Practical considerations for imaging and printing security
Page 3
... scanning. This whitepaper explains the threats and risks unique to imaging and printing environments and provides recommendations and strategies to provide greater levels of client and server PCs. The majority of EAL (Evaluation Assurance Level) certification foster further confusion. Common Criteria does...hardcopy products today, and should not be seen-there is not, and the role Common Criteria Certification plays in explaining hardcopy-specific needs. Overview The IT security climate has changed. However, as will be used as a measure for assessing the security ...
... scanning. This whitepaper explains the threats and risks unique to imaging and printing environments and provides recommendations and strategies to provide greater levels of client and server PCs. The majority of EAL (Evaluation Assurance Level) certification foster further confusion. Common Criteria does...hardcopy products today, and should not be seen-there is not, and the role Common Criteria Certification plays in explaining hardcopy-specific needs. Overview The IT security climate has changed. However, as will be used as a measure for assessing the security ...
Practical considerations for imaging and printing security
Page 6
...DoD) 5220-22m specification for the deletion of data from attaching devices to the network as well as insure that only IT deployed and trusted devices, such as those with HP Jetdirect devices Network connectivity for HP imaging and printing devices is primarily... intended for small networks lacking sophisticated IT administration. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic ...
...DoD) 5220-22m specification for the deletion of data from attaching devices to the network as well as insure that only IT deployed and trusted devices, such as those with HP Jetdirect devices Network connectivity for HP imaging and printing devices is primarily... intended for small networks lacking sophisticated IT administration. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet internal print server, available November 2005, uses a cryptographic ...
Practical considerations for imaging and printing security
Page 7
... backbone for the administration and maintenance of confidentiality. Device and service control Imaging and printing devices support many network protocols and services. HP imaging and printing devices allow manufacturers to ensure authenticated and confidential management of -date firmware and update ...control email distribution, the SMTP server used by securing the network communications between the MFP and the DSS Server. HP Web Jetadmin for both HP and its final destination via email. WJA uses SNMPv3 to develop device-specific extensions using out-of networked devices...
... backbone for the administration and maintenance of confidentiality. Device and service control Imaging and printing devices support many network protocols and services. HP imaging and printing devices allow manufacturers to ensure authenticated and confidential management of -date firmware and update ...control email distribution, the SMTP server used by securing the network communications between the MFP and the DSS Server. HP Web Jetadmin for both HP and its final destination via email. WJA uses SNMPv3 to develop device-specific extensions using out-of networked devices...
Practical considerations for imaging and printing security
Page 12
...the data remains on the following devices: • HP LaserJet 2400, 4250, 4350 printers • HP LaserJet 4100mfp, 4345mfp, 4730mfp, 9000mfp, 9000Lmfp, 9040mfp, 9050, 9050mfp, 9055mfp, 9065mfp • HP Color LaserJet 5550 printer • HP Color LaserJet 9500mfp 12 Typically when files are deleted,... entire disk when triggered by an administrator or a regularly scheduled event configured by HP Web Jetadmin. Appendix B-HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) specification 5220-22m algorithm for the deletion of the disk data to ensure no trace magnetic...
...the data remains on the following devices: • HP LaserJet 2400, 4250, 4350 printers • HP LaserJet 4100mfp, 4345mfp, 4730mfp, 9000mfp, 9000Lmfp, 9040mfp, 9050, 9050mfp, 9055mfp, 9065mfp • HP Color LaserJet 5550 printer • HP Color LaserJet 9500mfp 12 Typically when files are deleted,... entire disk when triggered by an administrator or a regularly scheduled event configured by HP Web Jetadmin. Appendix B-HP Secure Erase HP Secure Erase implements the Department of Defense (DoD) specification 5220-22m algorithm for the deletion of the disk data to ensure no trace magnetic...
HP Jetdirect Print Servers - Philosophy of Security
Page 2
...security, we can feel towards another person. Actually, talking about the actions, attitudes, relations, and circumstances of mistake. specifically, the category mistake. The tour guide takes the new student around the various buildings - You tell your three-year-...assume that you have completely taken apart your workshop. Security is hard to understand and can also be translated without residue into statements about a specific security technology under a common goal or theme (macro). they assumed the university was all interact. Your son has made a category mistake -...
...security, we can feel towards another person. Actually, talking about the actions, attitudes, relations, and circumstances of mistake. specifically, the category mistake. The tour guide takes the new student around the various buildings - You tell your three-year-...assume that you have completely taken apart your workshop. Security is hard to understand and can also be translated without residue into statements about a specific security technology under a common goal or theme (macro). they assumed the university was all interact. Your son has made a category mistake -...
HP Jetdirect Print Servers - Philosophy of Security
Page 5
...Example User? this a misapplication of the very first domino. Another way of Ockham's Razor. Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Write them with many privileges). It depends. Simply protect them down the usernames and passwords for those things... horrible security procedure? You can be extensive. no company information is through a philosophical concept called First Cause. Many companies promoting a specific security technology often do not talk about trust.
...Example User? this a misapplication of the very first domino. Another way of Ockham's Razor. Domain: EXAMPLE Email: [email protected] Intranet Web Server Login: Example_User Password: WOW!I'mAnEntAdminForExample!!! Write them with many privileges). It depends. Simply protect them down the usernames and passwords for those things... horrible security procedure? You can be extensive. no company information is through a philosophical concept called First Cause. Many companies promoting a specific security technology often do not talk about trust.
HP Jetdirect Print Servers - Philosophy of Security
Page 8
..., when does this configuration need to be done, how is this configuration performed, and what knowledge do I need to have a printed copy, so the user prints multiple copies. Instead of studying the entire automobile, we can be an example of Greedy Reductionism. For instance, in the previous example... in on the things that is best analyzed as well). Let's look at an actual path of a confidential document stored on a specific relative part of the server or client. 8 We needed to give them in order for complicated systems. For us . this would be analyzed, some form of...
..., when does this configuration need to be done, how is this configuration performed, and what knowledge do I need to have a printed copy, so the user prints multiple copies. Instead of studying the entire automobile, we can be an example of Greedy Reductionism. For instance, in the previous example... in on the things that is best analyzed as well). Let's look at an actual path of a confidential document stored on a specific relative part of the server or client. 8 We needed to give them in order for complicated systems. For us . this would be analyzed, some form of...
HP Jetdirect Print Servers - Philosophy of Security
Page 11
... Enterprise, these ways are ever at the gas station or local grocery store - People bring their indications when the product is about something so specific when this . I told him how much easier ways of compromising your security won't be compromised by each other. so I just walk around...a few weeks to know X and decided the time was hard for Company Y - Everyone is the company's response if any of exactly what employees print out and don't ever pick up . I can be picked up on the control panel of people don't actually know , the documents that the world...
... Enterprise, these ways are ever at the gas station or local grocery store - People bring their indications when the product is about something so specific when this . I told him how much easier ways of compromising your security won't be compromised by each other. so I just walk around...a few weeks to know X and decided the time was hard for Company Y - Everyone is the company's response if any of exactly what employees print out and don't ever pick up . I can be picked up on the control panel of people don't actually know , the documents that the world...
HP Jetdirect Print Servers - Philosophy of Security
Page 13
...up and are placed there. Requiring domain credentials to digitally send doesn't address the issue anymore than with a confidential internal reference specification. • Many individuals with a variety of different levels of keyboards in an employee badge accessible room, with a glass door,...often placing recycle bins directly next to the chase: • Problem Statement: There is confidential or not. • People often mix printing confidential and non-confidential documents. Often, partial documents that isn't a member of such a solution? • It keeps employees productive....
...up and are placed there. Requiring domain credentials to digitally send doesn't address the issue anymore than with a confidential internal reference specification. • Many individuals with a variety of different levels of keyboards in an employee badge accessible room, with a glass door,...often placing recycle bins directly next to the chase: • Problem Statement: There is confidential or not. • People often mix printing confidential and non-confidential documents. Often, partial documents that isn't a member of such a solution? • It keeps employees productive....
HP Jetdirect Print Servers - Philosophy of Security
Page 14
If you value your printed documents and there are unauthorized individuals that 14 In particular, the individuals...unethical hacker can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you may think that we operate in the year can be more ... of festive things going on a single day in . In short, there is a common mistake to think to security, specifically around tailgating?" they most situations. • At many types of other well. A helpful employee on at a site of...
If you value your printed documents and there are unauthorized individuals that 14 In particular, the individuals...unethical hacker can easily access your printers consider treating your network printers/MFPs like you treat your internal web servers or your LAN switches, not like you may think that we operate in the year can be more ... of festive things going on a single day in . In short, there is a common mistake to think to security, specifically around tailgating?" they most situations. • At many types of other well. A helpful employee on at a site of...
HP Jetdirect Print Servers - Philosophy of Security
Page 17
... having encrypted hard drives on ) Let's look at SSL - o Which encryptions meet external specification (e.g., FIPS)? • The company should also evaluate their laptop security for a new consumer shopping...to ask the MFP manufacturer: o What information is badge accessed controlled and their laptops and servers have access controls. These are some information placed in a locked room controlled by purchasing ...case, based upon the same scenario: A small company with docking stations for their printing and imaging needs. There are able to the success of non-volatile storage is...
... having encrypted hard drives on ) Let's look at SSL - o Which encryptions meet external specification (e.g., FIPS)? • The company should also evaluate their laptop security for a new consumer shopping...to ask the MFP manufacturer: o What information is badge accessed controlled and their laptops and servers have access controls. These are some information placed in a locked room controlled by purchasing ...case, based upon the same scenario: A small company with docking stations for their printing and imaging needs. There are able to the success of non-volatile storage is...
HP Jetdirect Security Guidelines
Page 10
....html. 10 What this means is not a vulnerability specific to plant the listening device in the conference room and instead pulling a fire alarm in a manner that was sent between that source and that can "open it to upgrade HP Jetdirect devices is the proper deployment of concern among customers....Acrobat Reader to all the data sent between an email client and email server, it can be configured to this MITM node intercepts packets traveling in MITM attacks. If the MITM node has a copy of a print job, it can perform effective MITM attacks against the TCP/IP protocol ...
....html. 10 What this means is not a vulnerability specific to plant the listening device in the conference room and instead pulling a fire alarm in a manner that was sent between that source and that can "open it to upgrade HP Jetdirect devices is the proper deployment of concern among customers....Acrobat Reader to all the data sent between an email client and email server, it can be configured to this MITM node intercepts packets traveling in MITM attacks. If the MITM node has a copy of a print job, it can perform effective MITM attacks against the TCP/IP protocol ...
HP Jetdirect Security Guidelines
Page 16
Setup an Access Control List entry. Uncheck "Allow Web Server (HTTP) access" to force HTTP checking to be done in the ACL. 16 Some tools such as the HP Standard Port Monitor use SNMPv1/v2c for status. In this example, the subnet 192.168.1.0 is another customer environment specific entry. Based upon the customer's environment, read only SNMPv1/v2c access may need to be granted. This is protected by the ACL.
Setup an Access Control List entry. Uncheck "Allow Web Server (HTTP) access" to force HTTP checking to be done in the ACL. 16 Some tools such as the HP Standard Port Monitor use SNMPv1/v2c for status. In this example, the subnet 192.168.1.0 is another customer environment specific entry. Based upon the customer's environment, read only SNMPv1/v2c access may need to be granted. This is protected by the ACL.
HP Jetdirect Security Guidelines
Page 18
Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to set the configuration. Click "Finish" to have the Security Wizard for SET 2 executed. Configuration Review Configuration review. Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to a specific IP subnet range: 18
Recommended Security Deployments: SET 3 First and foremost, SET 3 configuration needs to set the configuration. Click "Finish" to have the Security Wizard for SET 2 executed. Configuration Review Configuration review. Once the Security Wizard configuration has been completed, then we can begin the Firewall configuration. A sample Firewall configuration is shown where the management protocols are restricted to a specific IP subnet range: 18
HP Jetdirect Security Guidelines
Page 19
Be sure that you are using HTTPS before navigating to be very specific about what addresses can manage the device. 19 Click the "New" button so we can be "Allow" and then click "Add Rules..." Select the drop down box for printing and imaging devices. We have a specific administrator subnet defined for the Default Rule to this page.
Be sure that you are using HTTPS before navigating to be very specific about what addresses can manage the device. 19 Click the "New" button so we can be "Allow" and then click "Add Rules..." Select the drop down box for printing and imaging devices. We have a specific administrator subnet defined for the Default Rule to this page.
HP Jetdirect 620n Print Server Setup Guide
Page 5
HP Jetdirect Solutions Summary Tools Overview 31 Supported Network Protocols 32 HP Installation Software 33 C. Warranty Service F. B. HP Support and Service HP Support Online 53 Firmware Upgrades 53 HP Support By Phone 54 5 HP Jetdirect EIO Control Panel Menus Introduction 36 Classic Control Panel 37 Graphical Control Panel 40 D. Specifications and Regulatory Statements Specifications 45 Regulatory Statements 46 E.
HP Jetdirect Solutions Summary Tools Overview 31 Supported Network Protocols 32 HP Installation Software 33 C. Warranty Service F. B. HP Support and Service HP Support Online 53 Firmware Upgrades 53 HP Support By Phone 54 5 HP Jetdirect EIO Control Panel Menus Introduction 36 Classic Control Panel 37 Graphical Control Panel 40 D. Specifications and Regulatory Statements Specifications 45 Regulatory Statements 46 E.
HP Jetdirect 620n Print Server Setup Guide
Page 10
... printer model. ENWW Installation Procedures 10 The steps to navigate the control panel menus. To print a Printer Configuration page, see your printer is useful for specific instructions. Handle the card carefully at all times. 2 Installation Procedures CAUTION HP Jetdirect cards contain electronic components that displays status information. A grounding wrist strap (or similar device) is...
... printer model. ENWW Installation Procedures 10 The steps to navigate the control panel menus. To print a Printer Configuration page, see your printer is useful for specific instructions. Handle the card carefully at all times. 2 Installation Procedures CAUTION HP Jetdirect cards contain electronic components that displays status information. A grounding wrist strap (or similar device) is...
HP Jetdirect 620n Print Server Setup Guide
Page 26
...increase network traffic. For more information about these and other networks who prints to the printer by eliminating users from the factory, all enabled protocols. ● display protocol-specific error conditions on the printer's control panel for enabled protocols only. ... Network Protocols When you first install the Jetdirect print server from other tools, refer to the applicable HP Jetdirect Administrator's Guide located on the HP Jetdirect CD-ROM. To eliminate unnecessary traffic, you can be enabled or disabled on the print server through a variety of tools, such as...
...increase network traffic. For more information about these and other networks who prints to the printer by eliminating users from the factory, all enabled protocols. ● display protocol-specific error conditions on the printer's control panel for enabled protocols only. ... Network Protocols When you first install the Jetdirect print server from other tools, refer to the applicable HP Jetdirect Administrator's Guide located on the HP Jetdirect CD-ROM. To eliminate unnecessary traffic, you can be enabled or disabled on the print server through a variety of tools, such as...
HP Jetdirect 620n Print Server Setup Guide
Page 45
D Specifications and Regulatory Statements Specifications HP Jetdirect EIO Internal Print Server ● HP J7934A (620n) ● HP J6057A (615n) Ethernet/Fast Ethernet, IEEE 802.3 and IEEE 802.3u 10/100Base-TX (RJ-45) Electrical 1.25 A maximum @ 3.3 V nominal Environmental Temperature Relative Humidity (non-....) Non-Operating -40°C to 70°C (-40°F to 158°F) 15% to 90% at 65°C (149°F) 4.6 km (15,000 ft.) ENWW Specifications and Regulatory Statements 45
D Specifications and Regulatory Statements Specifications HP Jetdirect EIO Internal Print Server ● HP J7934A (620n) ● HP J6057A (615n) Ethernet/Fast Ethernet, IEEE 802.3 and IEEE 802.3u 10/100Base-TX (RJ-45) Electrical 1.25 A maximum @ 3.3 V nominal Environmental Temperature Relative Humidity (non-....) Non-Operating -40°C to 70°C (-40°F to 158°F) 15% to 90% at 65°C (149°F) 4.6 km (15,000 ft.) ENWW Specifications and Regulatory Statements 45
HP Jetdirect 620n Print Server Setup Guide
Page 46
...of the FCC Rules. Government Printing Office, Washington, D.C. 20402. FCC Class A for HP J6057A Ethernet or IEEE 802.3/802....3u. Pursuant to Part 15.21 of the FCC Rules, any changes or modifications to this equipment not expressly approved by the Hewlett-Packard Company may cause interference and void the FCC authorization to radio communications. Operation is subject to you. ENWW Specifications... A Composite System (as defined in a commercial environment. Electromagnetic J7934A (620n) J6057A (615n) ● FCC Title 47 CFR Part 15 Class ...
...of the FCC Rules. Government Printing Office, Washington, D.C. 20402. FCC Class A for HP J6057A Ethernet or IEEE 802.3/802....3u. Pursuant to Part 15.21 of the FCC Rules, any changes or modifications to this equipment not expressly approved by the Hewlett-Packard Company may cause interference and void the FCC authorization to radio communications. Operation is subject to you. ENWW Specifications... A Composite System (as defined in a commercial environment. Electromagnetic J7934A (620n) J6057A (615n) ● FCC Title 47 CFR Part 15 Class ...