they are trusted to establish a print connection, they are trusted to print. Some additional protections
can be provided, in the form of Color Access Controls using HP's Universal Print Driver (UPD), which
allow an administrator to control the amount of color being used by a user. In addition, HP's Web
Jetadmin includes functionality called Report Generator which facilitates reports on users and their
how their printing behavior. This functionality is useful for auditing and understanding printer usage.
HP Jetdirect Hacks: Password and SNMP Community Names
HP Jetdirect password and SNMP Community Name behavior has definitely evolved over the years.
An excellent resource for the history and current behavior is located here:
In short, keep your firmware updated on your HP Jetdirect, use the latest client software from HP, and
upgrade to the latest Web Jetadmin management software. After you have upgraded all software
and firmware, change your passwords on these devices to something new. This process will help
make your HP Jetdirect devices behave the same regarding their password handling.
To better protect passwords from passive sniffing, consider using SSL/TLS. SET 2/3/4 support
automatic redirection to SSL/TLS and prevents HTTP from being used to access the EWS (if the
administrator so desires). However, when using SSL/TLS, be sure to update the HP Jetdirect
certificate to a certificate issued by a trusted CA to properly avoid MITM attacks. Also, consider
migrating to SNMPv3. HP Web Jetadmin can be configured to use SNMPv3 automatically. HP
Jetdirect devices that belong to SET 2, 3, or 4 support SNMPv3.
HP Jetdirect Hacks: Firmware Upgrade
A nice overview of the various methods used by HP Jetdirect to upgrade firmware is described here:
All HP Jetdirect firmware files follow the same basic format: a recovery partition and a main
functionality partition. In case of an upgrade programming failure (due to a network outage, client
lockup, printer powered down during the upgrade, etc...), HP Jetdirect will be able to recover, albeit
with less functionality. This behavior allows an administrator to restart the upgrade process from the
recovery partition and regain full functionality without having to contact HP support.
There are three common ways of updating HP Jetdirect firmware:
HP Download Manager / HP Web Jetadmin
Embedded Web Server
When using HP Download Manager or HP Web Jetadmin, the application issues an SNMP SET to the
HP Jetdirect device. If the application has proper credentials, it can populate the firmware upgrade
MIB table with TFTP server information. HP Jetdirect uses this information to start a TFTP client and
pull down the download file. These applications use the well-known default SNMP community names.
However, if an administrator has configured the SNMP SET community name, then the application
must know it to successfully set the TFTP MIB objects for firmware upgrade. Customers can also utilize
SNMPv3 for additional security and HP Web Jetadmin makes using SNMPv3 easy. Also note that
applications such as the HP Download Manager and HP Web Jetadmin are digitally signed by
Hewlett-Packard as proof of their source.
The ability to use FTP to upgrade the firmware of HP Jetdirect devices is described here:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=bpj07129. At the
end of the document is a Security section detailing the security precautions available for FTP firmware
upgrades. Essentially: if a password has been specified, it is required to be entered to utilize FTP