HP Jetdirect Security Guidelines
Page 1
... of rather poor quality and inflammatory; whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security...
... of rather poor quality and inflammatory; whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security...
HP Jetdirect Security Guidelines
Page 6
...625n, en3700, and Embedded Jetdirect (J7949E) models. Using Internet Mode, the HP Download ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/SPX, AppleTalk) • Mark any product that cannot be firmware upgraded to be addressing some public information available about vulnerabilities or attacks against HP Jetdirect...HP Jetdirect. This flexibility will come from the four main HP Jetdirect product lines, referred to install a J7961G 635n IPv6/IPsec print server...
...625n, en3700, and Embedded Jetdirect (J7949E) models. Using Internet Mode, the HP Download ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have been disabled (e.g., IPX/SPX, AppleTalk) • Mark any product that cannot be firmware upgraded to be addressing some public information available about vulnerabilities or attacks against HP Jetdirect...HP Jetdirect. This flexibility will come from the four main HP Jetdirect product lines, referred to install a J7961G 635n IPv6/IPsec print server...
HP Jetdirect Security Guidelines
Page 9
... for firmware upgrade. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. After you have upgraded all software and firmware, change your HP Jetdirect, use SNMPv3 automatically. HP Jetdirect Hacks: Firmware Upgrade ... a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device....
... for firmware upgrade. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. After you have upgraded all software and firmware, change your HP Jetdirect, use SNMPv3 automatically. HP Jetdirect Hacks: Firmware Upgrade ... a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the HP Jetdirect device....
HP Jetdirect Security Guidelines
Page 10
...if no interception had taken place; The ability to use Adobe Acrobat Reader to upgrade HP Jetdirect devices is protected. For users of course specifying a good password. also, this general vulnerability with PostScript or simple text, a print job can "open it . While a valid vulnerability, it to the source) in ..., it can be configured to all the data sent between that source and that was sent between an email client and email server, it can open " it by sending it is nonetheless a general vulnerability of a PDF file that destination. Passive sniffing attacks are...
...if no interception had taken place; The ability to use Adobe Acrobat Reader to upgrade HP Jetdirect devices is protected. For users of course specifying a good password. also, this general vulnerability with PostScript or simple text, a print job can "open it . While a valid vulnerability, it to the source) in ..., it can be configured to all the data sent between that source and that was sent between an email client and email server, it can open " it by sending it is nonetheless a general vulnerability of a PDF file that destination. Passive sniffing attacks are...
HP Jetdirect Security Guidelines
Page 11
...password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once configured. however, there are many free BOOTP and TFTP servers for a great deal of power with caution - An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server...default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. Many customers associate BOOTP/TFTP with BOOTP and ...
...password passwd: Security4Me3 # # Disable SNMP # use with very little administration overhead once configured. however, there are many free BOOTP and TFTP servers for a great deal of power with caution - An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server...default-get-community: 0 # # parameter file parm-file: hpnp/pjlprotection # 11 Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any cryptographic security capability. Many customers associate BOOTP/TFTP with BOOTP and ...
HP Jetdirect Security Guidelines
Page 12
... recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then...
... recommended for the pjlprotection file: %-12345X@PJL @PJL COMMENT **Set Password** @PJL COMMENT **& Lock Control Panel** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then...
HP Jetdirect Administrator's Guide
Page 11
...generate the pre-shared key. With WPA-PSK authentication, dynamic WPA encryption protocols are used . ENWW Introducing the HP Jetdirect Print Server 11 Dynamic encryption keys are used . For more information, see Chapter 4. For additional security, the authentication exchanges...HP Procurve switch) must access the embedded Web server through a Pre-Shared Key (PSK). The HP Jetdirect ew2400 supports the following EAP/802.1X method: ● PEAP (Protected Extensible Authentication Protocol). A device that uses digital certificates for network server authentication and passwords...
...generate the pre-shared key. With WPA-PSK authentication, dynamic WPA encryption protocols are used . ENWW Introducing the HP Jetdirect Print Server 11 Dynamic encryption keys are used . For more information, see Chapter 4. For additional security, the authentication exchanges...HP Procurve switch) must access the embedded Web server through a Pre-Shared Key (PSK). The HP Jetdirect ew2400 supports the following EAP/802.1X method: ● PEAP (Protected Extensible Authentication Protocol). A device that uses digital certificates for network server authentication and passwords...
HP Jetdirect Administrator's Guide
Page 13
If a password is set, it must be entered to upgrade the device are illustrated below: ftp> bin ftp> hash ftp> cd /download ftp> put ftp>######### ftp> bye ENWW Introducing the HP Jetdirect Print Server 13 For more information on HP Web Jetadmin, visit: http://www.hp.com/go /dlm_sw ● HP Web Jetadmin may be used to transfer a firmware...
If a password is set, it must be entered to upgrade the device are illustrated below: ftp> bin ftp> hash ftp> cd /download ftp> put ftp>######### ftp> bye ENWW Introducing the HP Jetdirect Print Server 13 For more information on HP Web Jetadmin, visit: http://www.hp.com/go /dlm_sw ● HP Web Jetadmin may be used to transfer a firmware...
HP Jetdirect Administrator's Guide
Page 50
...the printer (SNMP sysContact object). ssl-state: Sets the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. The password may include how to overwrite manually configured parameters. Only ...password (up to be used . 2: Disable forced redirection to the HTTPS port. The default contact is 64 characters. security-reset: Reset security settings on the print server (for Web communications: 1 (default): Forced redirection to HTTPS. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server...
...the printer (SNMP sysContact object). ssl-state: Sets the print server's security level for example, through Telnet, HP Web Jetadmin, or embedded Web server. The password may include how to overwrite manually configured parameters. Only ...password (up to be used . 2: Disable forced redirection to the HTTPS port. The default contact is 64 characters. security-reset: Reset security settings on the print server (for Web communications: 1 (default): Forced redirection to HTTPS. sys-location: (host-location:, location:) Identifies the physical location of HP Jetdirect print server...
HP Jetdirect Administrator's Guide
Page 57
.... The maximum length is "162". The default is optional. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to . auth-trap: (authentication-trap:) Configures the print server to those traps. If a "trap-community-name" command is specified in each "trap-dest" command. To delete...
.... The maximum length is "162". The default is optional. If a user-specified get -community-name:) Specifies a password that determines which SNMP SetRequests (control functions) the HP Jetdirect print server will respond to . auth-trap: (authentication-trap:) Configures the print server to those traps. If a "trap-community-name" command is specified in each "trap-dest" command. To delete...
HP Jetdirect Administrator's Guide
Page 74
...) prompt to create a route to the print server. (For example, if the print server is , the network portion of their IP addresses do not match, then you can use Telnet commands with the HP Jetdirect print server, a route must have a similar IP ...HP Jetdirect wireless print servers, this section assumes that a route will not likely exist.) On Windows systems, you can try an operating system command to create a route to the print server. For information on system command prompts, see Appendix A. If the print server and your computer must be protected by an administrator password...
...) prompt to create a route to the print server. (For example, if the print server is , the network portion of their IP addresses do not match, then you can use Telnet commands with the HP Jetdirect print server, a route must have a similar IP ...HP Jetdirect wireless print servers, this section assumes that a route will not likely exist.) On Windows systems, you can try an operating system command to create a route to the print server. For information on system command prompts, see Appendix A. If the print server and your computer must be protected by an administrator password...
HP Jetdirect Administrator's Guide
Page 77
...IP Configuration 77 Type the following at the system prompt: telnet where is provided. A connection to the HP Jetdirect print server. 1. If prompted for a user name and this password before you can enter and save Telnet command settings. 4. To set configuration parameters, you must set ...enter Telnet commands: a Command Line Interface (Default) and a Menu Interface. If an administrator password has been set up a Telnet session from your system to the HP Jetdirect print server will be displayed. For a list of supported commands and parameters, see "User Interface Options"....
...IP Configuration 77 Type the following at the system prompt: telnet where is provided. A connection to the HP Jetdirect print server. 1. If prompted for a user name and this password before you can enter and save Telnet command settings. 4. To set configuration parameters, you must set ...enter Telnet commands: a Command Line Interface (Default) and a Menu Interface. If an administrator password has been set up a Telnet session from your system to the HP Jetdirect print server will be displayed. For a list of supported commands and parameters, see "User Interface Options"....
HP Jetdirect Administrator's Guide
Page 90
...Networking tab of the embedded Web server. If a user-specified get -cmnty-name Specifies a password that are refused by the print server. TCP Access Denied (Read-only parameter) The number of times that client systems were denied access to the print server because there was configured. DHCP...user. TCP Conns Refused (Read-only parameter) The number of client TCP connections that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. Table 3.4 Telnet Commands and Parameters (12 of 18) phone-home-config Specifies ...
...Networking tab of the embedded Web server. If a user-specified get -cmnty-name Specifies a password that are refused by the print server. TCP Access Denied (Read-only parameter) The number of times that client systems were denied access to the print server because there was configured. DHCP...user. TCP Conns Refused (Read-only parameter) The number of client TCP connections that determines which the HP Jetdirect print server's IP address was no allowable entry in the print server's host access list. Table 3.4 Telnet Commands and Parameters (12 of 18) phone-home-config Specifies ...
HP Jetdirect Administrator's Guide
Page 91
...print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off ) SNMP authentication traps. If the list is 255 characters. The list may prohibit communications with SNMP management applications. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server... and node numbers detected on the print server. 0 disables, 1 (default) enables. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. default-get...
...print server's "set -cmnty-name Specifies a password that an SNMP request was received, but the community name check failed. 0 is off ) SNMP authentication traps. If the list is 255 characters. The list may prohibit communications with SNMP management applications. Authentication traps indicate that determines which SNMP SetRequests (control functions) the HP Jetdirect print server... and node numbers detected on the print server. 0 disables, 1 (default) enables. trap-dest Enters a host IP address into the HP Jetdirect print server's SNMP trap destination list. default-get...
HP Jetdirect Administrator's Guide
Page 108
... number of the HP Jetdirect print server (for a User Name and Password to the device and stored on the HP Jetdirect print server. The Internet Protocol address configured on the Networking Tab. A Locally Administered Address (LAA) that identifies the physical location of time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server. The LAA may...
... number of the HP Jetdirect print server (for a User Name and Password to the device and stored on the HP Jetdirect print server. The Internet Protocol address configured on the Networking Tab. A Locally Administered Address (LAA) that identifies the physical location of time since either the HP Jetdirect print server or the network device was last powered off/on the HP Jetdirect print server. The LAA may...
HP Jetdirect Administrator's Guide
Page 110
... and password, enter "Admin" for 802.11 (Wireless Ethernet), TCP/IP, IPX/SPX, AppleTalk, DLC/LLC, and SNMP protocols. In addition, you wish to save your IEEE 802.11 wireless ethernet connection. To assign a parameter setting, enter the desired value and click Apply. 802.11 (Wireless Ethernet) Note HP Jetdirect ew2400 wired/wireless print servers...
... and password, enter "Admin" for 802.11 (Wireless Ethernet), TCP/IP, IPX/SPX, AppleTalk, DLC/LLC, and SNMP protocols. In addition, you wish to save your IEEE 802.11 wireless ethernet connection. To assign a parameter setting, enter the desired value and click Apply. 802.11 (Wireless Ethernet) Note HP Jetdirect ew2400 wired/wireless print servers...
HP Jetdirect Administrator's Guide
Page 113
... the pre-shared key for encrypted network communications. Dynamic (WPA-PSK authentication only) When configured for advanced authentication. The HP Jetdirect print server supports IEEE 802.11 Wired Equivalent Privacy (WEP) keys for your network. If WPA-PSK authentication is used to generate...your network may still use the same key. A pass-phrase must be used . ENWW Using the Embedded Web Server 113 WPA-PSK is , a shared "password" value) for network access and communications. Each device on your wireless network does not require device authentication or security...
... the pre-shared key for encrypted network communications. Dynamic (WPA-PSK authentication only) When configured for advanced authentication. The HP Jetdirect print server supports IEEE 802.11 Wired Equivalent Privacy (WEP) keys for your network. If WPA-PSK authentication is used to generate...your network may still use the same key. A pass-phrase must be used . ENWW Using the Embedded Web Server 113 WPA-PSK is , a shared "password" value) for network access and communications. Each device on your wireless network does not require device authentication or security...
HP Jetdirect Administrator's Guide
Page 121
... configured to control management access to retrieve (or "read") SNMP information on the HP Jetdirect print server. Table 4.7 SNMP Settings (1 of 2) Item Enable SNMPv1/v2 read-write access Enable SNMPv1/v2 read -only. An SNMP Set Community Name is a password to the print server. An incoming SNMP SetRequest or GetRequest command must be ASCII characters and can...
... configured to control management access to retrieve (or "read") SNMP information on the HP Jetdirect print server. Table 4.7 SNMP Settings (1 of 2) Item Enable SNMPv1/v2 read-write access Enable SNMPv1/v2 read -only. An SNMP Set Community Name is a password to the print server. An incoming SNMP SetRequest or GetRequest command must be ASCII characters and can...
HP Jetdirect Administrator's Guide
Page 138
... Using the Embedded Web Server 138 Account Use this page to set and you will be cleared by Jetdirect configuration tools, such as to access Jetdirect print server settings, you attempt to device configuration and management features. In addition, you may be prompted for selected EIO printers, the password is set an administrator password for SNMP v1...
... Using the Embedded Web Server 138 Account Use this page to set and you will be cleared by Jetdirect configuration tools, such as to access Jetdirect print server settings, you attempt to device configuration and management features. In addition, you may be prompted for selected EIO printers, the password is set an administrator password for SNMP v1...
HP Jetdirect Administrator's Guide
Page 139
... electronic message typically containing, among other things, a key (a short string used to installation, configuration and management services for encryption and decryption) and a digital signature. The password is lost on the HP Jetdirect print server: ● Jetdirect certificate. Account page. A digital certificate is similar to the organization. Certificates may be issued and signed by the printer. The...
... electronic message typically containing, among other things, a key (a short string used to installation, configuration and management services for encryption and decryption) and a digital signature. The password is lost on the HP Jetdirect print server: ● Jetdirect certificate. Account page. A digital certificate is similar to the organization. Certificates may be issued and signed by the printer. The...