Security Features
Page 3
...secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates ...15 Embedded Web Server (EWS) access control...16 USB drive control ...20 Jetdirect Security Wizard (HP T9x0-T15x0... features summary 44 5. Large Format scanners: security features summary 52 6. Only additions are shown ...59 Appendix 2 - HP DesignJet Printers Security Settings Table of Contents 1. Advanced workflows...38 3.1 Printing using LPR protocol...38 How to use the LPR ...
...secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates ...15 Embedded Web Server (EWS) access control...16 USB drive control ...20 Jetdirect Security Wizard (HP T9x0-T15x0... features summary 44 5. Large Format scanners: security features summary 52 6. Only additions are shown ...59 Appendix 2 - HP DesignJet Printers Security Settings Table of Contents 1. Advanced workflows...38 3.1 Printing using LPR protocol...38 How to use the LPR ...
Security Features
Page 5
... boot It prevents the loading of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. HP DesignJet Printers Security Settings 1. The printer is not listed in HP printers). Introduction & Overview This document provides an overview of unauthorized operating systems...
... boot It prevents the loading of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. HP DesignJet Printers Security Settings 1. The printer is not listed in HP printers). Introduction & Overview This document provides an overview of unauthorized operating systems...
Security Features
Page 6
...Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control)... • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to...
...Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control)... • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to...
Security Features
Page 10
Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is ... Jetadmin as shown below: 10 The protected features on the front panel are two modes of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features on the printer model). To use these features, it is a feature ...
Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is ... Jetadmin as shown below: 10 The protected features on the front panel are two modes of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features on the printer model). To use these features, it is a feature ...
Security Features
Page 13
... Control The Access Control page has three main sections for specific tasks and restrict user access by role. This function allows you to unlocked (see 3.5.1. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are available... (depending on the printer. • Sign-in and permission policies: here you can create, edit or delete the user accounts that are available on the firmware version), defining which applications are stored on the device.
... Control The Access Control page has three main sections for specific tasks and restrict user access by role. This function allows you to unlocked (see 3.5.1. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are available... (depending on the printer. • Sign-in and permission policies: here you can create, edit or delete the user accounts that are available on the firmware version), defining which applications are stored on the device.
Security Features
Page 20
HP DesignJet Printers Security Settings • These limitations do not apply to print or scan. • Firmware upgrade from USB: enable or disable the possibility of the USB to printers without touchscreen front panels, as the password can be required to access ... on the EWS for creating the preview. These features are available in two ways: • USB drive: enable or disable the use of upgrading the firmware from a USB.
HP DesignJet Printers Security Settings • These limitations do not apply to print or scan. • Firmware upgrade from USB: enable or disable the possibility of the USB to printers without touchscreen front panels, as the password can be required to access ... on the EWS for creating the preview. These features are available in two ways: • USB drive: enable or disable the use of upgrading the firmware from a USB.
Security Features
Page 23
... Self-encrypted hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the drive. HP DesignJet Printers Security Settings regardless of disk media. However, unfiltered access by HTTP hosts may need to store jobs in the Secure Files...feature is then overwritten. No temporary files are erased with a fixed character pattern. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to the network. The Secure Sanitizing Erase mode of operation meets the US Department of...
... Self-encrypted hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the drive. HP DesignJet Printers Security Settings regardless of disk media. However, unfiltered access by HTTP hosts may need to store jobs in the Secure Files...feature is then overwritten. No temporary files are erased with a fixed character pattern. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to the network. The Secure Sanitizing Erase mode of operation meets the US Department of...
Security Features
Page 25
...printer's firmware will display a progress bar until complete. Before you start the erase operation, you accept, the printer will begin the process, and will be restored to the latest version installed before this action will take depends on the amount of information stored on the HP DesignJet T2300... printer. 25 The time that the erase operation is a process which deletes all data and takes a long time. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in...
...printer's firmware will display a progress bar until complete. Before you start the erase operation, you accept, the printer will begin the process, and will be restored to the latest version installed before this action will take depends on the amount of information stored on the HP DesignJet T2300... printer. 25 The time that the erase operation is a process which deletes all data and takes a long time. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in...
Security Features
Page 35
.... Disable internet connection Disable the direct connection of the report by using the Send accounting files to configure the e-mail server on the Setup Page. HP DesignJet Printers Security Settings You can check at any later time that the shared folder remains accessible by clicking Verify in the accounting file sent by...
.... Disable internet connection Disable the direct connection of the report by using the Send accounting files to configure the e-mail server on the Setup Page. HP DesignJet Printers Security Settings You can check at any later time that the shared folder remains accessible by clicking Verify in the accounting file sent by...
Security Features
Page 44
...security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 ... Jetdirect EWS/FP EWS/FP N/A EWS/WJA EWS/FP/WJA EWS EWS/WJA EWS/WJA Data security - HP DesignJet Printers Security Settings 4. Encrypted communications IPSec Compatibility EWS EWS EWS/WJA SSL1.0 and SSL1.0 and TLS/SSL...EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security ...
...security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 ... Jetdirect EWS/FP EWS/FP N/A EWS/WJA EWS/FP/WJA EWS EWS/WJA EWS/WJA Data security - HP DesignJet Printers Security Settings 4. Encrypted communications IPSec Compatibility EWS EWS EWS/WJA SSL1.0 and SSL1.0 and TLS/SSL...EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security ...
Security Features
Page 46
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
Security Features
Page 49
... N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
... N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
... EWS Disable USB drive FP/EWS/WJA 50 Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info...
... EWS Disable USB drive FP/EWS/WJA 50 Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info...
Security Features
Page 54
...cannot be able to send scanned data to networks folders. This port can be accessed by HP Large Format devices for configuration and upgrading of the Jetdirect firmware. HP Web Jetadmin use SNMP to SMB destination). Rarely used for Kerberos authentication. Many SNMP Management... Yes [EWS] > Network > Security > Yes Yes Mgmt. If disabled, MFPs will always fail. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP, UDP 88 ...
...cannot be able to send scanned data to networks folders. This port can be accessed by HP Large Format devices for configuration and upgrading of the Jetdirect firmware. HP Web Jetadmin use SNMP to SMB destination). Rarely used for Kerberos authentication. Many SNMP Management... Yes [EWS] > Network > Security > Yes Yes Mgmt. If disabled, MFPs will always fail. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP, UDP 88 ...
Security Features
Page 58
... Please refer to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of MC DJA 1.0, and some extra ones. HP Web Jetadmin can be downloaded at the following operations (assuming they are supported on ... Since the introduction of HP PageWide XL printers, the list of devices. Web Jetadmin HP Web Jetadmin is periodically updated. The tool allows the user to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix...
... Please refer to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of MC DJA 1.0, and some extra ones. HP Web Jetadmin can be downloaded at the following operations (assuming they are supported on ... Since the introduction of HP PageWide XL printers, the list of devices. Web Jetadmin HP Web Jetadmin is periodically updated. The tool allows the user to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix...
Security Features
Page 59
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
Security Features
Page 60
....html Please refer to use the tool and supported features. Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP... Passphrase Encryption algorithms Account lockout Device Control I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled ...
....html Please refer to use the tool and supported features. Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP... Passphrase Encryption algorithms Account lockout Device Control I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled ...
Security Features
Page 61
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
Security Features
Page 74
... Security immediately configures the device to be able to access the printer using a safe, "golden copy" of the BIOS. FIRMWARE HP signed firmware packages Firmware packages are enabled. If a compromised version is a protocol to get the printer system started after it is turned on the... corporate security policy. Restricting the enabled protocols to only those that only legitimate firmware from reset without any intervention. The printer uses the public key of this protocol. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output...
... Security immediately configures the device to be able to access the printer using a safe, "golden copy" of the BIOS. FIRMWARE HP signed firmware packages Firmware packages are enabled. If a compromised version is a protocol to get the printer system started after it is turned on the... corporate security policy. Restricting the enabled protocols to only those that only legitimate firmware from reset without any intervention. The printer uses the public key of this protocol. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output...
Security Features
Page 75
... users or network administrators will allow configuration changes to monitor the security of new firmware versions and prepare them to a server. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non... a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. Hide IP address from unauthorized access. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. SECURITY EVENTS Logging and...
... users or network administrators will allow configuration changes to monitor the security of new firmware versions and prepare them to a server. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non... a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. Hide IP address from unauthorized access. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. SECURITY EVENTS Logging and...