HP LaserJet Pro M521 Manual

Hp commercial laserjet printers and mfps - imaging and printing security best practices.
Hide thumbs
HP Imaging and Printing Security Best Practices
Configuring Security for Multiple LaserJet MFPs and Color
LaserJet MFPs
Version 5.0 for HP Web Jetadmin 10
© Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P.

Advertising

   Related Manuals for HP LaserJet Pro M521

   Summary of Contents for HP LaserJet Pro M521

  • Page 1

    HP Imaging and Printing Security Best Practices Configuring Security for Multiple LaserJet MFPs and Color LaserJet MFPs Version 5.0 for HP Web Jetadmin 10 © Copyright 2005, 2007, 2009, 2010 Hewlett-Packard Development Company, L.P.

  • Page 2: Table Of Contents

    Table of Contents Table of Contents....................i Chapter 1: Introduction..................1 Cautions........................2 Follow the Checklist in Order..................2 Understand the Ramifications..................2 Continue to be Vigilant ....................2 MFP Environment ......................3 Assumptions........................3 Solutions covered ......................4 Organization .........................4 Chapter 2: Threat Model..................5 Spoofing Identity ......................5 Tampering with Data.......................6 Repudiation ........................6...

  • Page 3: Table Of Contents

    Printer Firmware Update .................... 41 Secure Disk Encryption Mode ..................41 Apply the Changes ....................42 Configuring MFP Fax Settings..................44 Configuring Fax Printing .................... 44 Apply the Changes ....................45 Additional Fax Configuration..................46 Configuring MFP Embedded Web Server Settings .............48 Embedded Web Server Configuration Options .............

  • Page 4: Table Of Contents

    Network Page Options ....................76 Security Page Options ....................79 Final Configurations ....................84 Overall Limitations ....................85 Chapter 8: Physical Security ................86 Chapter 9: Appendix 1: Glossary of Terms and Acronyms ........87 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 5: Chapter 1: Introduction

    Chapter 1: Introduction This document is a security checklist for the following HP MFP models:  HP LaserJet M3027 MFP HP LaserJet M3035 MFP  HP LaserJet 4345 MFP  HP LaserJet M4345 MFP  HP LaserJet M5025 MFP  HP LaserJet M5035 MFP ...

  • Page 6: Cautions, Follow The Checklist In Order, Understand The Ramifications, Continue To Be Vigilant

     HP Web Jetadmin Version 10.2 installed on a Windows XP or Windows Vista PC One of each supported MFP with the latest updated firmware found at hp.com  The process for configuring this checklist is developed using HP Web Jetadmin to manage all of the MFPs at the same time.

  • Page 7: Mfp Environment, Assumptions

    MFP Environment NIST defines several types of user environments, many of which are compatible with HP LaserJet and Color LaserJet MFPs. However, this checklist is written for MFPs in an enterprise environment or a small to medium business environment. These environments use most of the network features available with MFPs.

  • Page 8: Solutions Covered, Organization

    Solutions covered This checklist covers MFP security settings found in HP Web Jetadmin. This checklist covers no other solutions or applications. Organization This checklist includes the following chapters: Chapter 2: Threat Model: The Threat Model chapter explains the security circumstances ...

  • Page 9: Chapter 2: Threat Model, Spoofing Identity

    Chapter 2: Threat Model This section explains the types of security risks involved with operating MFPs in enterprise environments. As technology improves, malicious people (hackers) continue to find new ways to exploit networks. They are beginning to target MFPs and other network peripherals to misuse resources or to gain access to networks or the internet.

  • Page 10: Tampering With Data, Repudiation

    You can minimize the risks from identity spoofing in the following ways: Protect the from address field in the MFP Digital Sending and Fax configurations.  Protect MFP disk access.   Configure authentication. Configure the administrator password.  Configure SNMPv3. ...

  • Page 11: Information Disclosure, Denial Of Service

     Install Jetdirect 635n Print Servers or enable embedded IPSec to encrypt the data stream to include log data and file metadata (look for this product at hp.com or contact your hp product supplier).  Close unused ports and protocols. Save copies of log data at a separate location ...

  • Page 12: Elevation Of Privilege

     Causing interference with network communication to the MFP Changing the network location of the MFP  Causing an error state that interrupts service  Changing access configurations  Here are some methods of minimizing opportunities for denial of service on an MFP: Lock the control panel.

  • Page 13: Chapter 3: Basic Security For Multiple Mfps, Notes On The Process Of Configuration

    Chapter 3: Basic Security for Multiple MFPs This chapter explains how to configure security settings for one or more MFPs using HP Web Jetadmin. It assumes that you have taken or plan to take reasonable steps to secure the network environment in which your MFPs are operating.

  • Page 14

    log of the passwords in a safe place. Web Jetadmin will prompt for passwords during the configuration process if they are missing from the cache. CAUTION: Losing passwords can block access to an MFP. Be careful to record them in a safe place. It is most important to remember the Bootloader password.

  • Page 15: Getting Started Configuring Mfp Security Settings, Setting Up Hp Web Jetadmin

     Use meaningless random passwords. Passwords that are real words or phrases are easier to guess. The latest password cracking tools follow dictionaries to narrow down the possibilities.  Record the passwords in a safe but hidden place. The passwords are designed to restrict access to management options on the MFPs.

  • Page 16

    Figure 1: Web Jetadmin showing the device list on the default view. 2. Check to see that the MFPs you wish to configure appear in the Device Model List. If they are not in the list, use the Discovery options to find the MFPs on your network.

  • Page 17: Configuring Hp Secure Hard Disk

    4. Click the Config tab in the lower half of the Device List view to show settings available for configuration (Figure 3). Figure 3: The Config tab displays settings available for configuration. The Config tab contains all of the settings recommended in this checklist. Tip: If you are having a problem configuring a setting, try configuring it using the individual device’s configuration page.

  • Page 18

    Follow these steps to use Web Jetadmin to verify your HP Secure Hard Disk is installed and configured: 1. In the device list view, add the columns for Secure Disk and Secure Disk Status if they are not visible. First, right click on the column area to the right of the existing columns.

  • Page 19

    Figure 5: Shows how to add the Secure Disk and Secure Disk Status columns to the columns selected for display. 3. In the listing of printers, check the Secure Disk and Secure Disk Status columns. The Secure Disk column should indicate “Installed”. The Secure Disk Status column should indicate ”Encrypted”...

  • Page 20: Configuring Snmpv3

    Note: If your MFP is reporting an installed HP Secure Disk but its status is anything other than Encrypted it is recommended you resolve the issues with your HP Secure Disk before continuing this checklist. If you do not you may need to re-apply the entire checklist to the MFP. An example of an MFP with a HP Secure Disk Installed that is not configured properly is shown below (Figure 7).

  • Page 21

    Figure 8: The Security category and SNMP Version Access Control settings. 2. On the SNMP Version Access Control menu, and select the Enable SNMPv3 checkbox ( Figure 9 Figure 9: Shows Enable SNMPv3 selected. 3. Once Enable SNMPv3 has been selected, and fills in the New User, the New Authentication Passphrase, and the New Privacy Passphrase fields ) in the New SNMPv3 Credential section.

  • Page 22

    Figure 10: The Enable SNMPv3 option has been selected and the New SNMPv3 Credential section is complete. The New User Name field can be any name you choose. The New Authentication Passphrase field can be any word or phrase that is at least 8 characters.

  • Page 23

    4. Scroll down to the SNMPv1 Settings section, and select SNMPv1 disabled Figure 11 Figure 11: The SNMP Version 3 Only setting. This setting limits all SNMP configuration communication to only SNMPv 3. Once applied your MFPs will not allow SNMPv1 SET and SNMPv2 GET. 5.

  • Page 24

    Figure 12: The Configure Devices dialogue box. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 25

    6. Click the Configure Devices button to execute the configuration. The result of your configuration will be displayed when the configuration is complete (Figure 13). Figure 13: Shows a successful configuration result. If your configuration is not successful, you can click the Details button for more information on why the configuration failed.

  • Page 26: Configuring Mfp Device Settings, I/o Timeout To End Print Job, Job Hold Timeout

    Configuring MFP Device Settings The Device category includes settings that affect some of the normal use of the MFPs. The following settings affect how jobs are stored, and how long your MFP will wait before a job times out in a particular way. 1.

  • Page 27: Job Retention, Apply The Changes

    Figure 15: The Job Hold Timeout options. Job Retention 1. From the Device category, select Job Retention (Figure 16). 2. Click checkbox to select Job Retention (Error! Reference source not found.), and select Enabled. Figure 16: The Job Retention options. This allows users to store print jobs and fax jobs for printing at their discretion (when they can be present to control the printouts and keep them from view).

  • Page 28

    Figure 17: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 29: Configuring Mfp Network Settings, Enable Features

    Configuring MFP Network Settings The Network category on the Device tab provides options that relate to Jetdirect Print Servers. The security features you will be configuring restrict what methods are available for communication with your MFP over the network. Follow the instructions below to view and configure these options. 1.

  • Page 30

    Figure 19: The Enable Features option. 2. Next, select the print features you would like to enable or disable. The following table lists and explains the recommended settings for the Enable Features option: Feature Recommended Explanation Setting EWS Config Disabled*** Disabling EWS Config closes down the EWS and it ***NOTE:...

  • Page 31

    SLP Config Disabled Disabling SLP Config prevents access to configuration settings and other features through SLP. FTP Printing Disabled Disabling FTP Printing prevents access to configuration settings and other features through FTP. It also prevents printing through FTP. LPD Printing Disabled Disabling LPD Printing prevents access to...

  • Page 32

    WARNING: You will want to enable WS-Discovery on this printer if the following apply: You are using an IPv6 only network, you use WS-Print to discover your devices, or operate in a Windows Vista/ Windows 7 centric environment. If you are unsure of this setting, we highly recommend testing its implications with a single device before applying it to your whole fleet.

  • Page 33: Encrypt All Web Communication

    Figure 20: Review your Enable Features Configuration selections before configuring your devices. Encrypt all Web Communication This setting requires web browsers to use HTTPS when contacting the MFPs. This ensures secure communications with the MFP EWS. To enable this feature: 1.

  • Page 34: Encryption Strength

    Figure 21: Enabling HTTPS web communication. Encryption Strength The Encryption Strength setting allows you to choose the strength of the encryption algorithm used for communication between the MFP EWS and the web browsers connecting to it (this is related to the HTTPS Setting option above).

  • Page 35: Error Handling, Ipx Rcfg Support

    Figure 23: The Encryption Strength dropdown menu. Error Handling The Error Handling option (Figure 24) specifies how the Jetdirect Print Server handles error conditions. The settings are: Dump then Reboot does a memory dump them reboots. Reboot Without Dump reboots without dumping memory. Dump then Halt does a memory dump but does not do a reboot;...

  • Page 36: Job Timeout, Privacy Setting

    HP will not collect network-specific or personal data. For information on HP privacy policies, read the Hewlett-Packard Online Privacy Statement available by clicking privacy statement at http://www.hp.com. If you enable this feature, information collected by HP will be limited to the...

  • Page 37: Protocol Stacks

     Local language selections used for viewing Web pages Network communications protocols enabled  Network management interfaces enabled  Device discovery protocols enabled  Printing protocols enabled   TCP/IP configuration methods enabled SNMP control methods enabled   Wireless configuration methods enabled The MFP must have internet access to allow HP to collect information.

  • Page 38

    Figure 28: The Protocol Stacks options. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 39: Web Services Print

    The following table lists each protocol with the recommended setting and an explanation: Protocol Stack Recommended Explanation Setting IPX/SPX Leave blank to disable This setting disables access for Novell servers. TCP/IP Always Enabled. This is the normal operating protocol for the MFPs. DLC/LLC Leave blank to disable This setting enables the MFP to...

  • Page 40: Apply Your Changes

    Apply your Changes 1. Click the Apply button located in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 30). Figure 30: The Configure Devices dialogue box. 2.

  • Page 41: Configuring Mfp Security Settings, Bootloader Password

    Configuring MFP Security Settings The Security category includes many advanced security settings and password settings. If you are attempting to configure a setting that is in the Security category and not listed in this section, you should check the chapter on Advanced Security for multiple MFPs. To set the basic required settings in this category follow the steps in the sections below.

  • Page 42: Color Access Control, Control Panel Access

    Color Access Control The Color Access Control options (Figure 32) allow you to manage the usage of color printing supplies within your organization. If you wish to restrict access to color printing you can configure these settings to match your policy. Figure 32: The Color Access Control options.

  • Page 43: Embedded Web Password

    Figure 33: The Control Panel Access option. Note: This setting prevents access to configuration settings in the control panel, including digital send and fax settings. If you wish to make changes to settings in the control panel, unlock access using Web Jetadmin, make the changes, and then lock access again.

  • Page 44: Pjl Password

    2. Type a password of 8 to 16 characters in the Embedded Web Server Password field (you should always type the maximum number of characters for best security). This setting requires users to log on for parts of the EWS that provide configuration options.

  • Page 45: Printer Firmware Update, Secure Disk Encryption Mode

    Printer Firmware Update HP recommends updating firmware whenever new firmware is available, but you should keep Printer Firmware Update disabled until you plan to use it. To disable Printer Firmware Update: 1. Click to select Printer Firmware Update (Figure 36), and select Disable. Figure 36: The Printer Firmware Update option.

  • Page 46: Apply The Changes

    Figure 37: The Secure Disk Encryption Mode option. Apply the Changes 1. Click the Apply button located in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 38). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 47

    Figure 38: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 48: Configuring Mfp Fax Settings, Configuring Fax Printing

    Configuring MFP Fax Settings The Fax Category provides options for the analog fax functions. This includes settings to allow for printing fax jobs when the recipient is present and for restricting access to fax print jobs. Configuring Fax Printing Follow these instructions to configure Fax Printing: Note: Be sure to configure the MFPs for fax capabilities before continuing with the instructions below.

  • Page 49

    Note: This setting also enables PIN printing. 3. Select Store all Received Faxes. The Store all Received Faxes option holds incoming faxes for printing until someone enters the correct PIN number and selects the menu options at the control panel. This is considered the most secure mode of fax printing.

  • Page 50: Additional Fax Configuration

    2. Review your settings and then click the Configure Devices button to execute the configuration. Additional Fax Configuration Some of the newer MFPs or recently upgraded MFPs may contain options for setting and locking down the Fax speed-dial feature. This Fax feature is not yet accessible via Web Jetadmin 10.2. To set your MFP speed-dial options follow the steps below 1.

  • Page 51

    3. Set any speed-dials you wish to have by selecting the speed-dial number and clicking the Edit Speed Dial button (Figure 43). Figure 43: The Fax Speed Dials configuration button. 4. To keep speed-dial entries from being added or edited via the control panel input the number of the specific speed-dials you wish to lock.

  • Page 52: Configuring Mfp Embedded Web Server Settings, Embedded Web Server Configuration Options

    Configuring MFP Embedded Web Server Settings Embedded Web Server Configuration Options Each MFP has an Embedded Web Server that provides network access to view MFP status, to set preferences, and to configure the MFP. You can view an MFP Embedded Web Server by typing the MFP IP address into a web browser.

  • Page 53: Server Configuration

    Embedded Web Recommended Explanation Server Configuration setting Option Outgoing Mail (enabled by Enable as desired Outgoing Mail enables the default) MFP to send alerts and AutoSend messages to a designated recipient. This is not necessarily a security-related feature. Use it as you see fit. This setting does not affect the MFP Send to Email feature.

  • Page 54

    Continue Button (enabled by Select to enable Continue Button allows the default) MFPs to resume after an error has been cleared. Print Service (enabled by Leave blank to disable Print Service enables users default) to send print-ready files directly to an MFP without having the MFP installed on a computer.

  • Page 55: Configuring Mfp File System Settings, File System External Access

    2. Review your settings and then click the Configure Devices button to execute the configuration. Configuring MFP File System Settings The File system category provides settings for access to the MFP hard drive, the Compact Flash card, and optional data storage devices. Several security settings are available that can help prevent unauthorized access to data.

  • Page 56: File System Password

    protocol for the MFPs. PostScript Disabled Prevents access to the file system through this protocol. NOTE: Disabling PostScript may affect interactions with third party applications. File System Password When a File System Password is set, the MFPs will require the password whenever anyone or any device requests access to the storage devices.

  • Page 57: Secure File Erase Mode

    Secure File Erase Mode This setting determines the level of overwriting applied to delete files during routine functions. This includes removal of files for the Secure Storage Erase function. The settings are: Non-secure Fast Erase does a standard erase with no additional security. Secure Fast Erase overwrites files using one pass.

  • Page 58

    Figure 50: The Secure File Erase Mode setting. Apply the Changes 5. Click the Apply button located in the bottom right hand corner to apply the settings to the selected devices. This will open the configure devices dialogue box (Figure 51). Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 59

    Figure 51: The Configure Devices dialogue box. 6. Review your settings and then click the Configure Devices button to execute the configuration. Chapter 3 HP LaserJet and Color LaserJet MFP Security Checklist...

  • Page 60: Configuring Mfp Digital Sending Settings, Auto Reset Send Settings

    Configuring MFP Digital Sending Settings The Digital Sending category includes options for email and for send to network folder. This includes settings for protecting the sender identification fields. Note: Some security-related settings that do not apply to LaserJet and Color LaserJet MFPs might appear on the Digital Sending page.

  • Page 61: Default From Address, Apply The Changes

    Default From Address HP recommends configuring the default from address to ensure that no one can send email using false or misleading identification. If you are using LDAP Authentication, the MFP will use the email address of the authenticated user to replace the default from address. To configure the Default From: Address: 1.

  • Page 62: Configuring Final Settings, Disabling Direct Ports

    Figure 54: The Configure Devices dialogue box. 2. Review your settings and then click the Configure Devices button to execute the configuration. Configuring Final Settings Some of the MFP settings should be configured independently from other settings and only at the end of this checklist.

  • Page 63: Disabling Ews Config

    Figure 55: The Disable Direct Ports option. 2. Click to select the Disable Direct Ports option to the right. 3. Select Yes. 4. Click Apply at the bottom of the page. 5. Wait for a few minutes to allow all of the MFPs to restart. Do not continue until all of them are at the READY state.

  • Page 64

    Note: This setting disables configuration from the MFP EWS. It also disables all EWS-related settings from Web Jetadmin (they will disappear from Web Jetadmin menus). With this setting configured, the only way to make changes to the EWS settings again is to re-enable them using Web Jetadmin.

  • Page 65: Chapter 4: Advanced Security For Multiple Mfps, Access Control List (acl)

    Chapter 4: Advanced Security for Multiple MFPs This chapter gives some tips for configuring more advanced security settings for one or more MFPs using HP Web Jetadmin. These features should be set up before locking down your MFPs using the settings in the previous chapter.

  • Page 66

    Figure 57: The Configuration Categories Menu Network option. 2. Add an IP address or a net mask by filling in the IP Address or Mask fields. CAUTION: Be sure to include the IP address of the computer that is running Web Jetadmin (it can be a computer other than the one you are using).

  • Page 67: Authentication Manager

    Authentication Manager The Authentication Manager allows you to customize access to functions of the MFP. You can use these options to provide varying services to different groups of people. 1. Click to select Authentication Manager (Figure 58). Figure 58: The Authentication Manager options. Note: Be sure to select only the authentication features that you plan to configure for the MFPs selected.

  • Page 68

    Figure 59: The drop down menu for Log in at Walk Up. Choosing an authentication method for Log in at Walk Up causes the MFP to require everyone to log in for access to the control panel menus. You can choose to require further authentication for specific functions of the MFP.

  • Page 69

    Figure 60: The Group 1 PIN and Group 2 PIN Authentication options. Click to select PIN Authentication, and enter PINs as desired. Be sure to repeat the PINs exactly in the Confirm PIN fields. Note: If your network includes NTLM service, configure NTLM. This option specifies the authentication method to use when your MFP executes a send to folder job.

  • Page 70: Ldap

    LDAP If your network includes LDAP, configure the LDAP Authentication options (Figure 61). Figure 61: The Accessing the LDAP Server options. These settings enable the MFPs to require a user's logon credentials for use of the MFPs. This is related to the LDAP access options in the Digital Sending category, which enable the MFP to use the LDAP address book;...

  • Page 71: User Pin Authentication

    If you choose Simple for the bind method, usernames, email addresses, passwords, and other data will be sent over the LDAP protocol in clear text. Fill in the remaining fields according to your network configuration. If your network has Kerberos authentication capabilities, configure the Kerberos Authentication options.

  • Page 72: Chapter 5: Settings List, Recommended Settings, Initial Settings

    Chapter 5: Settings List This section is a complete list of the settings recommended in this checklist. This section does not include instructions or explanations. It is intended to be used as a check-off list of the recommended settings to help ensure that you complete the entire configuration. See the Network Security section (above) and the Ramifications section (below) for information on each setting.

  • Page 73

     Disable mDNS Config.  Disable IPV4 Multicast Config.  Disable WS-Discovery.  Enable HTTPS Setting to Encrypt all web communication.  Configure Encryption Strength to High.  Configure Error Handling  Disable IPX RCFG Support.  Configure Job Timeout. ...

  • Page 74: Digital Sending Page Options, Embedded Web Server Page Options, File System Page Options, Final Configurations

    Embedded Web Server Page Options  Configure Embedded Web Server Configuration options.  Enable Outgoing Mail.  Disable Incoming Mail.  Disable Cancel Job Button.  Disable Go Button.  Disable Command Invoke.  Disable Command Download.  Disable Command Load and Execute. ...

  • Page 75: Chapter 6: Default Settings

    Chapter 6: Default Settings: This chapter lists the default setting for each configuration in the checklist: Setting Default Setting Configure HP Secure Hard Disk Installed and Enabled Configure SNMPv3 (Security page). Not configured I/O Timeout to End Print Job Not configured Configure Job Hold Timeout.

  • Page 76

    IPX RCFG Support. Enabled Configure Job Timeout. Not Configured Set the privacy setting as desired. Not configured Configure Protocol Stacks. (See below) Disable IPX/SPX. Enabled Enable TCP/IP. Enabled Disable DLC/LLC. Enabled Disable AppleTalk. Enabled Web Services Print. Enabled Configure Bootloader password. Not configured Configure Color Access Control Not configured...

  • Page 77

    Disable Incoming Mail. Disabled Disable Cancel Job Button. Disabled Disable Go Button. Enabled Disable Command Invoke. Enabled Disable Command Download. Enabled Disable Command Load and Execute. Enabled Enable Continue Button. Enabled Disable Print Service. Enabled Configure File System External Access. (See below) Disable PJL.

  • Page 78

    Configure Auto Reset Send Settings to Delay Not configured, Delay default: 20 seconds before resetting the default settings, and type a number of seconds to delay. Configure Default From Address. Not configured Select Prevent user from changing the Default From Not selected Address.

  • Page 79: Chapter 7: Ramifications

    Chapter 7: Ramifications Raising the level of security on HP MFPs requires giving up some conveniences and usability. This section explains some of the compromises you can expect from configuring the settings recommended in this checklist. Keep in mind that this is not a comprehensive list. You should test each MFP in your network environment to understand the implications of these settings and configurations.

  • Page 80: Device Page Settings, Network Page Options

    Disabling SNMPv1 disables SNMPv1 GET and SNMPv2 SET commands. Any solution or software that requires SNMPv1 or SNMPv2 will not function. If you require these to be enabled be sure to set the community name to something that would be difficult to guess. Device Page Settings Set I/O Timeout to End Print Job.

  • Page 81

    Disable SLP Config. SLP Config accommodates software using SLP as a discovery  mechanism. For example disabling SLP Config on some Novell networks (depending on how Novell is configured) would cause Novell to not recognize the MFPs on the network. Thus, if your network uses these features of Novell, you should enable SLP Config.

  • Page 82

    HP to collect statistical data on the use of MFPs. HP uses such information to help improve the design and development of MFPs. HP will not collect network- specific or personal data. For information on HP privacy policies, read the Hewlett-Packard Online Privacy Statement available by clicking privacy statement at http://www.hp.com.

  • Page 83: Security Page Options

     Disable unused Protocol Stacks. These options provide for the various types of network communication to the MFPs. Closing down unused protocol stacks is affective toward better network security. See the ramifications of each option below: Disable IPX/SPX. IPX/SPX is the network protocol for Novell. Disabling it prevents ...

  • Page 84

    The maximum Control Panel Access Lock closes all access to the fax menu. This includes the options to Cancel All Pending Transmissions and Cancel Current Transmission. If you wish to provide these options, use Intermediate Lock. Configure the Embedded Web Server Password. The EWS password restricts access to ...

  • Page 85: Fax Page Options, Additional Fax Configuration, Embedded Web Server Page Options

    The Device Password is synchronized with the EWS password. If you change either of them, the MFP will change the other one to be the same. Disable Allow Use of Digital Send Service. HP Digital Sending Software is a useful tool ...

  • Page 86: File System Page Options

    Disable Incoming Mail. Some network solutions can send commands to the MFP via  email. If your network uses any of these solutions, you should enable Incoming mail. Otherwise, disable it as a best practice. This setting does not affect any other use of the MFP.

  • Page 87

    NOTE: Some storage management tools, such as the Web Jetadmin Device Storage Manager (a Web Jetadmin add-on available in the Product Update navigation mode), use some of these protocols to access the file system. You might consider enabling these protocols only to update configurations and then disable them during normal MFP operation.

  • Page 88: Final Configurations, Digital Sending Page Options

    ensures that the original data is destroyed. Secure Fast Erase mode overwrites files one time. It slows MFP performance a bit, but it provides reasonable security for most situations. Secure Sanitizing Erase overwrites files 3 times. It slows MFP performance considerably, but it provides even more assurance that the data is not recoverable.

  • Page 89: Overall Limitations

    Disable EWS Config. Disabling EWS Config removes the EWS from the network. They  become unavailable to everyone. This eliminates many risks to security. Since all of the EWS configuration settings are available in Web Jetadmin, there is no need to have them available anywhere else.

  • Page 90: Chapter 8: Physical Security

    Chapter 8: Physical Security Many of the most notable features of HP MFPs involve hard copy documents. MFPs can print them, scan them, send them to email, send them to network folders, send them to other printers, and fax them. Handling hardcopy documents can involve a variety of activities that can lead to compromise of data security: ...

  • Page 91: Chapter 9: Appendix 1: Glossary Of Terms And Acronyms

    Chapter 9: Appendix 1: Glossary of Terms and Acronyms The following table lists terms and acronyms found in this checklist: Term Description Access Control List. The ACL restricts network access to the MFP by allowing only those IP addresses or subnets that are listed in it. Analog fax Analog fax is fax functions via telephone lines.

  • Page 92

    Term Description Jetdirect Inside. Many of the MFPs include internal Jetdirect hardware as standard equipment. Other MFPs, such as HP Color LaserJet 9500 MFPs require EIO Jetdirect cards for network connectivity. Job Retention Job Retention is the MFP capability of storing print jobs or fax jobs for printing on demand at the control panel.

  • Page 93

    Microsoft® is a U.S. registered trademark of Microsoft Corporation. Adobe and PostScript are trademarks of Adobe Systems Incorporated. © Copyright 2005, 2006, 2009, 2010 Hewlett-Packard Development Company, L.P.

This manual also for:

Laserjet enterprise mfp m725

Comments to this Manuals

Symbols: 0
Latest comments: