Security Features
Page 3
...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to use PJLs...42 4. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Introduction & Overview...5...authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - Only additions are shown ...59 Appendix 2 - HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...
...23 Secure Disk Erase (SDE)...24 Scan to network (HP DesignJet T2500, T2530, T3500 eMFP Series 26 Scan to use PJLs...42 4. JetAdvantage Security Manager...60 Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series 60 Appendix 3 - Introduction & Overview...5...authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - Only additions are shown ...59 Appendix 2 - HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...
Security Features
Page 5
... 2.1 Device security UEFI secure boot It prevents the loading of October 2018. Firmware protection All HP portfolio use signed firmware package, that can be updated in various ways, although not all them blocked (Section 5, Ports used with the HP DesignJet (only T1700/Z6/Z9+) and PageWide XL printers (Section 3, Advanced workflows). • The tables summarizing the...
... 2.1 Device security UEFI secure boot It prevents the loading of October 2018. Firmware protection All HP portfolio use signed firmware package, that can be updated in various ways, although not all them blocked (Section 5, Ports used with the HP DesignJet (only T1700/Z6/Z9+) and PageWide XL printers (Section 3, Advanced workflows). • The tables summarizing the...
Security Features
Page 6
In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings. For example, you might want ... Jetadmin. You can be configured from sending files via ftp or connecting through the Mgmt. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
In the HP DesignJet T830 MFP/T730 printer, the network Management Protocols can disable unused protocols through telnet to manage the printer network settings. For example, you might want ... Jetadmin. You can be configured from sending files via ftp or connecting through the Mgmt. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control) • Use the Automatic...
Security Features
Page 10
...T1200 Embedded Web Server as shown below: This option can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access... them to define an administrator account and password. Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access...
...T1200 Embedded Web Server as shown below: This option can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some features in the control panel of access... them to define an administrator account and password. Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades • Reset factory defaults • External hard disk connection • Security 2.2.1.1 Control Panel Access lock The control panel access...
Security Features
Page 13
... available sign-in method is placed in the Setup tab, in requirements for each of use (depending on the firmware version), defining which applications are stored on the device. Access Control page a. Figure 1 - HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that can set to...
... available sign-in method is placed in the Setup tab, in requirements for each of use (depending on the firmware version), defining which applications are stored on the device. Access Control page a. Figure 1 - HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is Local device, local accounts that can set to...
Security Features
Page 20
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of the USB to access job preview. USB drive control All printers allow... you to control the USB use of upgrading the firmware from a USB. These features are available in two ways: • USB drive: enable or disable the use , in the control panel,...
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of the USB to access job preview. USB drive control All printers allow... you to control the USB use of upgrading the firmware from a USB. These features are available in two ways: • USB drive: enable or disable the use , in the control panel,...
Security Features
Page 23
...scan, copy, or print). Secure File Erase (SFE) Secure File Erase is then overwritten. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the list, or access through HTTP is written to the network. This mode of operation, file pointers are erased ... hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the printer and is disabled. HP DesignJet Printers Security Settings regardless of disk media. CAUTION! These settings can set the number of jobs to be stored in the printer, ...
...scan, copy, or print). Secure File Erase (SFE) Secure File Erase is then overwritten. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the list, or access through HTTP is written to the network. This mode of operation, file pointers are erased ... hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the printer and is disabled. HP DesignJet Printers Security Settings regardless of disk media. CAUTION! These settings can set the number of jobs to be stored in the printer, ...
Security Features
Page 25
... a long time. All data will be restored to perform a secure hard disk erase on the HP DesignJet T2300 printer. 25 The average time is Disk Wipe DoD 5220.220M, and that this operation. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is ... will then warn you that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The printer will take depends on the HDD, ...
... a long time. All data will be restored to perform a secure hard disk erase on the HP DesignJet T2300 printer. 25 The average time is Disk Wipe DoD 5220.220M, and that this operation. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is ... will then warn you that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will display a progress bar until complete. The printer will take depends on the HDD, ...
Security Features
Page 35
... the printer). Disable internet connection Disable the direct connection of the report by clicking Verify in the accounting file sent by the printer. HP DesignJet Printers Security Settings You can check at any later time that you also have to send an e-mail containing accounting information. In some cases...Page. Please note that the shared folder remains accessible by using the Send accounting files to Exclude Personal information from automatically performing firmware upgrades. 35 This option also prevents the printer from accounting e-mail is moved or deleted.
... the printer). Disable internet connection Disable the direct connection of the report by clicking Verify in the accounting file sent by the printer. HP DesignJet Printers Security Settings You can check at any later time that you also have to send an e-mail containing accounting information. In some cases...Page. Please note that the shared folder remains accessible by using the Send accounting files to Exclude Personal information from automatically performing firmware upgrades. 35 This option also prevents the printer from accounting e-mail is moved or deleted.
Security Features
Page 44
... security - HP DesignJet Printers Security Settings 4. Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU...) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+...
... security - HP DesignJet Printers Security Settings 4. Device integrity SNMPv3 EWS EWS UEFI Secure Boot N/A N/A EWS EWS/WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU...) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+...
Security Features
Page 46
... Yes Yes Yes Device security - HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
... Yes Yes Yes Device security - HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS...
Security Features
Page 49
Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable USB drive Wizard setup configuration CA/JD Certificates IPSec T1200 ...
Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable USB drive Wizard setup configuration CA/JD Certificates IPSec T1200 ...
Security Features
Page 50
... WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. PIN printing N/A N/A N/A N/A N/A N/A T620... N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security- Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA...
... WJA WJA WJA FP WJA/FP WJA/FP N/A EWS EWS EWS N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. PIN printing N/A N/A N/A N/A N/A N/A T620... N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security- Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA...
Security Features
Page 54
...Out In In/Out Purpose and consequences of the Jetdirect firmware. This port can be used when the network is used for Kerberos authentication. Used by any SNMP Management utility. Rarely used . HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer ...Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos ...
...Out In In/Out Purpose and consequences of the Jetdirect firmware. This port can be used when the network is used for Kerberos authentication. Used by any SNMP Management utility. Rarely used . HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer ...Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos ...
Security Features
Page 58
...HP DesignJet Printer Series Security Settings Appendix 1 - Web Jetadmin HP Web Jetadmin is periodically updated. The tool allows the user to set up a configuration template and send it 1.0 PageWide XL 2.0 Z6, Z9+, T1700 Configuration features Supply status Basic device identification Basic device settings Basic security settings JD J8022E settings Yes Access control Permissions by HP...a list of Secure File Erase. • Schedule a Secure Hard Disk Wipe. • Remote firmware upgrade. Currently, two versions of the MC DJA exist: MC DJA Version Products implementing it to print...
...HP DesignJet Printer Series Security Settings Appendix 1 - Web Jetadmin HP Web Jetadmin is periodically updated. The tool allows the user to set up a configuration template and send it 1.0 PageWide XL 2.0 Z6, Z9+, T1700 Configuration features Supply status Basic device identification Basic device settings Basic security settings JD J8022E settings Yes Access control Permissions by HP...a list of Secure File Erase. • Schedule a Secure Hard Disk Wipe. • Remote firmware upgrade. Currently, two versions of the MC DJA exist: MC DJA Version Products implementing it to print...
Security Features
Page 59
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
Security Features
Page 60
Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP-TLS Certificate Management Identity Certificate ....hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet Printer Series Security Settings Appendix 2 - HP ...
Policy compatibility features (HP DesignJet T1700/Z6/Z9+ Printer Series) Authentication Authentication Services 802.1x Authentication 802.1x EAP-TLS Certificate Management Identity Certificate ....hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to HP JetAdvantage Security Manager documentation for Latest Jetdirect Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 HP DesignJet Printer Series Security Settings Appendix 2 - HP ...
Security Features
Page 61
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
Security Features
Page 74
...cycle. Restricting the enabled protocols to only those that the firmware cannot be compliant with the corporate security policy. FIRMWARE HP signed firmware packages Firmware packages are actually needed means the administrator can reduce the risk... of this protocol. CONFIGURATION Disable ports and protocols It allows the administrator to select which protocols and services are connected to the network or from HP can be able to be altered. The printer uses the public key of vulnerability. HP DesignJet...
...cycle. Restricting the enabled protocols to only those that the firmware cannot be compliant with the corporate security policy. FIRMWARE HP signed firmware packages Firmware packages are actually needed means the administrator can reduce the risk... of this protocol. CONFIGURATION Disable ports and protocols It allows the administrator to select which protocols and services are connected to the network or from HP can be able to be altered. The printer uses the public key of vulnerability. HP DesignJet...
Security Features
Page 75
... IP address from unauthorized access. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. Individual passwords Each user that affect the data storage system. With the File system password... printer. In the event of your printer. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users....
... IP address from unauthorized access. It also requires a tool to generate reports using the HP Web Jetadmin software to upgrade the printer or multi-function printer firmware. Individual passwords Each user that affect the data storage system. With the File system password... printer. In the event of your printer. Run-time intrusion detection Detects anomalies during complex firmware and memory operations. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for non-administrator users....