Practical considerations for imaging and printing security
Page 1
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
... ...4 Security checklists ...4 Conclusion: look beyond Common Criteria Certification 4 HP's imaging and printing security framework 4 Secure the Imaging and Printing Device 5 MFP walk-up authentication ...5 Network printing authentication ...5 Physical document access control 5 HP Secure Erase ...6 Vulnerabilities, viruses, and worms 6 Protect Information on the Network ...6 Network connectivity with HP Jetdirect devices 6 HP Digital Sending Software (DSS 7 Fax/LAN bridging ...7 Effectively...
Practical considerations for imaging and printing security
Page 6
...," on PCs, Chailets should only be used in all network access denied. 802.1x can secure network printing and scanning protocols. Network devices that are allowed access. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to-clunk performance that only IT deployed...
...," on PCs, Chailets should only be used in all network access denied. 802.1x can secure network printing and scanning protocols. Network devices that are allowed access. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic accelerator to provide click-to-clunk performance that only IT deployed...
HP Jetdirect Security Guidelines
Page 1
.... Resources such as configuration recommendations. whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security...
.... Resources such as configuration recommendations. whitepaper HP Jetdirect Security Guidelines Table of Contents: Introduction ...1 HP Jetdirect Overview ...2 What is an HP Jetdirect?...3 How old is Your HP Jetdirect?...4 Upgrading ...5 HP Jetdirect Administrative Guidelines 6 HP Jetdirect Hacks: TCP Port 9100...7 HP Jetdirect Hacks: Password and SNMP Community Names 9 HP Jetdirect Hacks: Firmware Upgrade 9 HP Jetdirect Hacks: Sniffing Print Jobs and Replaying Them 10 HP Jetdirect Hacks: Printer/MFP access 10 Recommended Security...
HP Jetdirect Security Guidelines
Page 2
... focused environment, we know that last part sound like your printing and imaging security strategy? HP Jetdirect Overview Years ago, the world networked printers by taking advantage of the first print servers to clients on the network. The incredible print quality of competition in question. HP Jetdirect was to Jetdirect immediately. While migrating to networking printers, the goal was...
... focused environment, we know that last part sound like your printing and imaging security strategy? HP Jetdirect Overview Years ago, the world networked printers by taking advantage of the first print servers to clients on the network. The incredible print quality of competition in question. HP Jetdirect was to Jetdirect immediately. While migrating to networking printers, the goal was...
HP Jetdirect Security Guidelines
Page 3
... first Networking Protocol offload engines. This diagram is by no means comprehensive, but does convey the difference between HP Jetdirect and Printer/MFP platforms. Why is a good investment. 3 Upgrading your HP Jetdirect card to provide your printing infrastructure. Functional Diagram Figure 1 - O S OS What is not going to be an example. When printers were directly connected...
... first Networking Protocol offload engines. This diagram is by no means comprehensive, but does convey the difference between HP Jetdirect and Printer/MFP platforms. Why is a good investment. 3 Upgrading your HP Jetdirect card to provide your printing infrastructure. Functional Diagram Figure 1 - O S OS What is not going to be an example. When printers were directly connected...
HP Jetdirect Security Guidelines
Page 4
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
... 3.11 HP Jetdirect J2550A, J2552A MIO Print Servers Microsoft Windows 95 HP Jetdirect J2550B, J2552B MIO Print Servers HP Jetdirect J3110A, J3111A EIO Print Servers HP Jetdirect J3263A 300X External Print Server HP Jetdirect J3113A 600n EIO Print Server Microsoft Windows 98 HP Jetdirect J3258A 170x External Print Server Microsoft Windows 2000 Professional HP Jetdirect J4169A 610n EIO Print Server Microsoft Windows XP HP Jetdirect J6057A 615n EIO Print Server Microsoft Windows 2003 Server HP Jetdirect J7934A 620n EIO Print Server HP Jetdirect J7961A 635n EIO Print Server Date Released...
HP Jetdirect Security Guidelines
Page 5
... PEAP. Upgrading Upgrading your HP Jetdirect devices is highly recommended. HP Jetdirect Models In Table 3 - Some security features of August 2007 are shown in Table 2 - HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for...
... PEAP. Upgrading Upgrading your HP Jetdirect devices is highly recommended. HP Jetdirect Models In Table 3 - Some security features of August 2007 are shown in Table 2 - HP Jetdirect Models: HP Jetdirect J3258G 170x External Parallel Print server J6035G 175x External USB 1.1 Print Server J3263G 300x External Print server J7983G 510X External 3-Port Print Server J7942G en3700 External USB 2.0 Print Server J7934G 620n EIO 10/100 Print Server J7949E Embedded Jetdirect 10/100 (not for...
HP Jetdirect Security Guidelines
Page 6
...increase the security of their printing and imaging infrastructure. For companies with a new external parallel port print server like the HP LaserJet 4000 and give it the latest in networking protocol and security support. These administrative guidelines come in HP Jetdirect's product line. Using this ...SET 1 products, but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. The Firewall can use the HP Download Manager available at the very least should do not have additional security by means of a ...
...increase the security of their printing and imaging infrastructure. For companies with a new external parallel port print server like the HP LaserJet 4000 and give it the latest in networking protocol and security support. These administrative guidelines come in HP Jetdirect's product line. Using this ...SET 1 products, but have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. The Firewall can use the HP Download Manager available at the very least should do not have additional security by means of a ...
HP Jetdirect Security Guidelines
Page 7
... Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n...
... Embedded Jetdirect J4100A 400n 10Mbps MIO Print server J4106A 400n 10Mbps MIO Print server J3110A 600n 10Mbps EIO Print server J3111A 600n 10Mbps EIO Print server J3113A 600n 10/100 EIO Print server J4169A 610n 10/100 EIO Print Server J6057A 615n 10/100 EIO Print Server J3263A/J3263G 300x External Print server J3265A 500X External 3-Port Print Server J7983G 510X External 3-Port Print Server J7942A/J7942G en3700 External USB 2.0 Print Server J7934A/J7934G 620n...
HP Jetdirect Security Guidelines
Page 8
...server endpoint (and optionally the client endpoint). Option 2) For SET 3. Setup a rule to protect print traffic using the IPsec. It is subject to IP address spoofing and Man-in the company. Eliminate the default gateway (set to protect print traffic using IPsec Option 1) For Set 1/2/3/4. This doesn't prevent HP Jetdirect...the printer out of 255.255.255.255. Well, that is subject to MITM attacks as HP Jetdirect Ten or less individual computers on SSL/TLS to print but keeps changing the display or doing other subnets, but may not be found in the ...
...server endpoint (and optionally the client endpoint). Option 2) For SET 3. Setup a rule to protect print traffic using the IPsec. It is subject to IP address spoofing and Man-in the company. Eliminate the default gateway (set to protect print traffic using IPsec Option 1) For Set 1/2/3/4. This doesn't prevent HP Jetdirect...the printer out of 255.255.255.255. Well, that is subject to MITM attacks as HP Jetdirect Ten or less individual computers on SSL/TLS to print but keeps changing the display or doing other subnets, but may not be found in the ...
HP Jetdirect Security Guidelines
Page 9
... and pull down during the upgrade, etc...), HP Jetdirect will help make your HP Jetdirect devices behave the same regarding their printing behavior. At the end of the document is located here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00004828. After... and HP Web Jetadmin makes using SNMPv3 easy. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin...
... and pull down during the upgrade, etc...), HP Jetdirect will help make your HP Jetdirect devices behave the same regarding their printing behavior. At the end of the document is located here: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00004828. After... and HP Web Jetadmin makes using SNMPv3 easy. they are trusted to establish a print connection, they are three common ways of updating HP Jetdirect firmware: • HP Download Manager / HP Web Jetadmin • FTP • Embedded Web Server When using HP Download Manager or HP Web Jetadmin...
HP Jetdirect Security Guidelines
Page 10
... attacks. also, this means is that destination. In some cases, as with PostScript or simple text, a print job can use Adobe Acrobat Reader to upgrade HP Jetdirect devices is protected. In addition, many switch vendors offer various flavors of ARP protection and monitoring since ARP poisoning...conference room to HTTPS, using listening device hidden in a manner that was sent between an FTP client and an FTP server, it can "open it to bypass HP Jetdirect security. Port access controls, such as if no interception had taken place; For users of concern among customers. A ...
... attacks. also, this means is that destination. In some cases, as with PostScript or simple text, a print job can use Adobe Acrobat Reader to upgrade HP Jetdirect devices is protected. In addition, many switch vendors offer various flavors of ARP protection and monitoring since ARP poisoning...conference room to HTTPS, using listening device hidden in a manner that was sent between an FTP client and an FTP server, it can "open it to bypass HP Jetdirect security. Port access controls, such as if no interception had taken place; For users of concern among customers. A ...
HP Jetdirect Security Guidelines
Page 11
... file: picasso.cfg under the subdirectory of "hpnp" of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. This configuration file allows for Windows and setup is recommended as we can specify several control parameters...telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any...
... file: picasso.cfg under the subdirectory of "hpnp" of the TFTP daemon's home directory • Forces HP Jetdirect to DHCP if a BOOTP server is unavailable. This configuration file allows for Windows and setup is recommended as we can specify several control parameters...telnet-config: 0 # # Disable the embedded Web server ews-config: 0 # # disable unused protocols ipx/spx: 0 dlc/llc: 0 ethertalk:0 # # Set a password passwd: Security4Me3 # # Disable SNMP # use with UNIX or Linux environments; Recommended Security Deployments: SET 1 The HP Jetdirect products denoted by SET 1 do not have any...
HP Jetdirect Security Guidelines
Page 12
...PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. The Security level you want to this page. A sample ...a customer. 12 Here, we are going to choose "Custom Security" to show all the options that are available to the printer on Jetdirect. Press the "Start Wizard" button to a parameter file called "pjlprotection". The TFTP configuration file points to begin the wizard. This file ...
...PASSWORD = 1776 @PJL DINQUIRE PASSWORD @PJL DEFAULT CPLOCK = ON @PJL DINQUIRE CPLOCK @PJL EOJ %-12345X Recommended Security Deployments: SET 2 For the HP Jetdirect products that are in the left-hand navigation bar, and then the "Wizard" tab. The Security level you want to this page. A sample ...a customer. 12 Here, we are going to choose "Custom Security" to show all the options that are available to the printer on Jetdirect. Press the "Start Wizard" button to a parameter file called "pjlprotection". The TFTP configuration file points to begin the wizard. This file ...
HP Jetdirect Security Guidelines
Page 17
Special equipment is skipped. 17 Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic. For now, this configuration step is required. Disable unused print protocols and services.
Special equipment is skipped. 17 Allowing device discovery helps in device management, but may not be required in all environments. 802.1X authentication can also be done. For a complete discussion of 802.1X, see HP Jetdirect whitepapers on the topic. For now, this configuration step is required. Disable unused print protocols and services.
HP Jetdirect Security Guidelines
Page 22
Select "Allow Traffic". Click "Next" 22 Click "Next". We are concerned with management services, so select the service template "All Jetdirect Management Services".
Select "Allow Traffic". Click "Next" 22 Click "Next". We are concerned with management services, so select the service template "All Jetdirect Management Services".
HP Jetdirect Security Guidelines
Page 24
Click "Next". Select "Allow Traffic". Click Next. 24 Select the "All Jetdirect Management Services" service template.
Click "Next". Select "Allow Traffic". Click Next. 24 Select the "All Jetdirect Management Services" service template.
HP Jetdirect Security Guidelines
Page 26
Select "Drop". Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26
Select "Drop". Again, select "All Jetdirect Management Services" for the service template and then click "Next". Click "Next". 26
HP Jetdirect Security Guidelines
Page 28
... simply say that you are using IPsec, the packets are dropped by the IP layer. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Once the Security Wizard configuration has...
... simply say that you are using IPsec, the packets are dropped by the IP layer. Be sure that all IP addresses must use IPsec to Jetdirect without using HTTPS before navigating to have the Security Wizard for the default rule and then click "Add Rules...". Once the Security Wizard configuration has...
HP Jetdirect Security Guidelines
Page 29
Click "Next". Click "Next". 29 Select "Require traffic to be protected with an IPsec/Firewall Policy". Select "All Jetdirect Management Services".
Click "Next". Click "Next". 29 Select "Require traffic to be protected with an IPsec/Firewall Policy". Select "All Jetdirect Management Services".