Security Features
Page 3
... ...36 Job storage and PIN printing...36 ePrint center connection ...36 3. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Advanced workflows...38 3.1 Printing using LPR protocol...38 How to use...to use FTP in Windows...39 How to use PJLs...42 4. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates...
... ...36 Job storage and PIN printing...36 ePrint center connection ...36 3. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Advanced workflows...38 3.1 Printing using LPR protocol...38 How to use...to use FTP in Windows...39 How to use PJLs...42 4. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates...
Security Features
Page 5
...loading of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by HP. Non-configurable feature. The firmware can be used by the HP Code Signing group. The security features described in ...scanners: security features summary). • The list of ports used with the HP server, checks if there is not listed in HP printers). HP DesignJet Printers Security Settings 1. Firmware protection All HP portfolio use signed firmware package, that provides you will find: • The description of the ...
...loading of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by HP. Non-configurable feature. The firmware can be used by the HP Code Signing group. The security features described in ...scanners: security features summary). • The list of ports used with the HP server, checks if there is not listed in HP printers). HP DesignJet Printers Security Settings 1. Firmware protection All HP portfolio use signed firmware package, that provides you will find: • The description of the ...
Security Features
Page 6
HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.7, USB drive control) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you do not plan to use to ...disable all protocols that you might prevent users from sending files via ftp or connecting through the Mgmt. In the HP DesignJet T830 ...
HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.7, USB drive control) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you do not plan to use to ...disable all protocols that you might prevent users from sending files via ftp or connecting through the Mgmt. In the HP DesignJet T830 ...
Security Features
Page 10
...Embedded Web Server as shown below: This option can also be enabled from the HP Web Jetadmin as shown below: 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection •... Web Server admin password, you also restrict access to define an administrator account and password. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock the device's control panel by default.
...Embedded Web Server as shown below: This option can also be enabled from the HP Web Jetadmin as shown below: 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection •... Web Server admin password, you also restrict access to define an administrator account and password. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock the device's control panel by default.
Security Features
Page 13
...in methods This section shows the enabled sign-in methods that can set to manage at least three roles of use (depending on the firmware version), defining which applications are stored on the product's hard disk. 13 Currently, the only available sign-in the subsection called Access Control...be set up the sign-in on the printer. • Sign-in and permission policies: here you to unlocked (see 3.5.1. Figure 1 - HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is placed in the Setup tab, in method is Local device, local accounts that have access...
...in methods This section shows the enabled sign-in methods that can set to manage at least three roles of use (depending on the firmware version), defining which applications are stored on the product's hard disk. 13 Currently, the only available sign-in the subsection called Access Control...be set up the sign-in on the printer. • Sign-in and permission policies: here you to unlocked (see 3.5.1. Figure 1 - HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is placed in the Setup tab, in method is Local device, local accounts that have access...
Security Features
Page 20
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the firmware from a USB. In...
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to access job preview. USB drive control All printers allow you to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the firmware from a USB. In...
Security Features
Page 23
... where the temporary job was stored is the default for port-based Network Access Control. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the list, or access through HTTP is written to communicate with a fixed character pattern. This mode of...job was stored is not required. To configure this mode, all temporary files that want to store jobs in the Secure Files Erase feature. HP DesignJet Printers Security Settings regardless of jobs to be changed via Web Jetadmin, EWS and control panel (via a cross-over cable. This allows ...
... where the temporary job was stored is the default for port-based Network Access Control. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the list, or access through HTTP is written to communicate with a fixed character pattern. This mode of...job was stored is not required. To configure this mode, all temporary files that want to store jobs in the Secure Files Erase feature. HP DesignJet Printers Security Settings regardless of jobs to be changed via Web Jetadmin, EWS and control panel (via a cross-over cable. This allows ...
Security Features
Page 25
... The average time is: Insecure Mode: 1 minute 1-pass mode: 2 days 5-pass mode: 2 weeks The following screens show how to perform it. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that the three...to the latest version installed before this action will take depends on the amount of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The printer will then warn you accept, ...
... The average time is: Insecure Mode: 1 minute 1-pass mode: 2 days 5-pass mode: 2 weeks The following screens show how to perform it. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that the three...to the latest version installed before this action will take depends on the amount of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The printer will then warn you accept, ...
Security Features
Page 35
HP DesignJet Printers Security Settings You can check at any later time that you also need to fill in the destination of the printer to the internet. ... billing purposes, and can be left blank in the Embedded Web Server. If this setting, you also have to Exclude Personal information from automatically performing firmware upgrades. 35 This personal information is moved or deleted.
HP DesignJet Printers Security Settings You can check at any later time that you also need to fill in the destination of the printer to the internet. ... billing purposes, and can be left blank in the Embedded Web Server. If this setting, you also have to Exclude Personal information from automatically performing firmware upgrades. 35 This personal information is moved or deleted.
Security Features
Page 44
... EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - HP DesignJet Printers Security Settings 4. Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps...
... EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - HP DesignJet Printers Security Settings 4. Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps...
Security Features
Page 46
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
Security Features
Page 49
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device configuration protection Disable protocols EWS/WJA ... WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - EWS from Front Panel (FP) No SMB2/3 Yes EWS multilevel Yes (one level) Printer...
HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device configuration protection Disable protocols EWS/WJA ... WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - EWS from Front Panel (FP) No SMB2/3 Yes EWS multilevel Yes (one level) Printer...
Security Features
Page 54
...folder (to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. If disabled, MFPs will not be accessed by HP Large Format devices for configuration and upgrading of the Jetdirect firmware. Many SNMP Management utilities can be reachable, and HP Web Jetadmin and other ...the latest FW upgrades and the connectivity test will not be configured to capture traps. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos...
...folder (to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. If disabled, MFPs will not be accessed by HP Large Format devices for configuration and upgrading of the Jetdirect firmware. Many SNMP Management utilities can be reachable, and HP Web Jetadmin and other ...the latest FW upgrades and the connectivity test will not be configured to capture traps. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos...
Security Features
Page 58
... previous version and adds support for updated information on the features of devices. For instance, HP Web Jetadmin can be used to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix 1 - Currently, two versions of the MC DJA exist: MC DJA...
... previous version and adds support for updated information on the features of devices. For instance, HP Web Jetadmin can be used to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 HP DesignJet Printer Series Security Settings Appendix 1 - Currently, two versions of the MC DJA exist: MC DJA...
Security Features
Page 59
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
Security Features
Page 60
...policies. HP DesignJet Printer Series Security Settings Appendix 2 - This tool can be downloaded at the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External...secure new devices as soon as they are added to use the tool and supported features. Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP-TLS Certificate Management Identity Certificate...
...policies. HP DesignJet Printer Series Security Settings Appendix 2 - This tool can be downloaded at the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External...secure new devices as soon as they are added to use the tool and supported features. Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP-TLS Certificate Management Identity Certificate...
Security Features
Page 61
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
Security Features
Page 74
... a read only partition. 74 HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. Only forward firmware security upgrades Behavior of the firmware that prevents installation of older firmware releases that only legitimate firmware from reset without any intervention.
... a read only partition. 74 HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. Only forward firmware security upgrades Behavior of the firmware that prevents installation of older firmware releases that only legitimate firmware from reset without any intervention.
Security Features
Page 75
...System to be executed FRONT PANEL Front Panel access lock This feature allows the printer administrator to a server. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. Whitelisting Feature ... no malicious code can be installed. For the administration of the front panel to upgrade the printer or multi-function printer firmware. Hide IP address from unauthorized access. PASSWORDS File system password The File system password feature helps protect the printer's data...
...System to be executed FRONT PANEL Front Panel access lock This feature allows the printer administrator to a server. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users. Whitelisting Feature ... no malicious code can be installed. For the administration of the front panel to upgrade the printer or multi-function printer firmware. Hide IP address from unauthorized access. PASSWORDS File system password The File system password feature helps protect the printer's data...