Security Features
Page 3
...hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ... ...64 3 Introduction & Overview...5 2. Large Format printers: security features summary 44 5. HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8...
...hard disk ...23 Secure File Erase (SFE) ...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to FTP folder ...33 Exclude personal info from DOS command ... ...64 3 Introduction & Overview...5 2. Large Format printers: security features summary 44 5. HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8...
Security Features
Page 5
...: security features summary). • The list of ports used by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Please make the HP DesignJet and PageWide XL printer series particularly well suited for deployment in HP printers). The security features described in this document, you the...
...: security features summary). • The list of ports used by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Please make the HP DesignJet and PageWide XL printer series particularly well suited for deployment in HP printers). The security features described in this document, you the...
Security Features
Page 6
...might want to disable all protocols that you might prevent users from the Network > Advanced Settings menu. 6 In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings....Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) •...
...might want to disable all protocols that you might prevent users from the Network > Advanced Settings menu. 6 In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings....Embedded Web Server, or the Network Enable Features in Web Jetadmin. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) •...
Security Features
Page 10
... modes of control access "Control Panel Access Lock" and "Access Control", depending on the model. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to define an administrator account and password. To use these ...the HP Web Jetadmin or the printer's Embedded Web Server (depending on the control panel. In some features on the printer model). Administrators can specify the level of the device. Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades...
... modes of control access "Control Panel Access Lock" and "Access Control", depending on the model. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to define an administrator account and password. To use these ...the HP Web Jetadmin or the printer's Embedded Web Server (depending on the control panel. In some features on the printer model). Administrators can specify the level of the device. Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades...
Security Features
Page 13
...-in methods that can be used to sign in on the device. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored on the firmware version), defining which applications are available on the printer. • Sign...
...-in methods that can be used to sign in on the device. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that have access codes between 4 and 8 digits long and are stored on the firmware version), defining which applications are available on the printer. • Sign...
Security Features
Page 20
...to control the USB use of upgrading the firmware from a USB. These features are available in two ways: • USB drive: enable or disable the use , in the control panel, the Embedded Web Server and Web Jetadmin. 20 HP DesignJet Printers Security Settings • These limitations ...do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to print or scan. • Firmware upgrade from USB: enable or disable...
...to control the USB use of upgrading the firmware from a USB. These features are available in two ways: • USB drive: enable or disable the use , in the control panel, the Embedded Web Server and Web Jetadmin. 20 HP DesignJet Printers Security Settings • These limitations ...do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to print or scan. • Firmware upgrade from USB: enable or disable...
Security Features
Page 23
... time data is sent to the drive. CAUTION! You may need to connection. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the Secure Files Erase feature. To configure this method. The supported 802.1X authentication protocols and associated ...printer and is the default for clearing and sanitization of ACL entries. If these ports do not want to connect to the network. HP DesignJet Printers Security Settings regardless of disk media. However, unfiltered access by HTTP hosts may be stored in the printer's queue to communicate ...
... time data is sent to the drive. CAUTION! You may need to connection. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the Secure Files Erase feature. To configure this method. The supported 802.1X authentication protocols and associated ...printer and is the default for clearing and sanitization of ACL entries. If these ports do not want to connect to the network. HP DesignJet Printers Security Settings regardless of disk media. However, unfiltered access by HTTP hosts may be stored in the printer's queue to communicate ...
Security Features
Page 25
...restored to perform it. The printer will then warn you accept, the printer will begin the process, and will display a progress bar until complete. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is : Insecure Mode: 1 minute 1-pass mode: 2... representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will take depends on the amount of information stored on the HP DesignJet T2300 printer. 25 The time that you must first select the security level (sometimes referred to as ...
...restored to perform it. The printer will then warn you accept, the printer will begin the process, and will display a progress bar until complete. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is : Insecure Mode: 1 minute 1-pass mode: 2... representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will take depends on the amount of information stored on the HP DesignJet T2300 printer. 25 The time that you must first select the security level (sometimes referred to as ...
Security Features
Page 35
... internet. Disable internet connection Disable the direct connection of the report by e-mail from the printer). Exclude personal info from automatically performing firmware upgrades. 35 In some cases, customers prefer not to send personal data from the printers via e-mail, and so the option to...on the Setup Page. This personal information is not required for billing purposes, and can be left blank in the Embedded Web server. HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the ...
... internet. Disable internet connection Disable the direct connection of the report by e-mail from the printer). Exclude personal info from automatically performing firmware upgrades. 35 In some cases, customers prefer not to send personal data from the printers via e-mail, and so the option to...on the Setup Page. This personal information is not required for billing purposes, and can be left blank in the Embedded Web server. HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the ...
Security Features
Page 44
...: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device ... Jetdirect EWS/WJA EWS/WJA 802.1X Authentication Only with JD640 Only with JD640 Yes 44 HP DesignJet Printers Security Settings 4. Authentication Only with JD640 Only with JD640 Only with JD640 Only with JD640... + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security -
...: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device ... Jetdirect EWS/WJA EWS/WJA 802.1X Authentication Only with JD640 Only with JD640 Yes 44 HP DesignJet Printers Security Settings 4. Authentication Only with JD640 Only with JD640 Only with JD640 Only with JD640... + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security -
Security Features
Page 46
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
... EWS/FP Yes Yes EWS/FP Yes EWS/WJA EWS/FP/WJA EWS/WJA FP N/A EWS/FP/WJA EWS/FP/WJA EWS 46 HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability... EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable protocols Disable interfaces Control panel lock Hide IP from ...
Security Features
Page 49
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
.../WJA EWS/WJA EWS N/A EWS N/A EWS N/A N/A N/A N/A N/A N/A N/A EWS EWS + EWS + EWS + Jetdirect Jetdirect Jetdirect Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
... (FP) No SMB2/3 Yes EWS multilevel Yes (one level) Printer access control EWS Disable USB drive FP/EWS/WJA 50 HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device configuration protection Disable protocols...WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security -
... (FP) No SMB2/3 Yes EWS multilevel Yes (one level) Printer access control EWS Disable USB drive FP/EWS/WJA 50 HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device configuration protection Disable protocols...WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security -
Security Features
Page 54
... always fail. Rarely used. HP Web Jetadmin use SNMP to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. If disabled, the printer EWS would not be used. This port can be used when the network is used: configuration through this port to retrieve device status information. HP DesignJet Printer Series Protocol/Function...
... always fail. Rarely used. HP Web Jetadmin use SNMP to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. If disabled, the printer EWS would not be used. This port can be used when the network is used: configuration through this port to retrieve device status information. HP DesignJet Printer Series Protocol/Function...
Security Features
Page 58
... server settings Enable Scan to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 This includes device configuration, alerts subscription, and printer status information. For instance, HP Web Jetadmin can be used to Web Jetadmin ...settings Basic security settings JD J8022E settings Yes Access control Permissions by HP Web Jetadmin is periodically updated. The tool allows the user to a list of MC DJA 1.0, and some extra ones. HP DesignJet Printer Series Security Settings Appendix 1 - Currently, two versions of ...
... server settings Enable Scan to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 This includes device configuration, alerts subscription, and printer status information. For instance, HP Web Jetadmin can be used to Web Jetadmin ...settings Basic security settings JD J8022E settings Yes Access control Permissions by HP Web Jetadmin is periodically updated. The tool allows the user to a list of MC DJA 1.0, and some extra ones. HP DesignJet Printer Series Security Settings Appendix 1 - Currently, two versions of ...
Security Features
Page 59
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
Security Features
Page 60
... I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet Printer Series Security Settings Appendix 2 - JetAdvantage Security Manager The...
... I/O Timeout Control Panel CP Lock Device Security Checks Check for Latest Firmware Check for updated information on how to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet Printer Series Security Settings Appendix 2 - JetAdvantage Security Manager The...
Security Features
Page 61
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS ... WINS Port WINS Registration Access Control Allow Web Access Access control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2 TLS 1.1 TLS 1.0 SSL 3.0 - Insecure Protocol Embedded Web...
Security Features
Page 74
HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. Restricting the enabled protocols to only those that are connected to verify the signature before installing the new firmware, thus ensuring that the firmware...encrypted version. HP Sure Start It validates the integrity of this protocol. SNMPv3 is turned on. FIRMWARE HP signed firmware packages Firmware packages are enabled. Based on configuring the filesystem where the printer firmware is a ...
HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to get and configure printer information. Restricting the enabled protocols to only those that are connected to verify the signature before installing the new firmware, thus ensuring that the firmware...encrypted version. HP Sure Start It validates the integrity of this protocol. SNMPv3 is turned on. FIRMWARE HP signed firmware packages Firmware packages are enabled. Based on configuring the filesystem where the printer firmware is a ...
Security Features
Page 75
...wants to features that affect the data storage system. In the event of these features are available for availability of new firmware versions and prepare them to a server. Some of an intrusion, the device provides information on the intrusion and automatically ...of your printer. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for...
...wants to features that affect the data storage system. In the event of these features are available for availability of new firmware versions and prepare them to a server. Some of an intrusion, the device provides information on the intrusion and automatically ...of your printer. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for...