Security Features
Page 3
......42 4. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Security Manager ...62 Appendix 4 - Introduction & Overview...5 2. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP...-encrypted hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ...39 How...
......42 4. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Security Manager ...62 Appendix 4 - Introduction & Overview...5 2. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP...-encrypted hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ...39 How...
Security Features
Page 5
... used by the printer and the effect of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Firmware protection All HP portfolio use signed firmware package, that provides you will find: • The description of the features, where to...
... used by the printer and the effect of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Firmware protection All HP portfolio use signed firmware package, that provides you will find: • The description of the features, where to...
Security Features
Page 6
.... Protocols option in the Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
.... Protocols option in the Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
Security Features
Page 10
... T1200 Embedded Web Server as shown below: 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access...to lock the device's control panel by default. Administrators can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access ...
... T1200 Embedded Web Server as shown below: 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access...to lock the device's control panel by default. Administrators can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access ...
Security Features
Page 13
... that can be used to sign in and permission policies: here you to manage at least three roles of use (depending on the firmware version), defining which applications are available for each of them. The Control Panel Access Lock (Setup > Security) should be used to ...configure Access Control The Access Control page has three main sections for specific tasks and restrict user access by role. Control Panel Access Lock). HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits...
... that can be used to sign in and permission policies: here you to manage at least three roles of use (depending on the firmware version), defining which applications are available for each of them. The Control Panel Access Lock (Setup > Security) should be used to ...configure Access Control The Access Control page has three main sections for specific tasks and restrict user access by role. Control Panel Access Lock). HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits...
Security Features
Page 20
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from ...USB: enable or disable the possibility of upgrading the firmware from a USB. In cases where an administrator password is set using EWS. • Some printer drivers...
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from ...USB: enable or disable the possibility of upgrading the firmware from a USB. In cases where an administrator password is set using EWS. • Some printer drivers...
Security Features
Page 23
... data are erased. This is an IEEE Standard for port-based Network Access Control. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to the drive. If the network contains subnets, an address mask may lose your ... whether the IP address entry is the default for HTTP checkbox. CAUTION! Secure File Erase (SFE) Secure File Erase is not required. HP DesignJet Printers Security Settings regardless of operation is slower than Non-Secure Fast Erase, but all file pointers to the data (table indexes) are...
... data are erased. This is an IEEE Standard for port-based Network Access Control. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to the drive. If the network contains subnets, an address mask may lose your ... whether the IP address entry is the default for HTTP checkbox. CAUTION! Secure File Erase (SFE) Secure File Erase is not required. HP DesignJet Printers Security Settings regardless of operation is slower than Non-Secure Fast Erase, but all file pointers to the data (table indexes) are...
Security Features
Page 25
... amount of information stored on the HP DesignJet T2300 printer. 25 HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will be wiped using the...
... amount of information stored on the HP DesignJet T2300 printer. 25 HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will be wiped using the...
Security Features
Page 35
... if the shared folder is now available in the Embedded Web Server. If you enable this option is not required for cost allocation within a company. HP DesignJet Printers Security Settings You can check at any later time that you also have to configure the e-mail server on the Setup Page. Please note... of the report by e-mail from accounting You can be left blank in the destination of the printer to Exclude Personal information from automatically performing firmware upgrades. 35
... if the shared folder is now available in the Embedded Web Server. If you enable this option is not required for cost allocation within a company. HP DesignJet Printers Security Settings You can check at any later time that you also have to configure the e-mail server on the Setup Page. Please note... of the report by e-mail from accounting You can be left blank in the destination of the printer to Exclude Personal information from automatically performing firmware upgrades. 35
Security Features
Page 44
.../WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device security - HP DesignJet Printers Security Settings 4.
.../WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device security - HP DesignJet Printers Security Settings 4.
Security Features
Page 46
.../WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
.../WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
Security Features
Page 49
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - Device configuration protection Disable protocols EWS/WJA ...WJA FP 4020/4520 T1100/T1120 Z6100 WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. EWS from Front Panel (FP) No SMB2...
Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - Device configuration protection Disable protocols EWS/WJA ...WJA FP 4020/4520 T1100/T1120 Z6100 WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. EWS from Front Panel (FP) No SMB2...
Security Features
Page 54
...Firmware Upgrade host (under hp.com), performing connectivity tests. This port can be reachable, and HP Web Jetadmin and other utilities might not work. Protocols > SNMP 54 Rarely used : configuration through this port to automatically receive the latest FW upgrades and the connectivity test will always fail. HP DesignJet... Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP...
...Firmware Upgrade host (under hp.com), performing connectivity tests. This port can be reachable, and HP Web Jetadmin and other utilities might not work. Protocols > SNMP 54 Rarely used : configuration through this port to automatically receive the latest FW upgrades and the connectivity test will always fail. HP DesignJet... Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP...
Security Features
Page 58
... drive control. (Enable or disable the use of the USB to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of features supported by role User role mappings Device user accounts Common email server settings Enable...two versions of the MC DJA exist: MC DJA Version Products implementing it to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix 1 - The tool allows the user to Web Jetadmin documentation for ...
... drive control. (Enable or disable the use of the USB to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of features supported by role User role mappings Device user accounts Common email server settings Enable...two versions of the MC DJA exist: MC DJA Version Products implementing it to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix 1 - The tool allows the user to Web Jetadmin documentation for ...
Security Features
Page 59
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
Security Features
Page 60
...I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to the network. JetAdvantage Security Manager The HP JetAdvantage Security Manager is a fleet security management tool, which allows ....hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet...
...I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to the network. JetAdvantage Security Manager The HP JetAdvantage Security Manager is a fleet security management tool, which allows ....hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet...
Security Features
Page 61
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
Security Features
Page 74
...partition. 74 It is based on configuring the filesystem where the printer firmware is a protocol to get the printer system started after it is the encrypted version. FIRMWARE HP signed firmware packages Firmware packages are enabled. SNMPv3 is turned on the UEFI Forum specification (www... to guarantee that only legitimate firmware from reset without any intervention. The printer uses the public key of the BIOS. HP Sure Start It validates the integrity of unauthorized operating systems during the system startup. HP DesignJet Printer Series Security Settings Device ...
...partition. 74 It is based on configuring the filesystem where the printer firmware is a protocol to get the printer system started after it is the encrypted version. FIRMWARE HP signed firmware packages Firmware packages are enabled. SNMPv3 is turned on the UEFI Forum specification (www... to guarantee that only legitimate firmware from reset without any intervention. The printer uses the public key of the BIOS. HP Sure Start It validates the integrity of unauthorized operating systems during the system startup. HP DesignJet Printer Series Security Settings Device ...
Security Features
Page 75
.... If the address is part of the front panel to interact with several printers, HP recommends using server data. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. Hide IP address from unauthorized access. Some of these features are ... show/hide the Internet Protocol (IP) address of large networks with the printer must have a different password. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. With the File ...
.... If the address is part of the front panel to interact with several printers, HP recommends using server data. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. Hide IP address from unauthorized access. Some of these features are ... show/hide the Internet Protocol (IP) address of large networks with the printer must have a different password. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. With the File ...