 3.17 Disable internet connection 23 3.18 Printer Access control 24 3.19 External hard disk (EHD 24 How the system works ...24 4. Introduction & Overview 4 2. HP Designjet Printer Series Security Settings Table of Contents 1. Glossary ...26 3
... 3.10 CA/JD Certificates 22 3.11 Hide IP from front panel 22 3.12 Encrypt web communications 22 3.13 Disable USB drive 23 3.14 Disable firmware update through USB 23 3.15 Disable direct print using ePrint&Share 23 3.16 Disable ePrint connectivity 23 3.17 Disable internet connection 23 3.18 Printer Access control 24 3.19 External hard disk (EHD 24 How the system works ...24 4. Introduction & Overview 4 2. HP Designjet Printer Series Security Settings Table of Contents 1. Glossary ...26 3
HP Designjet Printers - Security Features
Page 4
... models) WJA/FP N/A Control panel lock EWS/WJA EWS EWS/WJA EWS/WJA N/A N/A EWS multilevel Exclude personal info. HP Designjet Printer Series Security Settings 1. Introduction & Overview This document is a table summarizing the new and existing security features of February 2012. Note: If your printer has the latest firmware version to being deployed into environments where network, data, access control, and security are implemented using the Embedded Web Server...
... models) WJA/FP N/A Control panel lock EWS/WJA EWS EWS/WJA EWS/WJA N/A N/A EWS multilevel Exclude personal info. HP Designjet Printer Series Security Settings 1. Introduction & Overview This document is a table summarizing the new and existing security features of February 2012. Note: If your printer has the latest firmware version to being deployed into environments where network, data, access control, and security are implemented using the Embedded Web Server...
HP Designjet Printers - Security Features
Page 5
HP Designjet Printer Series Security Settings Secure file erase Secure disk erase Control panel lock EWS multilevel Exclude personal info. from accounting Disable interfaces Disable protocols IPSec SNMPv3 CA/JD Certificates Hide IP from FP Encrypt web comms Disable USB drive Disable fmw update thru USB Disable direct print... N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Disable ePrint Center connectivity Disable internet connection Printer access control External HDD N/A N/A N/A Yes N/A N/A N/A N/A HD ver (from fw 6.0.0.6) N/A N/A No N/A N/A N/A No N/A N/A...
HP Designjet Printer Series Security Settings Secure file erase Secure disk erase Control panel lock EWS multilevel Exclude personal info. from accounting Disable interfaces Disable protocols IPSec SNMPv3 CA/JD Certificates Hide IP from FP Encrypt web comms Disable USB drive Disable fmw update thru USB Disable direct print... N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Disable ePrint Center connectivity Disable internet connection Printer access control External HDD N/A N/A N/A Yes N/A N/A N/A N/A HD ver (from fw 6.0.0.6) N/A N/A No N/A N/A N/A No N/A N/A...
HP Designjet Printers - Security Features
Page 6
... Yes No Yes Access to images in scanner through network Yes, by default (FTP & EWS Read only) No No Microsoft Security patches Yes through scanner SW update Install scanner software into a Possible but not official process No separate PC Not needed (Linux based) No 6 HP Designjet Printer Series Security Settings 2. Security features available for the scanner please refer to the following table: Firewall Antivirus installation Disable FTP & WebAccess...
... Yes No Yes Access to images in scanner through network Yes, by default (FTP & EWS Read only) No No Microsoft Security patches Yes through scanner SW update Install scanner software into a Possible but not official process No separate PC Not needed (Linux based) No 6 HP Designjet Printer Series Security Settings 2. Security features available for the scanner please refer to the following table: Firewall Antivirus installation Disable FTP & WebAccess...
HP Designjet Printers - Security Features
Page 7
... mode of operation and is the default for all file pointers to the Secure Files Erase feature. HP Designjet Printer Series Security Settings 3. Temporary data remains on the Hard Disk Drive until the disk space it occupies is a feature that manages how files are erased. For further information, refer to the printer's user manual, as the actual menu options might contain sensitive data are three security modes to the data...
... mode of operation and is the default for all file pointers to the Secure Files Erase feature. HP Designjet Printer Series Security Settings 3. Temporary data remains on the Hard Disk Drive until the disk space it occupies is a feature that manages how files are erased. For further information, refer to the printer's user manual, as the actual menu options might contain sensitive data are three security modes to the data...
HP Designjet Printers - Security Features
Page 8
... the same level of an HP Support representative. • HP Web JetAdmin access: The user interface that is the HP Web JetAdmin. This setting can only be done via Web JetAdmin, or the Front Panel "Service menu" which is only accessible with the help of security erase. HP Designjet Printer Series Security Settings 3.2 Secure Disk Erase In either of HP LaserJet's and HP Designjets. The sanitizing method removes any user data in the Web JetAdmin device...
... the same level of an HP Support representative. • HP Web JetAdmin access: The user interface that is the HP Web JetAdmin. This setting can only be done via Web JetAdmin, or the Front Panel "Service menu" which is only accessible with the help of security erase. HP Designjet Printer Series Security Settings 3.2 Secure Disk Erase In either of HP LaserJet's and HP Designjets. The sanitizing method removes any user data in the Web JetAdmin device...
HP Designjet Printers - Security Features
Page 9
... all data and takes a long time, when you have entered into the "Service Menu" with the help of the feature in the front panel is Disk Wipe DoD 5220.220M, and the three options are called "Insecure Mode", "1-pass mode" and "5-pass mode" First you need to perform a secure hard disk erase in the HP Designjet T2300 printer. 9 HP Designjet Printer Series Security Settings • Printer's Front Panel access: Once...
... all data and takes a long time, when you have entered into the "Service Menu" with the help of the feature in the front panel is Disk Wipe DoD 5220.220M, and the three options are called "Insecure Mode", "1-pass mode" and "5-pass mode" First you need to perform a secure hard disk erase in the HP Designjet T2300 printer. 9 HP Designjet Printer Series Security Settings • Printer's Front Panel access: Once...
HP Designjet Printers - Security Features
Page 12
... printer settings, the job queue, information and service prints and the printer log, on top of Minimum Lock. • Minimum Lock - This option denies access to load/unload paper or replace printheads/ink cartridges without first unlocking the front panel, and so these options should only be enabled from the T1200 Embedded Web server as shown below: The following table shows the different levels access and what they enable or disable...
... printer settings, the job queue, information and service prints and the printer log, on top of Minimum Lock. • Minimum Lock - This option denies access to load/unload paper or replace printheads/ink cartridges without first unlocking the front panel, and so these options should only be enabled from the T1200 Embedded Web server as shown below: The following table shows the different levels access and what they enable or disable...
HP Designjet Printers - Security Features
Page 13
... control panel has been locked and the administrator has lost . Contact HP Support in case of problems related to deadlock. 3.4 Embedded Web Server (EWS) multilevel access The Embedded Web Server is a powerful tool which enables direct management of a device such as an HP LaserJet printer or an HP Designjet printer, however with the guidance of the passwords you have implemented two levels of access to our compatible HP Designjet printers as they can be configured using...
... control panel has been locked and the administrator has lost . Contact HP Support in case of problems related to deadlock. 3.4 Embedded Web Server (EWS) multilevel access The Embedded Web Server is a powerful tool which enables direct management of a device such as an HP LaserJet printer or an HP Designjet printer, however with the guidance of the passwords you have implemented two levels of access to our compatible HP Designjet printers as they can be configured using...
HP Designjet Printers - Security Features
Page 14
HP Designjet Printer Series Security Settings Administrator password Access control is enabled by setting the "Admin account password", specifying a password for the user account at Admin level. You must then provide the Admin password in order to perform any of the following restricted operations: • Cancel, delete or preview a job in the job queue. • Delete a stored job. • Clear accounting information. • Change printer's settings on the Device Setup page. • Update printer's firmware. • Change printer's date and time. • Change security settings. ...
HP Designjet Printer Series Security Settings Administrator password Access control is enabled by setting the "Admin account password", specifying a password for the user account at Admin level. You must then provide the Admin password in order to perform any of the following restricted operations: • Cancel, delete or preview a job in the job queue. • Delete a stored job. • Clear accounting information. • Change printer's settings on the Device Setup page. • Update printer's firmware. • Change printer's date and time. • Change security settings. ...
HP Designjet Printers - Security Features
Page 17
...-level password, then the networking password is only used for controlling access to the networking area of the Embedded Web Server allows you to setup another password. If the EWS does not have 1-level password access to the Embedded Web Server. If the guest account is no administrator account, restricted operations can also set the guest user account by specifying a password for the guest. HP Designjet Printer Series Security Settings If there is not set, a username and password...
...-level password, then the networking password is only used for controlling access to the networking area of the Embedded Web Server allows you to setup another password. If the EWS does not have 1-level password access to the Embedded Web Server. If the guest account is no administrator account, restricted operations can also set the guest user account by specifying a password for the guest. HP Designjet Printer Series Security Settings If there is not set, a username and password...
HP Designjet Printers - Security Features
Page 18
... enable this option is typically used for managed print or pay-per-use contracts to ensure that you have to setting. Typically this setting, you also have also to fill in the destination of the report using the Send accounting files to configure the e-mail server on the Setup Page. HP Designjet Printer Series Security Settings 3.5 Exclude personal info from accounting e-mail is now available in the Embedded Web server...
... enable this option is typically used for managed print or pay-per-use contracts to ensure that you have to setting. Typically this setting, you also have also to fill in the destination of the report using the Send accounting files to configure the e-mail server on the Setup Page. HP Designjet Printer Series Security Settings 3.5 Exclude personal info from accounting e-mail is now available in the Embedded Web server...
HP Designjet Printers - Security Features
Page 19
... from connecting a laptop directly into the printer and printing through the USB. HP Designjet Printer Series Security Settings 3.6 Disable connectivity interfaces Depending on the printer series, there are using to disable the onboard Ethernet. If you might want to access the Embedded Web server. Keep in case the printer's front panel is locked and you are some ports that disabling a connectivity option could cut off network access to the printer. As a security measure, you cannot disable the connection you...
... from connecting a laptop directly into the printer and printing through the USB. HP Designjet Printer Series Security Settings 3.6 Disable connectivity interfaces Depending on the printer series, there are using to disable the onboard Ethernet. If you might want to access the Embedded Web server. Keep in case the printer's front panel is locked and you are some ports that disabling a connectivity option could cut off network access to the printer. As a security measure, you cannot disable the connection you...
HP Designjet Printers - Security Features
Page 20
... is not supported, firewall pages will ensure your policy is not easily disabled through telnet to manage the printer network settings. protocols option in the Embedded Web Server or Network enable features in Web JetAdmin. 3.8 IPSec A Firewall or IP Security (IPsec) policy allows you have a secure access to your printer. If IPsec is supported by the print server and device. This will be configured. HP Designjet Printer Series Security Settings 3.7 Disable protocols...
... is not supported, firewall pages will ensure your policy is not easily disabled through telnet to manage the printer network settings. protocols option in the Embedded Web Server or Network enable features in Web JetAdmin. 3.8 IPSec A Firewall or IP Security (IPsec) policy allows you have a secure access to your printer. If IPsec is supported by the print server and device. This will be configured. HP Designjet Printer Series Security Settings 3.7 Disable protocols...
HP Designjet Printers - Security Features
Page 22
... be configured to use for network clients, and as a valid Web server for secure communications. Otherwise, sensitive management data (Administrator Password, SNMP Community Names, and secret keys) may use the pre-installed, self-signed X.509 Certificate. To authenticate the HP JetDirect Web Server when HTTPS is used to hide all connections to allow both as a valid client requesting access on the HP JetDirect print server. By default, the JetDirect print server contains...
... be configured to use for network clients, and as a valid Web server for secure communications. Otherwise, sensitive management data (Administrator Password, SNMP Community Names, and secret keys) may use the pre-installed, self-signed X.509 Certificate. To authenticate the HP JetDirect Web Server when HTTPS is used to hide all connections to allow both as a valid client requesting access on the HP JetDirect print server. By default, the JetDirect print server contains...
HP Designjet Printers - Security Features
Page 23
... directly with a USB cable, you cannot print through USB This option is used to disable the possibility of the printer to the internet. This option would also prevent the printer from automatically performing firmware upgrades. 23 HP Designjet Printer Series Security Settings 3.13 Disable USB drive You can use this option to disable the USB drive preventing somebody connecting a device to print or to scan images. 3.14 Disable firmware update through the USB unless you have the driver (or ePrint&Share) installed...
... directly with a USB cable, you cannot print through USB This option is used to disable the possibility of the printer to the internet. This option would also prevent the printer from automatically performing firmware upgrades. 23 HP Designjet Printer Series Security Settings 3.13 Disable USB drive You can use this option to disable the USB drive preventing somebody connecting a device to print or to scan images. 3.14 Disable firmware update through the USB unless you have the driver (or ePrint&Share) installed...
HP Designjet Printers - Security Features
Page 24
... Printer Series Security Settings 3.18 Printer Access control For some printers, when setting an Embedded Web Server admin password you are : • Network connectivity (including also Internet connectivity and Diagnostics&troubleshooting of the network connectivity) • Control firmware upgrades • Setup • Reset factory defaults • External hard disk connection • Security If a user loses the admin password, it is a service menu option to reset the admin password. 3.19 External hard disk (EHD) Some printers allow the connection of the jobs being installed...
... Printer Series Security Settings 3.18 Printer Access control For some printers, when setting an Embedded Web Server admin password you are : • Network connectivity (including also Internet connectivity and Diagnostics&troubleshooting of the network connectivity) • Control firmware upgrades • Setup • Reset factory defaults • External hard disk connection • Security If a user loses the admin password, it is a service menu option to reset the admin password. 3.19 External hard disk (EHD) Some printers allow the connection of the jobs being installed...
HP Designjet Printers - Security Features
Page 25
... Authentication Manager Control panel lock Device Password Direct Connect Ports (USB/IEEE 1284) File erase mode File system access settings File system password Job Held Timeout Job Retention PJL Password Remote FW upgrade L9050 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes DJ T1200 No Yes Yes Yes Yes No WJA only No No No Yes 25 Designjet Security features vs LaserJet HP LaserJet printers have some...
... Authentication Manager Control panel lock Device Password Direct Connect Ports (USB/IEEE 1284) File erase mode File system access settings File system password Job Held Timeout Job Retention PJL Password Remote FW upgrade L9050 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes DJ T1200 No Yes Yes Yes Yes No WJA only No No No Yes 25 Designjet Security features vs LaserJet HP LaserJet printers have some...
HP Designjet Printers - Security Features
Page 26
... to review, configure, and change settings on a hardware device (such as Windows, Mac, or Unix - Glossary Active Directory (AD) Adobe PostScript Color Access Control Device Password (LJ feature) Domain Naming System (DNS) Embedded Web Server (EWS) File System Access settings (LJ feature) File System Password (LJ feature) Hide IP address from front Panel HP Web Jetadmin IP multicast IPSec An advanced, hierarchical directory service that use the TCP/IP protocol. It helps protect the printer...
... to review, configure, and change settings on a hardware device (such as Windows, Mac, or Unix - Glossary Active Directory (AD) Adobe PostScript Color Access Control Device Password (LJ feature) Domain Naming System (DNS) Embedded Web Server (EWS) File System Access settings (LJ feature) File System Password (LJ feature) Hide IP address from front Panel HP Web Jetadmin IP multicast IPSec An advanced, hierarchical directory service that use the TCP/IP protocol. It helps protect the printer...
HP Designjet Printers - Security Features
Page 27
... Method. For example, users may be required to log in with an Access Code or PIN to make copies yet be required to log in with a specific Log In Method for jobs to send e-mails. Once the PJL password is also the protocol for documents in with a username and password to print in a queue. Since HP recommends using HP Web Jetadmin to upgrade MFP firmware, you should select...
... Method. For example, users may be required to log in with an Access Code or PIN to make copies yet be required to log in with a specific Log In Method for jobs to send e-mails. Once the PJL password is also the protocol for documents in with a username and password to print in a queue. Since HP recommends using HP Web Jetadmin to upgrade MFP firmware, you should select...