HP Jetdirect Security Guidelines
Page 1
... of rather poor quality and inflammatory; whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended...
... of rather poor quality and inflammatory; whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended...
HP Jetdirect Security Guidelines
Page 6
... the front door and leave your network before securing one must be addressing some public information available about vulnerabilities or attacks against HP Jetdirect and some ways to counteract those... 170x, 300x, 500x, 510x, 400n, 600n models. Printers that cannot be effective. The EIO slot was introduced on the basis of the Jetdirect device. Printers and MFPs with a lot ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have the most security capability in HP Jetdirect's product line. ...
... the front door and leave your network before securing one must be addressing some public information available about vulnerabilities or attacks against HP Jetdirect and some ways to counteract those... 170x, 300x, 500x, 510x, 400n, 600n models. Printers that cannot be effective. The EIO slot was introduced on the basis of the Jetdirect device. Printers and MFPs with a lot ...Server (EWS) password has been specified • The default SNMPv1/v2c SET Community Name has been changed • All non-active protocols have the most security capability in HP Jetdirect's product line. ...
HP Jetdirect Security Guidelines
Page 9
... are trusted to establish a print connection, they are trusted to the HP Jetdirect device. Some additional protections can also utilize SNMPv3 for firmware upgrade. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. There are... Manager or HP Web Jetadmin, the application issues an SNMP SET to print. An excellent resource for auditing and understanding printer usage. This process will be entered to a network outage, client lockup, printer powered down the download file. Also, consider ...
... are trusted to establish a print connection, they are trusted to the HP Jetdirect device. Some additional protections can also utilize SNMPv3 for firmware upgrade. HP Jetdirect Hacks: Password and SNMP Community Names HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years. There are... Manager or HP Web Jetadmin, the application issues an SNMP SET to print. An excellent resource for auditing and understanding printer usage. This process will be entered to a network outage, client lockup, printer powered down the download file. Also, consider ...
HP Jetdirect Security Guidelines
Page 10
...objectID=bpj07572. Passive sniffing attacks are also used to force network infrastructure equipment to behave in a manner that was sent between that source and that the MITM node has a copy of course specifying a good password. In addition, many switch vendors offer various flavors of ...simple text, a print job can use the EWS to this general vulnerability with a properly signed HP Jetdirect certificate. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it can be opened using ...
...objectID=bpj07572. Passive sniffing attacks are also used to force network infrastructure equipment to behave in a manner that was sent between that source and that the MITM node has a copy of course specifying a good password. In addition, many switch vendors offer various flavors of ...simple text, a print job can use the EWS to this general vulnerability with a properly signed HP Jetdirect certificate. HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them Easily available network tools that was sent between an email client and email server, it can be opened using ...
HP Jetdirect Security Guidelines
Page 11
...: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; This configuration file allows for Windows and setup is recommended as we can specify several... be provided here. An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to remain with very little administration overhead once configured. Many customers associate BOOTP/TFTP with caution - Recommended Security Deployments: SET 1 The...
...: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; This configuration file allows for Windows and setup is recommended as we can specify several... be provided here. An example of the contents of the TFTP daemon's home directory • Forces HP Jetdirect to remain with very little administration overhead once configured. Many customers associate BOOTP/TFTP with caution - Recommended Security Deployments: SET 1 The...
HP Jetdirect Security Guidelines
Page 12
..." button to a parameter file called "pjlprotection". This file is sent to the printer on Jetdirect. The Security level you want to a customer. 12 Here is a sample content for non HP Web Jetadmin users. Here, we are going to choose "Custom Security" to this page. ...** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in SET 2, the security wizard is shown here: NOTE: be access via the Networking tab, "Settings"...
..." button to a parameter file called "pjlprotection". This file is sent to the printer on Jetdirect. The Security level you want to a customer. 12 Here is a sample content for non HP Web Jetadmin users. Here, we are going to choose "Custom Security" to this page. ...** @PJL JOB PASSWORD = 7654 @PJL DEFAULT PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in SET 2, the security wizard is shown here: NOTE: be access via the Networking tab, "Settings"...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 33
... a configuration file containing enhanced configuration parameters. EN TCP/IP Configuration 27 Configuration parameters retrieved via TFTP are properly configured. When the HP JetDirect print server is different from passwords used for your network. A BOOTP server daemon searches the /etc/bootptab file for a matching MAC address, and if successful, sends the corresponding configuration data to...
... a configuration file containing enhanced configuration parameters. EN TCP/IP Configuration 27 Configuration parameters retrieved via TFTP are properly configured. When the HP JetDirect print server is different from passwords used for your network. A BOOTP server daemon searches the /etc/bootptab file for a matching MAC address, and if successful, sends the corresponding configuration data to...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 38
...trap-dest: Enters a host's IP address into the HP JetDirect print server's SNMP trap destination list. If the list is public. set-communityname: Specifies a password that determines which SNMP SetRequests (control functions) the HP JetDirect print server will be ASCII characters. The default community ...trap daemon to listen to those traps. The default contact is empty. Community names must be ASCII characters. Newer HP JetDirect EIO cards will not support the separate SNMP authentification trap setting. (All SNMP traps will respond to respond. The maximum length ...
...trap-dest: Enters a host's IP address into the HP JetDirect print server's SNMP trap destination list. If the list is public. set-communityname: Specifies a password that determines which SNMP SetRequests (control functions) the HP JetDirect print server will be ASCII characters. The default community ...trap daemon to listen to those traps. The default contact is empty. Community names must be ASCII characters. Newer HP JetDirect EIO cards will not support the separate SNMP authentification trap setting. (All SNMP traps will respond to respond. The maximum length ...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 52
... can disable password protection by typing 0 (zero) when prompted for a password, type the correct password. The default IP address is initialized. 3. By default, Telnet does not require a password, but you can set up to a 14-character password by performing a cold reset on the JetDirect configuration page....the printer control panel, or the default IP address. If you are prompted for a new password, or by using the password command (passwd). Once a password is set, password protection is listed on the print server. Type the following at the system prompt: telnet where ...
... can disable password protection by typing 0 (zero) when prompted for a password, type the correct password. The default IP address is initialized. 3. By default, Telnet does not require a password, but you can set up to a 14-character password by performing a cold reset on the JetDirect configuration page....the printer control panel, or the default IP address. If you are prompted for a new password, or by using the password command (passwd). Once a password is set, password protection is listed on the print server. Type the following at the system prompt: telnet where ...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 84
... directory) command. The default is prompted for printing will be displayed. If the connection is successful, the HP JetDirect model and firmware version will be displayed on the client system. In addition, the available HP JetDirect ports for a login name and password. Ending the FTP Session To end an FTP session, type quit or bye.
... directory) command. The default is prompted for printing will be displayed. If the connection is successful, the HP JetDirect model and firmware version will be displayed on the client system. In addition, the available HP JetDirect ports for a login name and password. Ending the FTP Session To end an FTP session, type quit or bye.
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 128
... that the print server object is not supported. Check licenses on the network. Table 7.5 General HP JetDirect Messages (8 of queues assigned. NDS ERR: CHANGE PSSWD FAILED Cannot modify the print server password to the printer objects OBJECTS located in the directory at this HP JetDirect print server. NDS ERR: NO QUEUE No print queue objects are...
... that the print server object is not supported. Check licenses on the network. Table 7.5 General HP JetDirect Messages (8 of queues assigned. NDS ERR: CHANGE PSSWD FAILED Cannot modify the print server password to the printer objects OBJECTS located in the directory at this HP JetDirect print server. NDS ERR: NO QUEUE No print queue objects are...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 130
PASSWORD ERROR DISCONNECTED indicates that no printer is attached to the desired port. The HP JetDirect print server detected that the network cable has been properly attached to the port or the printer is wrong. PORT CONFIG PORT SELECT: Note: When ... MIO extensions. When this message is only displayed on the print server that corresponds to erase the password for network communications using switches or jumpers. or half-duplex channel. For MIO cards, a "-M" suffix indicates the configuration has been manually set using a 10/100Base-TX full- Specifies...
PASSWORD ERROR DISCONNECTED indicates that no printer is attached to the desired port. The HP JetDirect print server detected that the network cable has been properly attached to the port or the printer is wrong. PORT CONFIG PORT SELECT: Note: When ... MIO extensions. When this message is only displayed on the print server that corresponds to erase the password for network communications using switches or jumpers. or half-duplex channel. For MIO cards, a "-M" suffix indicates the configuration has been manually set using a 10/100Base-TX full- Specifies...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 134
... logging in without a password, it sets the password automatically.) This indicates a networking or security problem. UNABLE TO SENSE NET NUMBER UNABLE TO SET PASSWORD When the HP JetDirect print server is configured for the print server object. (Whenever the HP JetDirect print server is only ...the print server object not existing on the network. This does not include broadcasts or multicasts. 128 HP JetDirect Configuration Page Messages EN Table 7.5 General HP JetDirect Messages (14 of frames specifically addressed to this HP JetDirect print server. When multiple file servers are ...
... logging in without a password, it sets the password automatically.) This indicates a networking or security problem. UNABLE TO SENSE NET NUMBER UNABLE TO SET PASSWORD When the HP JetDirect print server is configured for the print server object. (Whenever the HP JetDirect print server is only ...the print server object not existing on the network. This does not include broadcasts or multicasts. 128 HP JetDirect Configuration Page Messages EN Table 7.5 General HP JetDirect Messages (14 of frames specifically addressed to this HP JetDirect print server. When multiple file servers are ...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 159
...PACKETS TRANSMITTED 123 PARALLEL PORT X 124 PASSWORD ERROR 124 ping command 43 PORT CONFIG 124 PORT SELECT 124 PORT X STATUS 111, 112 POSTSCRIPT MODE NOT SELECTED 124 POSTSCRIPT UPDATE NEEDED 124 print queue BSD-like systems 62 LPD 61 SAM (HP-UX) systems 64 print server HP JetDirect 1 parameters 53 supported 2 PRINT ... 126 SINGLE STATION 126 SNMP GET CMTY NAME 114 SNMP SET CMTY NAME 114 software installation EtherTalk or LocalTalk (Mac OS) 16 HP Web JetAdmin 9 Windows NT networks 144 software upgrades 3 SOURCE ROUTING 110 SQE ERROR 126 subnet mask 136 subnets 136 support materials 3 supported...
...PACKETS TRANSMITTED 123 PARALLEL PORT X 124 PASSWORD ERROR 124 ping command 43 PORT CONFIG 124 PORT SELECT 124 PORT X STATUS 111, 112 POSTSCRIPT MODE NOT SELECTED 124 POSTSCRIPT UPDATE NEEDED 124 print queue BSD-like systems 62 LPD 61 SAM (HP-UX) systems 64 print server HP JetDirect 1 parameters 53 supported 2 PRINT ... 126 SINGLE STATION 126 SNMP GET CMTY NAME 114 SNMP SET CMTY NAME 114 software installation EtherTalk or LocalTalk (Mac OS) 16 HP Web JetAdmin 9 Windows NT networks 144 software upgrades 3 SOURCE ROUTING 110 SQE ERROR 126 subnet mask 136 subnets 136 support materials 3 supported...
HP JetDirect Print Servers 600N/400N/500X/300X Administrator's Guide - 5969-3521
Page 160
...25 TIMEOUT 126 TOKEN ERRORS 126 Token Ring configuration page 99, 103 TOTAL PACKETS RCVD 126 TRANSMIT BEACON 126 ERROR 126 troubleshooting flow chart 84 HP JetDirect print server 81 TRYING TO CONNECT TO SERVER 127 TURN PRINTER OFF/ON 127 U UDP (User Datagram Protocol) 132 UNABLE TO ATTACH TO ...SERVER 127 FIND SERVER 127 GET NDS SRVR ADDR 128 LOGIN 128 SENSE NET NUMBER 128 SET PASSWORD 128 UNDERFLOW ERROR 128 UNEXPECTED PSERVER DATA RCVD 128 UNICAST PACKETS RCVD 128 UNIX (HP-UX and Solaris) networks, LPD printing 57 UNKNOWN NCP RETURN CODE 129 UNSENDABLE PACKETS 129 upgrades (software, driver, ...
...25 TIMEOUT 126 TOKEN ERRORS 126 Token Ring configuration page 99, 103 TOTAL PACKETS RCVD 126 TRANSMIT BEACON 126 ERROR 126 troubleshooting flow chart 84 HP JetDirect print server 81 TRYING TO CONNECT TO SERVER 127 TURN PRINTER OFF/ON 127 U UDP (User Datagram Protocol) 132 UNABLE TO ATTACH TO ...SERVER 127 FIND SERVER 127 GET NDS SRVR ADDR 128 LOGIN 128 SENSE NET NUMBER 128 SET PASSWORD 128 UNDERFLOW ERROR 128 UNEXPECTED PSERVER DATA RCVD 128 UNICAST PACKETS RCVD 128 UNIX (HP-UX and Solaris) networks, LPD printing 57 UNKNOWN NCP RETURN CODE 129 UNSENDABLE PACKETS 129 upgrades (software, driver, ...