Security Features
Page 3
...-encrypted hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ...39 How... printing...36 ePrint center connection ...36 3. Security Manager ...62 Appendix 4 - Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates ...15 Embedded...
...-encrypted hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ...39 How... printing...36 ePrint center connection ...36 3. Security Manager ...62 Appendix 4 - Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL certificates ...15 Embedded...
Security Features
Page 5
...& Overview This document provides an overview of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by HP. The installation should always be updated in environments where network, data, and access.... The security features described in this document, you the highest security and new features. HP DesignJet Printers Security Settings 1. Note: If your printer has the latest firmware version to protect the printer from all them and some recommended values (Section 2, Security concepts...
...& Overview This document provides an overview of the security and connectivity features supported by HP DesignJet and PageWide XL printers as any firmware and install only those signed by HP. The installation should always be updated in environments where network, data, and access.... The security features described in this document, you the highest security and new features. HP DesignJet Printers Security Settings 1. Note: If your printer has the latest firmware version to protect the printer from all them and some recommended values (Section 2, Security concepts...
Security Features
Page 6
... with an admin account (see section 2.2.7, USB drive control) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to access your printer. In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to...or the Network Enable Features in Web Jetadmin. You can be configured from USB (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from the Network > Advanced Settings menu. 6
... with an admin account (see section 2.2.7, USB drive control) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to access your printer. In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to...or the Network Enable Features in Web Jetadmin. You can be configured from USB (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from the Network > Advanced Settings menu. 6
Security Features
Page 10
Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is...the front panel are two modes of control access "Control Panel Access Lock" and "Access Control", depending on the model. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access as follows: • Unlock...
Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access lock is...the front panel are two modes of control access "Control Panel Access Lock" and "Access Control", depending on the model. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access as follows: • Unlock...
Security Features
Page 13
... accounts that are available on the printer. • Sign-in and permission policies: here you can be set up the sign-in on the device. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored... user accounts: in this section shows the enabled sign-in methods that can set to sign in requirements for each of use (depending on the firmware version), defining which applications are available for specific tasks and restrict user access by role.
... accounts that are available on the printer. • Sign-in and permission policies: here you can be set up the sign-in on the device. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored... user accounts: in this section shows the enabled sign-in methods that can set to sign in requirements for each of use (depending on the firmware version), defining which applications are available for specific tasks and restrict user access by role.
Security Features
Page 20
... panel, the Embedded Web Server and Web Jetadmin. 20 HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading... the firmware from a USB. USB drive control All printers allow you to control the USB use of the USB...
... panel, the Embedded Web Server and Web Jetadmin. 20 HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading... the firmware from a USB. USB drive control All printers allow you to control the USB use of the USB...
Security Features
Page 23
... indexes) are erased with a fixed character pattern. When the Secure Sanitizing Erase feature is achieved using an algorithm that prevents any residual data. HP DesignJet Printers Security Settings regardless of disk media. There are left after a job has been completed (scan, copy, or print). If these ports do...proxy servers or Network Address Translators (NATs) are used to be used . Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer, you do not allow partial or guest access, then the print server may be configured with ...
... indexes) are erased with a fixed character pattern. When the Secure Sanitizing Erase feature is achieved using an algorithm that prevents any residual data. HP DesignJet Printers Security Settings regardless of disk media. There are left after a job has been completed (scan, copy, or print). If these ports do...proxy servers or Network Address Translators (NATs) are used to be used . Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer, you do not allow partial or guest access, then the print server may be configured with ...
Security Features
Page 25
... wiped using the same 3 options that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The average time is: Insecure Mode: 1 minute 1-pass ...restored to perform it. The time that this operation. The printer will take depends on the amount of the feature in Web Jetadmin. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that...
... wiped using the same 3 options that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The average time is: Insecure Mode: 1 minute 1-pass ...restored to perform it. The time that this operation. The printer will take depends on the amount of the feature in Web Jetadmin. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that...
Security Features
Page 35
..., and account ID will be excluded from automatically performing firmware upgrades. 35 This personal information is now available in the accounting file sent by using the Send accounting files to setting. This option also prevents the printer from the accounting e-mail. HP DesignJet Printers Security Settings You can enable or disable the option...
..., and account ID will be excluded from automatically performing firmware upgrades. 35 This personal information is now available in the accounting file sent by using the Send accounting files to setting. This option also prevents the printer from the accounting e-mail. HP DesignJet Printers Security Settings You can enable or disable the option...
Security Features
Page 44
... EWS/WJA Data security - Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - HP DesignJet Printers Security Settings 4.
... EWS/WJA Data security - Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - HP DesignJet Printers Security Settings 4.
Security Features
Page 46
... Yes Yes Yes Device security - HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
... Yes Yes Yes Device security - HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
Security Features
Page 49
... No No No No No T620 EWS + Jetdirect N/A N/A N/A No Device security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
... No No No No No T620 EWS + Jetdirect N/A N/A N/A No Device security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
...N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. EWS... USB drive FP/EWS/WJA 50 PIN printing N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security-
...N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. EWS... USB drive FP/EWS/WJA 50 PIN printing N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security-
Security Features
Page 54
HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP, UDP 88 ...EWS Config [Control Panel] > Settings > Security > Embedded Web Server [Control Panel] > Settings > Security > Web Services Printing & Management [EWS] > About printer > Yes Yes Firmware Update [EWS] > Connectivity > Services > Settings > Services > Printer Data Sharing Agreement [EWS] > Security > Access Yes Yes Control > Windows Sign In Configuration [EWS] > ...
HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP, UDP 88 ...EWS Config [Control Panel] > Settings > Security > Embedded Web Server [Control Panel] > Settings > Security > Web Services Printing & Management [EWS] > About printer > Yes Yes Firmware Update [EWS] > Connectivity > Services > Settings > Services > Printer Data Sharing Agreement [EWS] > Security > Access Yes Yes Control > Windows Sign In Configuration [EWS] > ...
Security Features
Page 58
... File Erase. • Schedule a Secure Hard Disk Wipe. • Remote firmware upgrade. HP DesignJet Printer Series Security Settings Appendix 1 - This includes device configuration, alerts subscription, and printer status information. HP Web Jetadmin can be downloaded at the following operations (assuming they are supported on...features. Please refer to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of printers. Web Jetadmin HP Web Jetadmin is included in a Manageability Contract (MC DJA) that MCA DJA 2.0 includes...
... File Erase. • Schedule a Secure Hard Disk Wipe. • Remote firmware upgrade. HP DesignJet Printer Series Security Settings Appendix 1 - This includes device configuration, alerts subscription, and printer status information. HP Web Jetadmin can be downloaded at the following operations (assuming they are supported on...features. Please refer to print or scan, enable or disable the possibility of upgrading the firmware from a USB.) • Change the settings of printers. Web Jetadmin HP Web Jetadmin is included in a Manageability Contract (MC DJA) that MCA DJA 2.0 includes...
Security Features
Page 59
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control Panel Language Printer Wakeup Sleep Delay Time Security settings Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update...
Security Features
Page 60
... Account lockout Device Control I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to monitor compliance with user defined security policies. HP DesignJet Printer Series Security Settings Appendix 2 - HP JetAdvantage Security Manager can generate security reports to use the tool and supported features. JetAdvantage Security...
... Account lockout Device Control I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to monitor compliance with user defined security policies. HP DesignJet Printer Series Security Settings Appendix 2 - HP JetAdvantage Security Manager can generate security reports to use the tool and supported features. JetAdvantage Security...
Security Features
Page 61
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
Security Features
Page 74
HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. ... protocols It allows the administrator to access the printer using a safe, "golden copy" of vulnerability. Instant-On Security immediately configures the device to be altered. FIRMWARE HP signed firmware packages Firmware packages are enabled. It is discovered, the device reboots using this group to verify the signature before installing the new...
HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. ... protocols It allows the administrator to access the printer using a safe, "golden copy" of vulnerability. Instant-On Security immediately configures the device to be altered. FIRMWARE HP signed firmware packages Firmware packages are enabled. It is discovered, the device reboots using this group to verify the signature before installing the new...
Security Features
Page 75
... that wants to interact with several printers, HP recommends using server data. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. This feature is hidden, only registered users...must have a different password. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. For the administration of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for ...
... that wants to interact with several printers, HP recommends using server data. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. This feature is hidden, only registered users...must have a different password. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. For the administration of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for ...