HP Secure Erase
HP Secure Erase implements the Department of Defense (DoD) 5220-22m specification for the
deletion of data from hard disk storage. DoD 5220-22m specifies an algorithm to repetitively
overwrite hard disk data sectors to remove all trace magnetic information.
For more information on HP Secure Erase, see Appendix B, "HP Secure Erase," on page 12.
Vulnerabilities, viruses, and worms
Vulnerability assessments are an integral step in HP's imaging and printing product development, and
as a result these devices have been affected little by the viruses and worms that afflict enterprise
networks. While the ingenuity of hackers continues to evolve, HP ensures its products meet the threat
posed by hostile network environments.
HP's Chai provides a means to extend an imaging and printing device's functionality. For example,
Capella Technologies' VeriUser Authentication is implemented as a Chailet. Access controls restrict
installation of Chailets to authorized administrators, however, as it is important to avoid installing
malware on PCs, Chailets should only be installed from known and trusted sources, such as HP and
Protect Information on the Network
Protecting Information on the Network insures that network communications between users,
administrators, the imaging and printing device, and the workflow are confidential and prevent
unauthorized modification by maintaining their integrity.
Network connectivity with HP Jetdirect devices
Network connectivity for HP imaging and printing devices is provided by the HP Jetdirect family of
products, including internal cards, external boxes, and embedded networking. HP Jetdirect provides
many secure network protocols and services, including:
802.1x for Wired
Provides access control to the Ethernet network. Network devices that are unable to authenticate
to the 802.1x authorization server have all network access denied. 802.1x can prevent
unauthorized users from attaching devices to the network as well as insure that only IT deployed
and trusted devices, such as those with virus protection software, are allowed access.
Allows for strong authentication, confidentiality, and integrity of communications, and can secure
network printing and scanning protocols. The HP Jetdirect 635n IPv6/IPsec and Gigabit Ethernet
internal print server, available November 2005, uses a cryptographic accelerator to provide
click-to-clunk performance that rivals unsecured protocols, and supports the IPsec implementations
available in all current major operating systems, including Windows, Unix®, and Linux®.
SNMPv3 and HTTPS
Provide secure management of the imaging and printing device. SNMPv3 provides strong
authentication and encryption of management communications and is used by HP Web Jetadmin
to provide fleet management of HP imaging and printing devices. HTTPS using SSL/TLS provides
security of web protocols and is used for secure management using the device's embedded web
server, as well as security of web services such as consumable reordering.
Secure IPP (IPP-S)
The secure form of the IPP protocol using SSL/TLS, secure IPP requires no additional configuration
and is primarily intended for small networks lacking sophisticated IT administration. While Secure
IPP may be used in large enterprise environments, IPsec is the recommended protocol for securing
printing and scanning functions.