Security Features
Page 3
... IPSec 22 Encrypt web communications ...22 Access control list...22 802.1X authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL...
... IPSec 22 Encrypt web communications ...22 Access control list...22 802.1X authentication ...23 2.4 Protected data in HP printers...53 Appendix 1 - HP DesignJet Printers Security Settings Table of Contents 1. Security concepts explanation...5 2.1 Device security...5 UEFI secure boot...5 Firmware protection ...5 2.2 Device configuration protection ...6 Disable protocols...6 SNMP compatibility ...7 Disable connectivity interfaces...8 Control Panel Access ...10 SCL...
Security Features
Page 5
...printer with the UEFI specification. Firmware protection All HP portfolio use signed firmware package, that means firmware packages are digitally signed by HP. The installation should always be used in HP printers). HP DesignJet Printers Security Settings 1. Please make the HP DesignJet and PageWide XL printer series ... values (Section 2, Security concepts explanation). • Description of ports used by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Non-configurable feature. It is really important to keep them ...
...printer with the UEFI specification. Firmware protection All HP portfolio use signed firmware package, that means firmware packages are digitally signed by HP. The installation should always be used in HP printers). HP DesignJet Printers Security Settings 1. Please make the HP DesignJet and PageWide XL printer series ... values (Section 2, Security concepts explanation). • Description of ports used by HP DesignJet and PageWide XL printers as any firmware and install only those signed by the HP Code Signing group. Non-configurable feature. It is really important to keep them ...
Security Features
Page 6
... sending files via ftp or connecting through the Mgmt. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control...) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to...
... sending files via ftp or connecting through the Mgmt. HP DesignJet Printers Security Settings • Protect the EWS access with an admin account (see section 2.2.6, Embedded Web Server (EWS) access control). • Disable the firmware upgrade from USB (see section 2.2.7, USB drive control...) • Use the Automatic Firmware Upgrade to download the firmware. 2.2 Device configuration protection Disable protocols In some cases, you might want to...
Security Features
Page 10
...them to define an administrator account and password. Administrators can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some printers, when setting an Embedded Web Server...the HP Web Jetadmin or the printer's Embedded Web Server (depending on the printer model). This feature prevents unauthorized users from the T1200 Embedded Web Server as shown below : 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades...
...them to define an administrator account and password. Administrators can specify the level of the device. HP DesignJet Printers Security Settings Control Panel Access The DesignJet and PageWide technologies allow the printer administrator to lock some printers, when setting an Embedded Web Server...the HP Web Jetadmin or the printer's Embedded Web Server (depending on the printer model). This feature prevents unauthorized users from the T1200 Embedded Web Server as shown below : 10 Currently, there are : • Network connectivity & Internet connectivity • Control firmware upgrades...
Security Features
Page 13
Control Panel Access Lock). Access Control page a. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is placed in the Setup tab, in method is Local device, local accounts that have access ... for specific tasks and restrict user access by role. Sign-in methods This section shows the enabled sign-in methods that are available on the firmware version), defining which applications are stored on the product's hard disk. 13 This function allows you can be used to sign in to the device...
Control Panel Access Lock). Access Control page a. HP DesignJet Printers Security Settings 2.2.1.2 Access Control The Access Control page is placed in the Setup tab, in method is Local device, local accounts that have access ... for specific tasks and restrict user access by role. Sign-in methods This section shows the enabled sign-in methods that are available on the firmware version), defining which applications are stored on the product's hard disk. 13 This function allows you can be used to sign in to the device...
Security Features
Page 20
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the firmware from a USB. In cases where an administrator password...
HP DesignJet Printers Security Settings • These limitations do not apply to printers without touchscreen front panels, as the password can be set , the administrator password will be required to print or scan. • Firmware upgrade from USB: enable or disable the possibility of upgrading the firmware from a USB. In cases where an administrator password...
Security Features
Page 23
.... 802.1X authentication 802.1X is repeatedly overwritten using AES 256-bit encryption. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer, you do not allow partial or guest access, then the print server may lose your... initial 802.1X settings before connecting to 0. There are erased. CAUTION! When the Secure Sanitizing Erase feature is then overwritten. HP DesignJet Printers Security Settings regardless of disk media. Host systems that have access are specified by clearing the Check ACL for devices that might...
.... 802.1X authentication 802.1X is repeatedly overwritten using AES 256-bit encryption. Temporary data remains on the print server model and firmware version. 2.4 Protected data in the printer, you do not allow partial or guest access, then the print server may lose your... initial 802.1X settings before connecting to 0. There are erased. CAUTION! When the Secure Sanitizing Erase feature is then overwritten. HP DesignJet Printers Security Settings regardless of disk media. Host systems that have access are specified by clearing the Check ACL for devices that might...
Security Features
Page 25
...using the same 3 options that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will be restored to perform it. The time that the three options are called Insecure Mode... before this action will take depends on the amount of the feature in Web Jetadmin. The printer will display a progress bar until complete. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that ...
...using the same 3 options that you have entered the Service Menu with the help of an HP Support representative, you can perform the Secure Disk Erase using the selected method, and the printer's firmware will be restored to perform it. The time that the three options are called Insecure Mode... before this action will take depends on the amount of the feature in Web Jetadmin. The printer will display a progress bar until complete. HP DesignJet Printers Security Settings • Printer Front Panel access: Once you have in the front panel is Disk Wipe DoD 5220.220M, and that ...
Security Features
Page 35
... to configure the e-mail server on the Setup Page. This option is now available in the accounting file sent by e-mail from automatically performing firmware upgrades. 35 HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the printer.
... to configure the e-mail server on the Setup Page. This option is now available in the accounting file sent by e-mail from automatically performing firmware upgrades. 35 HP DesignJet Printers Security Settings You can check at any later time that only the data (counters) relevant for billing are being sent by the printer.
Security Features
Page 44
.../WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device security - HP DesignJet Printers Security Settings 4.
.../WJA + EWS/WJA + EWS Jetdirect Jetdirect N/A N/A N/A N/A EWS/FP Yes Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware Upgrade (AFU) No N/A N/A N/A N/A N/A EWS/FP N/A N/A EWS EWS EWS EWS Device security - Large Format printers: security features summary GRAPHIC PRINTERS Model Z6XX0 D5800 Z5400 Z3200 Z2100/Z5200ps Z2600/Z5600 Z6/Z9+ Device security - HP DesignJet Printers Security Settings 4.
Security Features
Page 46
HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable...
HP DesignJet Printer Series Security Settings TECHNICAL PRINTERS Model T7X00 T3500 T2500/T1500/T920 T2530/T1530/T9 T2300/T1300 30 T790/T795 T120/T520 SNMP configurability EWS EWS/FP/WJA EWS/FP/WJA UEFI Secure Boot N/A Whitelisting N/A Disable firmware update through USB N/A Automatic Firmware No Upgrade (AFU) Yes N/A EWS/FP Yes N/A N/A EWS/FP Yes Disable...
Security Features
Page 49
.../WJA + EWS/WJA + Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Data security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
.../WJA + EWS/WJA + Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Data security - Authentication NTLM N/A N/A N/A N/A N/A N/A N/A N/A Data security - HP DesignJet Printer Series Security Settings OLDER TECHNICAL AND GRAPHIC PRINTERS Model SNMPv3 UEFI Secure Boot Whitelisting Disable Firmware update through USB Automatic Firmware Upgrade (AFU) Disable protocols Disable interfaces Control panel lock EWS multilevel Printer access control Disable...
Security Features
Page 50
...N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security- Device configuration protection Disable protocols ...N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security...
...N/A N/A N/A N/A N/A N/A T620 N/A WJA/FP N/A N/A N/A N/A PAGEWIDE XL PRINTERS Model HP PageWide XL 8000/5000/4600/4500/4100/4000/3900 Printer Device security- Device configuration protection Disable protocols ...N/A N/A N/A N/A N/A N/A N/A N/A N/A Document security - HP DesignJet Printer Series Security Settings Model Secure file erase Secure disk erase T1200 WJA WJA/FP Exclude personal info. Device integrity SNMPv3 EWS/WJA UEFI Secure Boot Yes Whitelisting Disable firmware (F/W) update through USB Automatic Firmware Upgrade (AFU) No FP/EWS/WJA Yes Device security...
Security Features
Page 54
...Configuration [EWS] > Network > Security > IPsec/Firewall [EWS] > Setup > Scan to SMB destination). Access to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. This port can be used for Kerberos authentication. Many SNMP Management utilities can be able to send ... configure and query the status of a printer. Used by any SNMP Management utility. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP...
...Configuration [EWS] > Network > Security > IPsec/Firewall [EWS] > Setup > Scan to SMB destination). Access to the Automatic Firmware Upgrade host (under hp.com), performing connectivity tests. This port can be used for Kerberos authentication. Many SNMP Management utilities can be able to send ... configure and query the status of a printer. Used by any SNMP Management utility. HP DesignJet Printer Series Protocol/Function Port TFTP (Trivial File Transfer Protocol) configuration file HP Jetdirect XML services UDP 69 TCP 80, 8080 AFU, Connectivity Test TCP 80 Kerberos TCP...
Security Features
Page 58
... for updated information on a fleet of printers. For instance, HP Web Jetadmin can be used to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 Each version of the Manageability Contract builds on... carry out the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/wja.html Manageability contract for additional functionalities. This includes device configuration, alerts subscription, and printer status information. HP DesignJet Printer Series Security Settings Appendix 1 - This...
... for updated information on a fleet of printers. For instance, HP Web Jetadmin can be used to email Enable printer firmware update Yes Device status & alerts Yes Yes Firmware upgrade Yes Yes 58 Each version of the Manageability Contract builds on... carry out the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/wja.html Manageability contract for additional functionalities. This includes device configuration, alerts subscription, and printer status information. HP DesignJet Printer Series Security Settings Appendix 1 - This...
Security Features
Page 59
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
... System Log Server Info Webservice Print TCP\IP Domain Suffix Upload CA Certificate Upload JetDirect Certificate Proxy Server MC DJA 2.0 - HP DesignJet Printer Series MC DJA 1.0 Device identification System Contact System Location Asset Number Company Name Contact Person Device Name Device settings Control... Color Copy Option Control Panel Access EWS Password Enable Host USB Enable Save to email ePrint settings Security settings Enable firmware update File system password Erase all stored files Access control for device functions Device user accounts J8022E networking settings Security ...
Security Features
Page 60
...Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 This tool can be downloaded at the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to monitor compliance with user defined security policies. Policy compatibility features (HP DesignJet... Security Checks Check for Latest Firmware Check for updated information on how to the network. JetAdvantage Security Manager The HP JetAdvantage Security Manager is a fleet...
...Firmware External Connections Host USB Plug and Play Logging System Logging Stored Data Y Y Y Y N Y N N Read only enabled Y Y Y Y Y N N Y Y Y N N Y Y N N Y 60 This tool can be downloaded at the following link: http://www8.hp.com/us/en/solutions/business-solutions/printingsolutions/security_manager.html Please refer to monitor compliance with user defined security policies. Policy compatibility features (HP DesignJet... Security Checks Check for Latest Firmware Check for updated information on how to the network. JetAdvantage Security Manager The HP JetAdvantage Security Manager is a fleet...
Security Features
Page 61
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
... AppleTalk DLC/LLC Novell (IPX/SPX) Security Settings Y Y Y Y Y Y Y N N N N N Y Y N Y N Y Y Y Y Y Y Y Y Y Y N Y Y Y Y Y Y Y Y N N N 61 HP DesignJet Printer Series File Erase Mode Device Discovery Service Location Protocol (SLP) IPv4 Multicast LLMNR WS-Discovery Bonjour Network Security Internet Protocol Security (IPsec)/Firewall FIPS... control List Network Services Novell Remote Config (RCFG) Telnet TFTP Configuration File HP Jetdirect XML Services Certificate Management Service FTP Firmware Update Web Require HTTPS redirect HTTPS Web Encryption Settings Web Encryption Strength Ciphers TLS 1.2...
Security Features
Page 74
... Security features can be automatically added into the Security Manager as soon as a read only partition. 74 Only forward firmware security upgrades Behavior of the firmware that prevents installation of the BIOS. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to...
... Security features can be automatically added into the Security Manager as soon as a read only partition. 74 Only forward firmware security upgrades Behavior of the firmware that prevents installation of the BIOS. HP DesignJet Printer Series Security Settings Device protection related BIOS BIOS The BIOS (basic input/output system) is the program used to...
Security Features
Page 75
...will allow configuration changes to features that wants to interact with several printers, HP recommends using server data. In the event of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for ... the printer administrator to upgrade the printer or multi-function printer firmware. It requires that no malicious code can be installed. It also requires a tool to generate reports using the HP Web Jetadmin software to define which Front Panel menus and applications ...
...will allow configuration changes to features that wants to interact with several printers, HP recommends using server data. In the event of the printers. HP DesignJet Printer Series Security Settings Remote firmware upgrade This service allows an administrator to configure the printer to check for ... the printer administrator to upgrade the printer or multi-function printer firmware. It requires that no malicious code can be installed. It also requires a tool to generate reports using the HP Web Jetadmin software to define which Front Panel menus and applications ...