HP J3111A - JetDirect 600N Network Card Manuallines page 8
Security guidelines
Hide thumbs
Also See for J3111A - JetDirect 600N Network Card:
- White paper (20 pages) ,
- Appendix (13 pages)
Table of Contents
Advertisement
Which hosts need to print?
Only computers on the same subnet as HP
Jetdirect
Ten or less individual computers on different
subnets
All hosts in the company.
Because there are many print protocols supported over TCP, the next logical step is to disable all print
protocols that the administrator doesn't use. How to disable these protocols can be found in the
administrative guidelines for the appropriate product SET.
It is important to note that all TCP/IP traffic to any device (not just HP Jetdirect) that is not
cryptographically protected is subject to IP address spoofing and Man-in-the-Middle (MITM) attacks.
These attacks can target any TCP/IP traffic. Also, some cryptographic protections can be used but
may not be deployed correctly. For instance, if you are relying on SSL/TLS to protect your data, you
need to have the certificates used by SSL/TLS to be properly signed by a trusted Certificate Authority.
Otherwise, SSL/TLS is subject to MITM attacks as well because it depends on a robust PKI to
successfully authenticate the server endpoint (and optionally the client endpoint).
What about the user at work that is allowed to print but keeps changing the display or doing other
mischief with the printer using TCP Port 9100? Well, that really is no different then if they were
printing personal items at work, running the printer out of consumables with large print jobs, etc... If
Options
Option 1) For SET 1/2/3/4. Eliminate the
default gateway (set to 0.0.0.0). This
doesn't prevent HP Jetdirect from
receiving packets from other subnets,
but does prevent the responses from
returning to those remote subnets. As a
result, TCP connections cannot be
formed.
Option 2) For SET 1/2/3/4. Setup an
access control list with the IP address
and mask for the local subnet.
Option 3) For SET 3. Setup a rule to
protect print traffic using the Firewall.
Option 4) For SET 4. Setup a rule to
protect print traffic using the IPsec.
Option 1) For SET 1/2/3/4. Setup an
access control list for each individual IP
address with a mask of
255.255.255.255.
Option 2) For SET 3. Setup a rule to
protect print traffic using the Firewall
Option 3) For SET 4. Setup a rule to
protect print traffic using IPsec
Option 1) For Set 1/2/3/4. Setup an
access control list for the network ID
assigned to your company. As an
example, for HP's internal network,
there would be two entries: IP - 15.0.0.0
mask - 255.0.0.0 and IP -16.0.0.0 mask
- 255.0.0.0.
Option 2) For SET 3. Setup a rule to
protect print traffic using the Firewall
Option 3) For SET 4. Setup a rule to
protect print traffic using IPsec
Table 5 – Access Control
8
Hide quick links:
Advertisement
Table of Contents
