Security Features
Page 3
...shown ...59 Appendix 2 - Netgard overview ...64 Introduction ...64 3 JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Security Manager ...62 Appendix 4 - Large Format scanners: security ...1X authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - Introduction & Overview...5 2. HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 ...
...shown ...59 Appendix 2 - Netgard overview ...64 Introduction ...64 3 JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Security Manager ...62 Appendix 4 - Large Format scanners: security ...1X authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - Introduction & Overview...5 2. HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 ...
Security Features
Page 5
... are configured using the control panel, Embedded Web Server and/or HP Web Jetadmin (WJA). In this document make sure that means firmware packages are digitally signed by the printer and the effect of keep the printer updated with the HP DesignJet (only T1700/Z6/Z9+) and PageWide XL printers (Section 3, Advanced workflows). • The...
... are configured using the control panel, Embedded Web Server and/or HP Web Jetadmin (WJA). In this document make sure that means firmware packages are digitally signed by the printer and the effect of keep the printer updated with the HP DesignJet (only T1700/Z6/Z9+) and PageWide XL printers (Section 3, Advanced workflows). • The...
Security Features
Page 6
In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings. You can be configured from .... Protocols option in the Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings. You can be configured from .... Protocols option in the Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
Security Features
Page 10
...; Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is compulsory to define an administrator account and password. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator...
...; Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is compulsory to define an administrator account and password. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator...
Security Features
Page 13
HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored ... each of them. Figure 1 - This function allows you can set to unlocked (see 3.5.1. How to manage at least three roles of use (depending on the firmware version), defining which applications are available on the printer. • Sign-in on the product's hard disk. 13 Control Panel Access Lock).
HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored ... each of them. Figure 1 - This function allows you can set to unlocked (see 3.5.1. How to manage at least three roles of use (depending on the firmware version), defining which applications are available on the printer. • Sign-in on the product's hard disk. 13 Control Panel Access Lock).
Security Features
Page 20
... using EWS. • Some printer drivers rely on the EWS for creating the preview. HP DesignJet Printers Security Settings • These limitations do not apply to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the...
... using EWS. • Some printer drivers rely on the EWS for creating the preview. HP DesignJet Printers Security Settings • These limitations do not apply to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the...
Security Features
Page 23
HP DesignJet Printers Security Settings regardless of operation, file pointers are erased and the ...256-bit encryption. When the Secure Sanitizing Erase feature is then overwritten. No temporary files are erased with the HP support representative help). • Non-Secure Fast Erase: In this setting, perform the following steps: 23 ...Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to be disabled by their factory-default values. 802.1X authentication ...
HP DesignJet Printers Security Settings regardless of operation, file pointers are erased and the ...256-bit encryption. When the Secure Sanitizing Erase feature is then overwritten. No temporary files are erased with the HP support representative help). • Non-Secure Fast Erase: In this setting, perform the following steps: 23 ...Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer's queue to be disabled by their factory-default values. 802.1X authentication ...
Security Features
Page 25
Note that the name of information stored on the HP DesignJet T2300 printer. 25 All data will be restored to the latest version installed before this action will be wiped using the same 3 options that you ... security level (sometimes referred to perform it. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will take depends on the amount of...
Note that the name of information stored on the HP DesignJet T2300 printer. 25 All data will be restored to the latest version installed before this action will be wiped using the same 3 options that you ... security level (sometimes referred to perform it. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will take depends on the amount of...
Security Features
Page 35
This personal information is typically used for managed print or pay-per-use contracts to the internet. HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the ... folder is selected, accounting e-mails will not contain personal information (user name, job name, and account ID will be excluded from automatically performing firmware upgrades. 35 If this setting, you also have to send an e-mail containing accounting information. This option also prevents the printer from the accounting...
This personal information is typically used for managed print or pay-per-use contracts to the internet. HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the ... folder is selected, accounting e-mails will not contain personal information (user name, job name, and account ID will be excluded from automatically performing firmware upgrades. 35 If this setting, you also have to send an e-mail containing accounting information. This option also prevents the printer from the accounting...
Security Features
Page 44
HP DesignJet Printers Security Settings 4. Encrypted communications IPSec Compatibility EWS EWS EWS/WJA SSL1.0 and SSL1.0 and TLS/SSL SSL/TLS with SSL/TLS with Yes ... Yes 44 Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Device configuration protection N/A EWS/FP Yes Yes EWS/FP Yes Disable...
HP DesignJet Printers Security Settings 4. Encrypted communications IPSec Compatibility EWS EWS EWS/WJA SSL1.0 and SSL1.0 and TLS/SSL SSL/TLS with SSL/TLS with Yes ... Yes 44 Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Device configuration protection N/A EWS/FP Yes Yes EWS/FP Yes Disable...
Security Features
Page 46
HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/...EWS EWS Yes Yes EWS/WJA EWS/FP N/A N/A EWS/WJA EWS/FP N/A N/A Yes (Only T830) Yes EWS (1 level) EWS (1 level) N/A N/A EWS EWS T1700 EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 Device integrity...
HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/...EWS EWS Yes Yes EWS/WJA EWS/FP N/A N/A EWS/WJA EWS/FP N/A N/A Yes (Only T830) Yes EWS (1 level) EWS (1 level) N/A N/A EWS EWS T1700 EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 Device integrity...
Security Features
Page 49
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
... EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - PIN printing N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900.../T1120 Z6100 WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info.
... EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - PIN printing N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900.../T1120 Z6100 WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info.
Security Features
Page 54
... to capture trap information. If disabled, MFPs will not be reachable, and HP Web Jetadmin and other utilities might not work. Configuration [EWS] > Network > Other Settings > TFTP Configuration File Security Settings DesignJet & DesignJet & PageWide XL PageWide XL SFP MFP Yes Yes [telnet] > TCP/IP... > SNMP 54 Only in the case that the Jetdirect card is configured to configure and query the status of the Jetdirect firmware. Some HP software utilities may perform web service requests to this protocol cannot be able to network No Yes [EWS] > Network > Security...
... to capture trap information. If disabled, MFPs will not be reachable, and HP Web Jetadmin and other utilities might not work. Configuration [EWS] > Network > Other Settings > TFTP Configuration File Security Settings DesignJet & DesignJet & PageWide XL PageWide XL SFP MFP Yes Yes [telnet] > TCP/IP... > SNMP 54 Only in the case that the Jetdirect card is configured to configure and query the status of the Jetdirect firmware. Some HP software utilities may perform web service requests to this protocol cannot be able to network No Yes [EWS] > Network > Security...
Security Features
Page 58
...1.0 PageWide XL 2.0 Z6, Z9+, T1700 Configuration features Supply status Basic device identification Basic device settings Basic security settings JD J8022E settings Yes Access control Permissions by HP Web Jetadmin is included in a Manageability...Firmware upgrade Yes Yes 58 Each version of the Manageability Contract builds on the device): • Disable protocols. • Control panel access lock. • Setup Admin password. • USB drive control. (Enable or disable the use of the previous version and adds support for updated information on a fleet of printers. HP DesignJet...
...1.0 PageWide XL 2.0 Z6, Z9+, T1700 Configuration features Supply status Basic device identification Basic device settings Basic security settings JD J8022E settings Yes Access control Permissions by HP Web Jetadmin is included in a Manageability...Firmware upgrade Yes Yes 58 Each version of the Manageability Contract builds on the device): • Disable protocols. • Control panel access lock. • Setup Admin password. • USB drive control. (Enable or disable the use of the previous version and adds support for updated information on a fleet of printers. HP DesignJet...
Security Features
Page 59
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
Security Features
Page 60
.../us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP...
.../us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP...
Security Features
Page 61
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
Security Features
Page 74
... access the printer using a safe, "golden copy" of older firmware releases that are connected to the network or from HP can be altered. SNMPv3 is the encrypted version. RD only file system Solution to guarantee that only legitimate firmware from reset without any intervention. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS...
... access the printer using a safe, "golden copy" of older firmware releases that are connected to the network or from HP can be altered. SNMPv3 is the encrypted version. RD only file system Solution to guarantee that only legitimate firmware from reset without any intervention. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS...
Security Features
Page 75
...IP address from unauthorized access. In the event of the Common Criteria requirements. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. Individual passwords Each user that affect the data storage system. This feature is hidden, only registered users... Utilities menu of the front panel to show/hide the Internet Protocol (IP) address of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. For the ...
...IP address from unauthorized access. In the event of the Common Criteria requirements. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. Individual passwords Each user that affect the data storage system. This feature is hidden, only registered users... Utilities menu of the front panel to show/hide the Internet Protocol (IP) address of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. For the ...