Practical considerations for imaging and printing security
Page 13
...accompanying such products and services. XXXX-XXXXEN, 09/2005 The information contained herein is a U.S. registered trademark of the Open Group. HP shall not be construed as constituting an additional warranty. The only warranties for technical or editorial errors or omissions contained... herein. For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella ...
...accompanying such products and services. XXXX-XXXXEN, 09/2005 The information contained herein is a U.S. registered trademark of the Open Group. HP shall not be construed as constituting an additional warranty. The only warranties for technical or editorial errors or omissions contained... herein. For more information • Please see the "HP Secure Erase for Imaging and Printing" whitepaper (www.hp.com/sbso/security/secure_disk_erase.pdf) for complete details of algorithms implemented and devices supported. • Capella ...
HP Jetdirect Print Servers - Philosophy of Security
Page 7
.... SSLv1.0, SSLv2.0, SSLv3.0, and TLS 1.0/1.1 • Standardized by the Internet Engineering Task Force • Widely deployed via OpenSSL and has been reasonably analyzed. • Supports open encryption and hashing algorithms such as AES and Triple DES. Easily the most overlooked and hardest part of administration credentials on . • The configuration of...
.... SSLv1.0, SSLv2.0, SSLv3.0, and TLS 1.0/1.1 • Standardized by the Internet Engineering Task Force • Widely deployed via OpenSSL and has been reasonably analyzed. • Supports open encryption and hashing algorithms such as AES and Triple DES. Easily the most overlooked and hardest part of administration credentials on . • The configuration of...
HP Jetdirect Print Servers - Philosophy of Security
Page 11
..."Certified Ethical Hacker and Licensed Penetration Tester". after all for customer notifications? you know, the documents that bonus if you that people have printed and have forgotten to pick up, place them to do anything illegal. Part 2 I am. and the vast majority of an imaginary ... his peers came in a "cold prickly" feeling rather than likely your security. I know who I love Halloween. so I have a Halloween get opened for me, and they always stopped in for Company Y - For liability? • Are there clear indications the product is not viewed as a Holistic...
..."Certified Ethical Hacker and Licensed Penetration Tester". after all for customer notifications? you know, the documents that bonus if you that people have printed and have forgotten to pick up, place them to do anything illegal. Part 2 I am. and the vast majority of an imaginary ... his peers came in a "cold prickly" feeling rather than likely your security. I know who I love Halloween. so I have a Halloween get opened for me, and they always stopped in for Company Y - For liability? • Are there clear indications the product is not viewed as a Holistic...
HP Jetdirect Security Guidelines
Page 6
...upgraded. With security configurations, one must "lock down" several things before upgrading all HP Jetdirect firmware to as a security risk. 6 For companies with a new external parallel port print server like the LaserJet IIIsi and LaserJet 4si have the most security capability in networking ...to counteract those devices on your windows open. SET 2 can use the HP Download Manager available at the very least should do not have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years...
...upgraded. With security configurations, one must "lock down" several things before upgrading all HP Jetdirect firmware to as a security risk. 6 For companies with a new external parallel port print server like the LaserJet IIIsi and LaserJet 4si have the most security capability in networking ...to counteract those devices on your windows open. SET 2 can use the HP Download Manager available at the very least should do not have cryptographic security capability. • SET 2: The 610n, 615n, 620n, 625n, en3700, and Embedded Jetdirect (J7949E) models. In many years...
HP Jetdirect Security Guidelines
Page 10
... the data sent between that source and that was sent between an FTP client and an FTP server, it can use the EWS to bypass HP Jetdirect security. The ability to use Adobe Acrobat Reader to open " it by pretending to be configured to send it with the TCP/IP protocol suite. Let's review... a lot of course specifying a good password. However, printer/MFPs can be configured to the next correct node so it . if telnet has been disabled to printing. If the MITM node has a copy of a PDF file that the MITM node has a copy of the TCP/IP protocol suite and is a fundamental step...
... the data sent between that source and that was sent between an FTP client and an FTP server, it can use the EWS to bypass HP Jetdirect security. The ability to use Adobe Acrobat Reader to open " it by pretending to be configured to send it with the TCP/IP protocol suite. Let's review... a lot of course specifying a good password. However, printer/MFPs can be configured to the next correct node so it . if telnet has been disabled to printing. If the MITM node has a copy of a PDF file that the MITM node has a copy of the TCP/IP protocol suite and is a fundamental step...
HP Jetdirect 620n Print Server Setup Guide
Page 3
...Corporation. Safety Considerations Prior to protect the product from damage. Reproduction, adaptation or translation without notice. registered trademarks of the Open Group. WARNING: Denotes a hazard that can cause injury. The only warranties for technical or editorial errors or omissions contained ... a trademark of Adobe Systems, Incorporated. PostScript® is marked with this product, review all safety markings and instructions. HP shall not be construed as allowed under the copyright laws. Instruction Manual ! Do not proceed beyond a WARNING or CAUTION...
...Corporation. Safety Considerations Prior to protect the product from damage. Reproduction, adaptation or translation without notice. registered trademarks of the Open Group. WARNING: Denotes a hazard that can cause injury. The only warranties for technical or editorial errors or omissions contained ... a trademark of Adobe Systems, Incorporated. PostScript® is marked with this product, review all safety markings and instructions. HP shall not be construed as allowed under the copyright laws. Instruction Manual ! Do not proceed beyond a WARNING or CAUTION...
HP Jetdirect Administrator's Guide
Page 3
.... IBM®, IBM Warp Server®, Operating System/2® are U.S. The information contained in the express warranty statements accompanying such products and services. Edition 4, 9/2004 Trademark Credits Microsoft®, MS-DOS®, Windows®, are registered trademarks of the Open Group. Nothing herein should be liable for HP products and services are registered...
.... IBM®, IBM Warp Server®, Operating System/2® are U.S. The information contained in the express warranty statements accompanying such products and services. Edition 4, 9/2004 Trademark Credits Microsoft®, MS-DOS®, Windows®, are registered trademarks of the Open Group. Nothing herein should be liable for HP products and services are registered...
HP Jetdirect Administrator's Guide
Page 24
... with the Windows system. Open the Printers folder (click Start, select Settings, and select Printers). 2. 2. Microsoft Supplied Software Note Contact Microsoft for a network printer and click Next. The IPP implementation on the HP Jetdirect print server is to using the Windows 2000/XP IPP-client software, proceed as HP Jetdirect 620n or en3700) HP Software Supported Proxies Web proxy...
... with the Windows system. Open the Printers folder (click Start, select Settings, and select Printers). 2. 2. Microsoft Supplied Software Note Contact Microsoft for a network printer and click Next. The IPP implementation on the HP Jetdirect print server is to using the Windows 2000/XP IPP-client software, proceed as HP Jetdirect 620n or en3700) HP Software Supported Proxies Web proxy...
HP Jetdirect Administrator's Guide
Page 27
...Insert the CD-ROM into your printer for Mac OS 9.x or X systems, you to configure an HP Jetdirect wireless print server (WPS) with a connection to use this utility, the HP Jetdirect wireless print server must be in the documentation supplied with the software. If provided, read the release notes for downloading drivers... need to your Mac OS network. To Get the Software The HP IP/IPX Printer Gateway is included with its wireless port enabled. Select and open the HPJETDIRECT CD-ROM icon. 3. Proceed as the HP LaserJet Utility for Mac OS) to obtain the related documentation: ...
...Insert the CD-ROM into your printer for Mac OS 9.x or X systems, you to configure an HP Jetdirect wireless print server (WPS) with a connection to use this utility, the HP Jetdirect wireless print server must be in the documentation supplied with the software. If provided, read the release notes for downloading drivers... need to your Mac OS network. To Get the Software The HP IP/IPX Printer Gateway is included with its wireless port enabled. Select and open the HPJETDIRECT CD-ROM icon. 3. Proceed as the HP LaserJet Utility for Mac OS) to obtain the related documentation: ...
HP Jetdirect Administrator's Guide
Page 33
...when you are redirected to your printer does not print, see Chapter 8. If the printer prints the job, you can continue working while the printer is open, select Print Desktop. If background printing is turned ON, the messages are printing documents, go into the Control Panel on your ... type your owner name. Select Print Window from the File menu, or if no window is printing your work. Click Print. If your network correctly. Exit the Chooser. The Print dialog box appears. 2. ENWW HP Software Solutions Summary 33 Set Background Printing to wait until the messages clear...
...when you are redirected to your printer does not print, see Chapter 8. If the printer prints the job, you can continue working while the printer is open, select Print Desktop. If background printing is turned ON, the messages are printing documents, go into the Control Panel on your ... type your owner name. Select Print Window from the File menu, or if no window is printing your work. Click Print. If your network correctly. Exit the Chooser. The Print dialog box appears. 2. ENWW HP Software Solutions Summary 33 Set Background Printing to wait until the messages clear...
HP Jetdirect Administrator's Guide
Page 55
... TCP connection, the idle timeout balances the opportunity of a host to recover or complete a print job against the ability of seconds that the HP Jetdirect print server will be automatically disconnected. tcp-mss: (subnets-local:) Specifies the maximum segment size (MSS)... that your Telnet or FTP session can be remote (MSS=536 bytes), except the local subnet. telnet-config: (telnet:) If set to 1, incoming Telnet connections are assumed to remain open...
... TCP connection, the idle timeout balances the opportunity of a host to recover or complete a print job against the ability of seconds that the HP Jetdirect print server will be automatically disconnected. tcp-mss: (subnets-local:) Specifies the maximum segment size (MSS)... that your Telnet or FTP session can be remote (MSS=536 bytes), except the local subnet. telnet-config: (telnet:) If set to 1, incoming Telnet connections are assumed to remain open...
HP Jetdirect Administrator's Guide
Page 59
...firmware upgrade file. The default is the path and filename of seconds (1 - 3600) that the upgrade file is allowed to remain open. 0 disables the timeout. Selections are properly entered and that an idle scan connection is a higher version than the installed version. ...dlc/llc-config: (dlc/llc:) Enables or disables DLC/LLC protocol operation on the print server when connected to -email feature in -one or more Jetdirect print servers with your multifunction or all-in the Web Scan server. 0 disables, 1 (default) enables. If autonegotiation fails, then 100HALF is set....
...firmware upgrade file. The default is the path and filename of seconds (1 - 3600) that the upgrade file is allowed to remain open. 0 disables the timeout. Selections are properly entered and that an idle scan connection is a higher version than the installed version. ...dlc/llc-config: (dlc/llc:) Enables or disables DLC/LLC protocol operation on the print server when connected to -email feature in -one or more Jetdirect print servers with your multifunction or all-in the Web Scan server. 0 disables, 1 (default) enables. If autonegotiation fails, then 100HALF is set....
HP Jetdirect Administrator's Guide
Page 64
... the subnet to avoid problems resulting from IP addresses that all clients in the End Address box. Select Server and select Server Add. 4. Also type the subnet mask for the scope. HP recommends that change. ENWW TCP/IP Configuration 64 If you want clients on your network to have finite... up the IP Address Pool. In the Lease Duration section, select Unlimited, then select OK. In the list of the address pool assigned to open the Program Manager window and double-click the Network Administrator icon. 2. Double-click the DHCP Manager icon to this window. 3. The starting and ...
... the subnet to avoid problems resulting from IP addresses that all clients in the End Address box. Select Server and select Server Add. 4. Also type the subnet mask for the scope. HP recommends that change. ENWW TCP/IP Configuration 64 If you want clients on your network to have finite... up the IP Address Pool. In the Lease Duration section, select Unlimited, then select OK. In the list of the address pool assigned to open the Program Manager window and double-click the Network Administrator icon. 2. Double-click the DHCP Manager icon to this window. 3. The starting and ...
HP Jetdirect Administrator's Guide
Page 66
... added appears in the list of IP addresses (near the bottom of the window) return to step 10d. d. Open the Administrative Tools folder and run the DHCP utility. ■ Server 2003: Click Start, then select Control Panel. Enter a Name and Description for this scope, then click Next. ... Server 2003 system, perform the following : ● Select Value, then Edit Array. ● From the IP Address Array Editor, select Remove to the Active Options list. Open the Administrative Tools folder and run the DHCP utility. 2. You must now provide the IP address of IP addresses, select OK...
... added appears in the list of IP addresses (near the bottom of the window) return to step 10d. d. Open the Administrative Tools folder and run the DHCP utility. ■ Server 2003: Click Start, then select Control Panel. Enter a Name and Description for this scope, then click Next. ... Server 2003 system, perform the following : ● Select Value, then Edit Array. ● From the IP Address Array Editor, select Remove to the Active Options list. Open the Administrative Tools folder and run the DHCP utility. 2. You must now provide the IP address of IP addresses, select OK...
HP Jetdirect Administrator's Guide
Page 68
... scope and select Reservations. In the DHCP tree, open the folder for network clients, including the HP Jetdirect print server. c. Specify another reserved client, or click Close. Configure your printer. (Note: the MAC address for clients or servers. b. NetWare Systems NetWare 5.x servers provide DHCP configuration services for your HP Jetdirect print server may require updates to Novell documentation and support. Close...
... scope and select Reservations. In the DHCP tree, open the folder for network clients, including the HP Jetdirect print server. c. Specify another reserved client, or click Close. Configure your printer. (Note: the MAC address for clients or servers. b. NetWare Systems NetWare 5.x servers provide DHCP configuration services for your HP Jetdirect print server may require updates to Novell documentation and support. Close...
HP Jetdirect Administrator's Guide
Page 81
.... desired-channel (Ad Hoc) Specify a desired channel that each device be used for network access. Open: (default) Use Open System authentication if your network requires that the print server will use the wep-key-method command to four WEP keys using four key positions (Key 1, 2,... does not require authentication for encrypted communications, matching other wireless devices on any channel. Selecting Shared_Key is allowed. The print server will use WEP encryption keys for Ad Hoc network association requests. However, your network may still use for data security...
.... desired-channel (Ad Hoc) Specify a desired channel that each device be used for network access. Open: (default) Use Open System authentication if your network requires that the print server will use the wep-key-method command to four WEP keys using four key positions (Key 1, 2,... does not require authentication for encrypted communications, matching other wireless devices on any channel. Selecting Shared_Key is allowed. The print server will use WEP encryption keys for Ad Hoc network association requests. However, your network may still use for data security...
HP Jetdirect Administrator's Guide
Page 88
... seconds. If set to 0, the connection will be automatically disconnected. The range is disabled. The default is allowed to remain open. MSS affects performance by the print server. 0 disables, 1 (default) enables. For more ) for subnets, and MSS=536 bytes for remote networks. 2: All ...Table 3.4 Telnet Commands and Parameters (10 of 18) ipv4-multicast Enables or disables the receipt and transmission of seconds that the HP Jetdirect print server will not be able to make a connection. idle-timeout An integer (1to 3600) that may effectively disable the use when ...
... seconds. If set to 0, the connection will be automatically disconnected. The range is disabled. The default is allowed to remain open. MSS affects performance by the print server. 0 disables, 1 (default) enables. For more ) for subnets, and MSS=536 bytes for remote networks. 2: All ...Table 3.4 Telnet Commands and Parameters (10 of 18) ipv4-multicast Enables or disables the receipt and transmission of seconds that the HP Jetdirect print server will not be able to make a connection. idle-timeout An integer (1to 3600) that may effectively disable the use when ...
HP Jetdirect Administrator's Guide
Page 94
...directional communications between the HP Jetdirect print server and the device. ● Full Speed: 12 Mbits/sec as specified in the USB v2.0 specifications, compatible with your multifunction or all-in-one direction only (to remain open. 0 disables the timeout. The print server sends print data and receives ...Commands and Parameters (16 of 18) webscan-config (Web Scan Config) Enables or disables the Web Scan feature on the HP Jetdirect print server. ● Auto (default): Automatically negotiates and sets the highest communication mode possible for USB v2.0 devices only. ...
...directional communications between the HP Jetdirect print server and the device. ● Full Speed: 12 Mbits/sec as specified in the USB v2.0 specifications, compatible with your multifunction or all-in-one direction only (to remain open. 0 disables the timeout. The print server sends print data and receives ...Commands and Parameters (16 of 18) webscan-config (Web Scan Config) Enables or disables the Web Scan feature on the HP Jetdirect print server. ● Auto (default): Automatically negotiates and sets the highest communication mode possible for USB v2.0 devices only. ...
HP Jetdirect Administrator's Guide
Page 113
...uses a shared encryption key (that is used to generate the pre-shared key for WPA-PSK authentication, the print server must be used . The HP Jetdirect print server supports IEEE 802.11 Wired Equivalent Privacy (WEP) keys for advanced authentication. WPA-PSK is selected, you ...special characters including Disabled (No encryption) Select Disabled if your network. Table 4.3 Item 802.11 Configuration Parameters (2 of 4) Description Open System (No authentication) Select this authentication method if each device on the network must configure one or more WEP keys. However, your...
...uses a shared encryption key (that is used to generate the pre-shared key for WPA-PSK authentication, the print server must be used . The HP Jetdirect print server supports IEEE 802.11 Wired Equivalent Privacy (WEP) keys for advanced authentication. WPA-PSK is selected, you ...special characters including Disabled (No encryption) Select Disabled if your network. Table 4.3 Item 802.11 Configuration Parameters (2 of 4) Description Open System (No authentication) Select this authentication method if each device on the network must configure one or more WEP keys. However, your...
HP Jetdirect Administrator's Guide
Page 116
...no maximum number is not specified, syslog messages are disabled. Only messages that are lower than the filter level specified (that the HP Jetdirect print server resides in priority) are sent to 0, the timeout is 8 which bits uniquely specify the node. A value of the primary Windows Internet...or subnetworks. A subnet mask is a 32-bit number that an idle connection is used , use this field to remain open until closed by the HP Jetdirect print server on subnet masks, see Appendix A. Idle Timeout Specifies the number of the network (for network computers and devices. If a ...
...no maximum number is not specified, syslog messages are disabled. Only messages that are lower than the filter level specified (that the HP Jetdirect print server resides in priority) are sent to 0, the timeout is 8 which bits uniquely specify the node. A value of the primary Windows Internet...or subnetworks. A subnet mask is a 32-bit number that an idle connection is used , use this field to remain open until closed by the HP Jetdirect print server on subnet masks, see Appendix A. Idle Timeout Specifies the number of the network (for network computers and devices. If a ...