HP Designjet Printer series
Contents
1. Applications Detailed Info Capabilities Troubleshoot Firmware Apply Template View History Customize 3 Refresh My Settings Device Network Unlock Security Minimum Lock Access Control List Control Panel Access O Moderate Lock DEHE Disable Direct Ports Q Intermediate Lock Embedded Web Server Pass Get Community Name Maximum Lock PJL Password Printer Firmware Update Set Community Name SNMP Version Access Control Embedded Web Server File System This option can be enabled from the T1200 Embedded Web server as shown below HP Designjet T1200 PostScript Security Windows Internet Explorer QUO http 16 23 45 148 hp device webAccess indexhtm content security 4 x SB Googie amp dip Favorites sly 2 4shared com free file sh FilmJabber com Recent B HP Drivers E Get More Add ons v GHP Designjet T1200 PostScript Security th gt gt D dA v Pager Safetyy Tools v A HP Designjet T1200 PostScript t m NPIAG343D 16 23 45 148 Printer status Replace G cartridge 3 Pin setup Configuration Securi H Printer settings y Date amp Time Access control is currently disabled To enable access control you must set the administrator user account E mail server Maintenance Firmware update Paper preset management Check to disable or uncheck to enable connectivity options If any of them are changed the print2. Once the EHD is installed on a particular printer it becomes fully tied to it It is not possible to move the same EHD to another HP Designjet printer without losing the stored information When the printer detects an EHD that has been installed on a different printer it will display a warning If you then decide to go ahead and use the EHD on a different printer the printer will erase the contents of the EHD once again using the highly secure DoD 5220 22 M process The EHD has its own software based encryption mechanism that prevents anyone from reading the contents of the EHD for instance by plugging it into a PC The encryption system is not a standard system and cannot be considered as an extremely secure encryption mechanism such as the standard encryption system DES RSA FIPS 140 but it does add a level of security that makes it difficult to read the contents by simply connecting the disk to a PC The EHD is not intended to be used as an USB memory stick that is to copy documents from a PC then plug it into the printer in order to print them 3 21 Jetdirect Security Wizard HP T920 T1500 T2500 T3500 The HP Jetdirect Security Configuration Wizard enables you to configure security settings for HP Jetdirect print server management There are 3 levels of Network Security that can be set 27 HP Designjet T1500 PostScript Basic Configure an Admin password which is shared on other tools such as Telnet and SNMPv1 v2 Enha
3. Your job wil be stored in the printer and will not be printed until you retrieve it from the printer s front panel using the four digit PIN you define below Once printed it is automatically removed from the printer Job Storage Mode User Name User name Print and Store Custom Print and Delete Retrieve from front panel Personal Job Retrieve from front pane Private Job Job Name O Automatc PIN to print 0000 9999 Custom Print and Store e After a job has printed it is stored in the printer more copies can then be printed from the front panel Print and Delete e Once printed the job is automatically removed from the printer Retrieve from Front Panel Personal Job e Use the personal job printing feature to specify a job cannot be printed until you release it from the printer s front panel e To preview it in the Embedded Web Server you will need to enter the PIN Retrieve from Front Panel Private Job e Use the private printing feature to specify that a job cannot be printed until you release it with a PIN First select Retrieve from Front Panel Private Job and then the Pin to Print checkbox will be available If checked a 4 digit personal identification number must be set The PIN is sent to the device as part of the print job After sending the print job to the device use the PIN to print the job Once printed it is automatically removed from the printer e To preview it in the Embedded
4. she Favorites is 4shared com free file sh Filmlabber com Recent H HP Drivers Get More Add ons v HP Designjet T1200 PostScript Security NPIAG343D 16 23 45 148 Configuration Printer settings E mail server Date amp Time Maintenance Firmware update Paper preset management Printer status Replace G cartridge 3 Check to disable or uncheck to enable connectivity options If any of them are changed the printer will automatically restart Disable on boar au Disable USB Note To disable this interface you should access the EWS through a different network interface Control Panel Access Lock Select an option to set the level of the control panel access lock Unlock Minimum Lock Moderate Lock Intermediate Lock Maximum Lock G Local intranet Protected Mode Off 0O Jie http 1623 45 148 hp device webAccess index htmicontent security amp op access x amp sly Favorites 4 4shared com free file sh Ay Filmlabber com Recent lg HP Drivers 6 Get More Add ons v HP Designjet T1200 PostScript Security A O d v Pager Safety Toos Gv NPIA6343D 16 23 45 148 Configuration Printer settings E mail server Date amp Time Maintenance Firmware update Paper preset management Printer status Replace G cartridge 3 User name New password Confirm password Set the administrator use am
5. Secure Fast Erase and Secure Sanitizing Erase there is also the option to sanitize the whole disk The sanitizing method removes any user data in a secure manner so that the device can safely be moved from a secure location to an unsecure location All disk erasing will be carried out via the same level of security erase This setting can only be used via Web JetAdmin or the Front Panel Service menu which is only accessible with the help of an HP Support representative e HP Web JetAdmin access The user interface that manages the Secure File Erase and Secure Disk Erase functionality is the HP Web JetAdmin This is the same functionality that is used in the Web JetAdmin device plug ins for LaserJet printers which enables you to set the same global options across your fleet of HP LaserJets and HP Designjets The following example shows how to configure the HP Designjet T2300 using the Web JetAdmin Note that in the Web JetAdmin this option is called Secure Storage Erase HP Web Jetadmin localhost 0 A CUN GEEEEEEEEENEEEEEEEMMMEEREEUI File View Tools Help Device Management a All Devices 1 of 3 Selected EMM Overview amp Layouts Y Filters Fis o g EJAT Devices 0 fF Error Devices 2 Device Model IP Address IP Hostname Port Any Sev Hardware Address a Warning Devices 0 E HP Designjet T2300 PostScript 16231331 aparedesemea 1 Q 0026558804BF WE HP Designjet T7100ps 16 23 56 125 printcornerb2 3
6. elei esee esee eeee eene eene ern nennen ne th nenne nns nn nnns 20 3 6 Disable connectivity interfaces 21 3 7 Disable protocols oie esr EIE EORR 22 3 8 Pfeeee E E E E A 22 3 9 SNMP W3 naa 6 23 3 10 CA JD CertifiCates ht erret bee e eret traten e aieo edd bee e e 24 3 11 Hide IP from front panel e ase iria Eun aae ERR ERR i iiaae 24 3 12 Encrypt web communications 24 3 13 Disable USB drive ic o 25 3 14 Disable firmware update through USB 25 3 15 Disable direct print using ePrint amp Share 25 3 16 Disable ePrint Center connectivity 26 3 17 User SESSIONS aisre essnee 26 3 18 Disable internet connectieeeeeeeeeggggg 26 3 19 Printer Access Control e 26 3 20 External hard disk EBD 2 icio ote tti p ere vitro ur etre aan Reine La ci brin peo o debe dud 26 3 21 Jetdirect Security Wizard HP T920 T1500 T2500 T3500 27 3 22 Job storage and PIN printing coercere kiero cnr eara uenia 28 3 23 Self Encrypted hard disk tiere ve tei ere ado ctevsadestassedact arae dace va ctv Casu Ta ce gs 29 5 Other security features available only through JetDirect 30 4 1 iid ciuile M M 30 4 2 802 1X AuthentiCatiOn cierre eter en reo duae eve eV KEAR eR EE ERN ERE REN Eii Ens 30 G gt GLOSSARY Rt 31 HP Designjet Printer Series Security
7. A N A Self Encrypted hard disk N A N A N A N A Communications security IPSec EWS EWS EWS WJA EWS WJA JetDirect EWS WJA JetDirect Wizard setup SNMPv3 EWS EWS EWS EWS WJA JetDirect EWS WJA JetDirect CA JD Certificates EWS WJA EWS WJA EWS WJA EWS JetDirect EWS JetDirect Encrypt web comms EWS WJA EWS WJA EWS WJA EWS WJA JetDirect EWS WJA Jetdirect NTLM N A N A N A N A N A HP Designjet Printer Series Security Settings LS 17x00 ras00 T2500 T1500 T gt 59 77300 ommo 1120 7520 Hide information to user Control panel lock EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS multilevel EWS FP WJA EWS FP WJA EWS FP E T EWS 1 level Exclude personal info EWS EWS WJA EWS WJA EWS EWS N A from accounting Job storage and PIN printing Job retention Disable features Disable USB drive EWS FP WIA EWS FP WIA EwS FP EWS FP Disable F mes EWS FP EWS FP EWS FP EWS FP Disable interfaces EWS EWS FP WJA EWS FP WJA EWS FP USB EWS FP USB EWS FP printing only printing only a manly i dud idi connectivity EWS FP WIA EWS FP WIA EWS FP EWS FP EWS FP connection Disable protocols EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA eae ny a bai HP Designjet Printer Series Security Settings Communications security configuration requires IPSec EWS EWS FP WJA EWS FP WJA EWS WJA EWS WJA Jetdirect accessory WS HP Designjet Printer Series Security Settings T1100 Hide information to user dd ad
8. Held Timeout LJ feature Job Retention LJ feature Multicast DNS mDNS NTLM PJL Password LJ feature Remote Firmware Upgrade LJ feature Simple Network Management Protocol SNMP SNMPv3 Subnet 32 Security Settings A web based fleet management software tool for remote installation configuration problem resolution proactive management and reporting For more information go to www hp com go webjetadmin A one to many transmission of data over an IP network Internet Protocol Security IPsec is a suite of protocols for securing Internet Protocol IP communications by authenticating and encrypting each IP packet of a data stream IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session In our case IPsec is used to protect data flows between the host and the printer This feature is part of the Job Retention feature It limits a held job to the selected time and then the printer deletes it You should select a reasonable timeout value for this setting to allow enough time for a user to walk to the printer to print a job or to allow time for jobs to print in a queue This feature provides job retention options such as private job and hold job You will be able to ensure that they are present during printing to provide privacy for documents in the printer output bins Also kn
9. T1200 PostScript NPIA6343D 16 23 45 148 Printer status S Replace G cartridge 3 Sees setup Configuration S 5 ecurity Printer settings H Access Control Access control is currently disabled To enable access control you must set the administrator user account rver Date amp Time Maintenance Connectivi Paper preset management Check to disable or uncheck to enable connectivity options If any of them are changed the printer will automatically restart Disable on board Gigabit Ethernet gi Disable USB Note To disable this interface you should access the EWS through a different network interface Control Panel Access Lock Select an option to set the level of the control panel access lock 9 Unlock Minimum Lock Moderate Lock Intermediate Lock Maximum Lock Local intranet Protected Mode Off fg v 100 v If you enable or disable a connectivity option the printer will automatically restart Keep in mind that disabling a connectivity option could cut off network access to the printer As a security measure you cannot disable the connection that you use to access the Embedded Web server Note If the printer s front panel becomes locked and you are unable to unlock it then you should contact HP support as soon as possible 21 HP Designjet Printer Series Security Settings 3 7 Disable protocols In some cases you might want to disable all protocols that you do not plan to u
10. level You must then provide the Admin password in order to perform any of the following restricted operations 16 de htm rententsjok DQ oc fest ppt test pete teat pote testi pote test pete tesz pete test pptx teal pptx teari pore test ppt test Cee tes opte tei oet amp Filmlabber com Recent gt I HP Drivers ge Get More Add ons gt 1623451 M The server 16 23 45 IR ENNO EWS requires usemame acd passwor Warning This server is requesting that your username and passweed be sent in an insecure manner basie axthenbration vethout a secure connecbon User name s Password Remember my password Corned Cancel delete or preview a job in the job queue Delete a stored job Clear accounting information Change printer settings on the Device Setup page Update printer firmware Change the printer s date and time Change security settings View protected printer information pages Move to froat 7o Payer Setyo Tooke T glalggrt Printer status B Replace G cartridge 4 vere 17 07 09 14 48 Y7 07 08 14 48 17 07 09 1448 17 07 09 1448 1707 09 14 48 17 07 09 14 45 ITTO 14 48 Vr07 09 14 48 17 07 09 14 37 17 07 09 14 37 177009 1437 17 07 09 1437 Y7 07 08 1437 ketresn HP Designjet Printer Series 17 Security Settings GJON Jie ttp 16 23 45 148 hp device webAccess indexhtm content security x amp
11. 6 23 58 133 HP001279433A3 1 001279433A3C HP LaserJet 4350 16 23 56 140 ben03032 esp hp 1 001279DEEACC Wa Ungrouped Devices 44 HP LaserJet P3005 16 23 58 162 npi8d7694 emea 1 e 00215A8D7684 ff Groups HP Color LaserJet 4600 162356148 bpo430esphpc 1 0001E8529005 E T HP LaserJet 4050 16236069 npi2d289a emea 1 0030C12D289A E Alerts TL HP LaserJet M4345 MFP 16235855 npi90d76d emea 1 Q 001708900760 x Hg Firmware S HP Designjet Z3200ps 44in Photo 16 2259 163 Ip4l9 emea hpac 1 Q O040CAA1A664 Reports HP Designjet T1100ps 24in 16 23 59 106 pr 203 emea hpg 1 4 0040CA9BF701 J HP LaserJet 4100 MFP 16235621 troya22lesphp 1 amp 00306ECDB7C1 HP LaserJet M3035 MFP 16 23 61 106 npi8219a5 emea 1 e 001708821945 HP Color LaserJet 5500 16 23 56 228 ben03021 esp hp 1 00110AF20B43 HP Designjet 800PS 162356213 bcn02142esphp 1 Q 0030C18C3260 Status Config Alerts Groups Reports Supplies Storage Applications Detailed Info Capabilities Troubleshoot Firmware J Apply Template fii View History Customize Refresh Quick Device Discovery p Set Community Name 4 A System File System Password 2 EMIL Save as Template l Apply 10 AP Web Jetadmin H1 LXV cL 11 50 HP Designjet Printer Series Security Settings 3 2 Secure Disk Erase In either of the two secure methods described above
12. HP Designjet Printer series Security features ECE HP Designjet Printer Series 2014 Hewlett Packard Development Company L P Reproduction adaptation or translation without prior permission is prohibited except as allowed under the copyright laws The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein July Edition Version 6 Security Settings HP Designjet Printer Series Security Settings Table of Contents 1 Introduction amp Qverview cete ites stavaseeadasciaaed 4 2 Security features available for Large Format Printers 4 3 Security features available for Large Format sScanners 9 4 Security Concepts e xplanatiggggggg 10 3 1 Secure File deles e e 10 3 2 Secure Disk Erase c estet RO Ie e ev 11 3 3 Control Panel Access LOCK 2 rt etii ea RE E sdeventacessnsesedesesbaesedens ERER RiR 14 3 3 1 Deadlock Front Panel locked EWS password forgotten 15 3 4 Embedded Web Server EWS multilevel access 16 3 4 1 Administrator pass wor d 16 3 4 2 Guest passWOFd ain tnn 18 3 5 Exclude personal info from accounting
13. SNMP Trap Destination T V FTP Printing System Contact E System Location V LPD Printing System Name V 9100 Printing TCP Idle Timeout TCP IP Configuration Met VI mDNS Config Upload CA Certificate V IPv4 Multicast Config 4 D T 3 8 IPSec A Firewall or IP Security IPsec policy enables you to control traffic to or from the device by using network layer protocols Either a firewall or IPsec firewall pages will appear depending on whether IPsec is supported by the print server and device If IPsec is not supported firewall pages will be displayed and a firewall policy can be configured Please note Before you enable a firewall or IPsec policy you should make sure that access to your configuration management settings is secured for example through an administrator password This will ensure that your policy is not easily disabled through Telnet control panel menus or other management tools Firewall Use this page to view or configure a firewall policy A firewall policy consists of up to 10 rules where each rule specifies the IP addresses and services that are allowed by the print server and device To add a rule click Add Rule This setting runs a wizard that will help you to configure each rule 22 HP Designjet Printer Series Security Settings IPsec Firewall Use this page to view or configure an IPsec firewall policy An IPsec firewall policy consists of up to 10 rules As with a firew
14. Settings 1 Introduction amp Overview This document provides an overview of the security features supported by HP Designjet printers as of January 2014 The security features described in this document make the HP Designjet printer series particularly well suited for deployment in environments where network data and access control security are important The following is a table summarizing the new and existing security features of HP Designjet printers series and how they are implemented using the Embedded Web Server and or HP Web JetAdmin WJA Please make sure that your printer has the latest firmware version to benefit from all security features Note If your printer is not listed in the table then these features are not implemented 2 Security features available for Large Format Printers Hide information to user ee si pid Hide IP from Front Panel FP FP EWS FP N A N A FP A RENE ENS i EH E iu x ais E jd from accounting Job Storage Mode and N A N A N A N A N A PIN printing Disable features ME id Se dci Disable firmware F W update thru USB eee Disable interfaces EWS EWS EWS FP USB N A N A printing only connection ee connectivity Disable protocols EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA configuration HP Designjet Printer Series Security Settings Data access Secure file erase WJA WJA WJA WJA WJA Z2100 only Secure disk erase WJA FP WJA FP WJA FP WJA FP N A External HDD YES YES N A N
15. TTP connections such as web browser or IPP connections are allowed access regardless of ACL entries This allows hosts to access the device when proxy servers or Network Address Translators NATs are used However unfiltered access by HTTP hosts may be disabled by clearing the Check ACL for HTTP checkbox Host systems that have access are specified by their IP host or network address If the network contains subnets an address mask may be used to specify whether the IP address entry is for an individual host system or a group of host systems For an individual host system the mask 255 255 255 255 is assumed and is not required CAUTION You may lose your ability to communicate with the device if your system is not properly specified in the list or access through HTTP is disabled If communication with the device is lost then it may be necessary to restore the network settings to their factory default values 4 2 802 1X Authentication 802 1X is an IEEE Standard for port based Network Access Control It provides an authentication mechanism for devices that want to connect to a LAN For most 802 1X networks the infrastructure components such as LAN switches must use 802 1X protocols to control a port s access to the network If these ports do not allow partial or guest access then the print server may need to be configured with your 802 1X parameters prior to connection To configure initial 802 1X settings before connecting to your net
16. Web Server in the Front Panel you will need to enter the PIN Note Some Multifunction devices include Scan Job storage that has two options Scan and delete job is not stored in the scan job queue and Scan and store the job is kept in the scan job queue 28 HP Designjet Printer Series Security Settings 3 23 Self Encrypted hard disk The Self Encrypted hard disk ensures data is automatically encrypted every time data is sent to the printer and is written to the drive This is achieved using AES 256 bit and FIPS 140 encryption that ensure that data can t be read or extracted from the HDD Hard disk is protected also with an ATA password that is unique for each printer and changeable when required using EWS setup tab This feature allows customers to update HDD password based on their IT security policy periodically 29 HP Designjet Printer Series Security Settings 5 Other security features available only through JetDirect Some security features are available only after installing a JetDirect 640n or similar internal print server 4 1 Access Control list This feature lets you determine the access control list ACL which is used to specify the IP addresses on your network that are allowed access to the device The ACL is normally used for security purposes and supports up to 10 entries The device blocks communications from all other addresses If the list is empty any system is allowed access By default host systems with H
17. all policy each rule specifies the IP addresses and services that are allowed by the print server and device With IPsec support you can apply IPsec authentication and encryption protocols for those addresses and services To add a rule click Add Rule This runs a wizard that will help you to configure each rule For a detailed description of wizard settings and additional help visit Jetdirect IPsec Firewall Help 3 9 SNMPv3 You can enable and disable the SNMP v3 agent from your printer You may set up an account that allows a management application to access the SNMP v3 agent Networking Configuration l Mgmt Protocols TCP IP Settings Other Settings Security SNMPv1 v2 Settings s Enable SNMPv1 v2 read write access Authorization Set Community Name Confirm Set Community Name Diagnostics Get Community Name Network Statistics Confirm Get Community Name Protocol Info C Disable SNMPv1 v2 default Get Community Name of public Configuration Page D Enable SNMPv1 v2 read only access J Disable SNMPv1 v2 SNMPv3 Enable SNMPv3 User Name Authentication Protocol Mp5 Passphrase Privacy Protocol DES Passphrase Context Name To enable or change an SNMPVv3 setting values must be entered in all three fields 23 HP Designjet Printer Series Security Settings 3 10 CA JD Certificates You can request in
18. ctivity Disable internet connection e Minimum Lock This option denies access to the Reset options Enable Disable connectivity options and the Service Menu Note When the Moderate or Maximum locks are set you will not able to load unload paper or replace printheads ink cartridges without first unlocking the front panel and so these options should only be set in specific circumstances where the implications are known and understood When the Control Panel is locked the applicable menus show a lock symbol in the front panel If a user attempts to access a locked menu entry a warning message is displayed Default printing options Access denied Contact the printer administrator 3 3 1 Deadlock Front Panel locked EWS password forgotten Under certain circumstances a printer might become inaccessible if the control panel has been locked and the administrator has lost the password needed to unlock it This could happen if the front panel is locked through the printer s Embedded Web Server and the Administrative password for the EWS is lost In this situation it would not be possible to unlock the front panel from the Embedded Web Server and it would not be possible to reset the Embedded Web Server from the front panel With HP Designjet Printers there is a menu option that users can access with the guidance of Customer Support agents If you encounter any problems related to deadlock then you should contact HP Support as
19. e 1 Q 002655152588 cuf HP Designjet T2300 PostScript 16 23 13 181 npi00265588248 1 002655882481 n X Configuration H E Alerts B Firmware B lj Reports Egg Storage S Solutions CRACA D H E Status Config Alerts nwt am a eo gjView Templates Device Model IP Hostname IP Address ds Storage Media HP Designjet T2300 PostScript npi00265588248 16 23 13 181 Storage Device count 1 m Select media Secure erase mode E HP Designjet T2300 PostScript npi002655882481 emea hpqcorp net 16 2313181 1 lem 3 Use setting on device Media Type Capacity KB Used Space KB Read Write Enabled 0 HardDisk 152627 Read Write Yes Secure Sanitizing Erase 5 7 Retain mode after erase HP Designjet Printer Series Security Settings e Printer Front Panel access Once you have entered into the Service Menu with the help of an HP Support representative you can perform the Secure Disk Erase using the same 3 options that you have in Web JetAdmin Note that the name of the feature in the front panel is Disk Wipe DoD 5220 220M and the three options are called Insecure Mode 1 pass mode and 5 pass mode Before you start the erase operation you must first select the security level sometimes referred to as sanity level The printer will then warn you that the erase operation is a process which deletes all data a
20. er will automatically restart Disable on board Gigabit Ethernet m Disable USB Note To disable this interface you should access the EWS through a different nehwork interface Control Panel Access Lock Select an option tg WETot the control panel access To Unlock Minimum Lock Moderate Lock Intermediate Lock Maximum Lock G amp Local intranet Protected Mode Off fey Am v 14 HP Designjet Printer Series Security Settings The following table shows the different levels of access and what they enable or disable Retrieve Job Information Paperhandling Configure Designjet Diagnostics Maximum OK Intermediate OK OK Moderate OK OK OK Minimum OK OK OK OK OK e Maximum Lock This option denies access to all options e Intermediate Lock This option denies access to the paper and ink supply handling options maintenance options and demo prints as well as the options locked by Moderate Lock Only viewing printer and supply information is allowed e Moderate Lock This option denies access to all printer settings the job queue information and service prints and the printer log as well as the options locked by Minimum Lock For ePrinters the setting also locks access to these 5 security features Disable USB drive Disable firmware update through USB Disable direct print using ePrint amp Share Disable ePrint conne
21. es when printing Off Use crop lines when nest is enabled On E Accounting Max number of logged jobs 10 Require account ID Off Send accounting files Enabled Send accounting files to qclarke hp com Send accounting files every 7 days Exclude personal information from accounting e mail Off Bl Advanced Units Metric Cutter On Roll switching options Minimize paper waste Bl web Services HP Printer Utility Enabled Color and paper management Enabled Date amp Time Maintenance a Embedded Web Server preferences Refresh rate seconds 180 20 HP Designjet Printer Series Security Settings 3 6 Disable connectivity interfaces Depending on the printer series there are some ports that can be disabled to prevent unauthorized printing and possible data theft You might want to disable the USB printing port to prevent people from connecting a laptop directly into the printer and printing via USB If you have installed a JetDirect card to add extra security features you might want to disable the onboard Ethernet EHP Designjet T1200 PostScript Security Windows Internet Explorer QU e http 16 23 45 148 hp device webAccess indexhtm content security gt 4 x SW Googie x amp oly Favorites g Z 4shared com free file sh FilmJabber com Recent v HP Drivers Get More Add ons v HP Designjet T1200 PostScript Security Th ov E gt amp ode Pager Gafetyv Too v L a HP Designjet
22. identified as administrators have access to all operations If the guest account is not set up a username and password are not required for unrestricted operations 18 HP Designjet Printer Series Notes 19 EHP Designjet T1200 PostScript Security Windows Internet Explorer Security Settings E 7 z QUO E httpi 16 23 45 148 hp device webAccess index htm contentzsecurity amp opzset guest x amp gt 4 x Googie die Favorites 4 4shared com free file sh Ay Filmlabber com Recent lg HP Drivers 6 Get More Add ons v HP Designjet T1200 PostScript Security a HP Designjet T1200 PostScript NPIAG343D 16 23 45 148 Configuration Printer settings Security E mail server User name Date amp Time New password Maintenance Firmware update Fonts pese Paper preset management Administrator password gt Cod v Pager Sfetyv Tool v gt gt m Local intranet Protected Mode Off g RW Some printers only have 1 level password access to the Embedded Web Server The networking tab of the Embedded Web Server enables you to set up another password If the printer has a EWS 1 level or multi level password then the networking password is the same as the general EWS password If the EWS does not have password capabilities then the networking password is only used for controlling access to the networking area of the EWS For most pri
23. information from the printer s front panel 3 12 Encrypt web communications You can securely manage your network connected printers using a Web browser and the HTTPS protocol To authenticate the HP JetDirect Web Server when HTTPS is used you may configure a certificate or you may use the pre installed self signed X 509 Certificate The encryption strength specifies what ciphers the web server will use for secure communications Supported cipher suites are DES RC4 and 3DES When you enable encryption the web server encrypts all web communication forcing all connections to use HTTPS You can also configure encryption options to allow both HTTP unencrypted and HTTPS connections In secure environments you should choose to encrypt all web communications Otherwise sensitive management data Administrator Password SNMP Community Names and secret keys may be compromised OpenSSL HeartBleed Vulnerability On April 8 2014 HP Networking support was notified of the vulnerability known as Heartbleed in the open source and widely used OpenSSL toolkit The vulnerability allows unauthenticated access to portions of computer system memory HP Designjet products are not vulnerable due to either using a version of OpenSSL that is not vulnerable or are not using protocol objects affected 24 HP Designjet Printer Series Security Settings 3 13 Disable USB drive You can use this option to disable the use of USB drives preventing somebody fr
24. inters via e mail and so the option to Exclude Personal information from accounting e mail is now available in the Embedded Web server If this option is selected accounting e mails will not contain personal information user name job name and account ID will be left blank in the accounting file sent by e mail from the printer This option is typically used for managed print or pay per use contracts in order to ensure that only the data counters relevant for billing are being sent by the printer Personal information about who printed which file is not required for billing purposes and can be excluded from the accounting e mail This personal information is typically used for cost allocation within a company CION le http 16 23 45 148 hp device webAccess index htm content device_setup x gly Favorites 3 Z 4shared com free file sh FilmJabber com Recent v HP Drivers Get More Add ons v B8 GHP Designjet T1200 Pos X HP Designjet T770 Printe KA HP Designjet T1200 PostScript NPIA6343D 16 23 45 148 Pen setup Configuration Security Printer settings E mail server Bl Printer settings G Printing preferences Graphics language Automatic Margin Layout Standard Firmware update E Job management Paper preset management Queue On Nest Optimized order Max number of printed jobs 32 Start printing After processing Max number of stored jobs 10000 Username is required Off Use crop lin
25. irus installation Closed systems with very low risk of being infected by a virus so no antivirus is required Disable FTP amp Weblicress Yes Yes N A Yes Yes Access to images in Yes by default scanner through FTP amp EWS Yes by default N A N A N A FTP amp EWS Read only network Read only Microsoft Security Not needed Not needed patches Yes through scanner S W update Linux based Linux based Install scanner software into a N A Possible butnot N A N A N A separate PC official process HP Designjet Printer Series 4 Security Concepts explanation 3 1 Secure File Erase Security Settings Secure File Erase is a feature that manages how files are deleted from the printer s hard disk There are three security modes to the Secure Files Erase feature These settings can be changed via Web JetAdmin Non Secure Fast Erase In this mode all file pointers to the data table indexes are erased Temporary data remains on the Hard Disk Drive until the disk space it occupies is needed for another purpose and is then overwritten This is the fastest mode of operation and is the default for all printers Secure Fast Erase In this mode of operation file pointers are erased and the disk space where the temporary job was stored is also overwritten with a fixed character pattern This mode of operation is slower than Non Secure Fast Erase but all data is overwritten Secure Sanitizing Erase In this mode
26. is 29 ii EWS EWS multilevel EWS N A N A EWS EWS EWS N A 1 level from accounting Disable features Disable USB drive N A N A Disable js i thru Disable ePrint Center connectivity Disable internet connection Disable protocols EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA Data access HD ver External HDD Yes from F W N A N A N A N A N A N A 6 0 0 6 TIRE DES Communications security EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect configuration EWS EWS EWS EWS EWS EWS SNMPVS Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect EWS EWS EWS EWS EWS EWS CA JD Certificates Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect EWS EWS EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA EWS WJA yp Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Jetdirect Disable interfaces HP Designjet Printer Series 3 Security features available for Large Format scanners Multi function printers MFPs consist of two main parts the printer and the scanner For the printer the table above applies For the scanner refer to the table below Security Settings DJ 4500MFP T1100MFP HP Designjet HD MFP Series T1120 SD MFP T2 MFP T2 MFP HD Pro Scanner DJ4520 Scanner 95 3006 some DJ 4500 Scanner HD Scanner Firewall Yes Yes Yes Yes Yes Antiv
27. n the internet or on local networks that use the TCP IP protocol The EWS resides on a hardware device such as an HP Designjet or in the printer firmware The EWS enables you to review configure and change settings on an HP Designjet after inputting an IP address into a Web browser from your computer File system access settings The File System Access options enable you to completely disable many of the access points to the printer s data storage system These access points are for various types of usage for the printer The options are e PJLdisk access e SNMP disk access e NFS disk access e PS disk access HP recommends enabling PS Disk Access to allow you to print PS files and disabling the rest The File System Password feature helps protect the printer s data storage system options from unauthorized access With the File System password configured the printer requires the password before it will allow configuration changes to features that affect the data storage system Some of these features are the Secure disk erase mode the Secure Storage Erase feature and the File System Access options An option in the Service Utilities menu of the front panel to show hide the Internet Protocol IP address of your printer If the address is hidden only registered users or network administrators will know the correct address to submit jobs to the printer HP Designjet Printer Series HP Web Jetadmin IP multicast IPSec Job
28. nced Disable unsecure management protocols FTP Telnet RCFG SNMP v1 v2c Enable SNMPv3 Enable SNMPv1 v2 read only access Custom Manually adjust all the settings a o Configuration Settings TCP IP Settings g EZ H Network Settings Status Wizard Restore Defaults Other Settings AirPrint Welcome to the HP Jetdirect Security Configuration Wizard Security Settings The HP Jetdirect Security Configuration Wizard allows you to configure security settings for HP Jetdirect print server management Authorization l Current Security Level None Start Wizard 802 1X Authentication IPsec Firewall Caution If you use HP Web Jetadmin to manage your devices we strongly recommend that you configure HP Jetdirect security settings using HP Web Jetadmin Diagnostics Network Statistics Protocol Info Configuration Page HP Designjet Printer Series Security Settings 3 22 Job storage and PIN printing Job storage allows jobs to be stored and then printed when required it also provides features for setting print jobs as private with a personal identification number PIN To access job storage features open the printer Properties and then select Printing Preferences Click on the Job Storage tab where the following job storage features are available cH a HP Designjet T3500 HPGL2 Properties RR Sm Paper Qualty Layout Output Color Job Storage Services Advanced Job Storage
29. nd takes a long time Once you accept the printer will begin the process and displays a progress bar until complete All data will be wiped using the selected method and the printer s firmware will be restored to the latest version installed before this operation The following screens show how to perform a secure hard disk erase on the HP Designjet T2300 printer Service utilities Enable Disable Sleep Mode Disk Wipe DoD 5220 220M Hard Disk Recovery Show Hide Front Panel Info Disk Wipe DoD 5220 220M Sanity Level Disk Wipe DoD 5220 22 M 12 HP Designjet Printer Series Sanity Level Insecure Mode 1 Pass Mode 5 Pass Mode Disk Wipe DoD 5220 220M Sanity Level Disk Wipe DoD 5220 22 M Security Settings HP Designjet Printer Series Security Settings 3 3 Control Panel Access Lock The control panel access lock is a feature intended for IT administrators which enables them to lock the device s control panel by using either the HP Web JetAdmin or the printer s Embedded Web Server depending on the printer model This feature prevents unauthorized users from accessing the control panel and changing the printer s settings Administrators can specify the level of access as follows e Unlock e Minimum lock e Moderate lock e Intermediate lock e Maximum lock This option can be enabled from the HP Web JetAdmin as shown below Status Config Alerts Groups Reports Supplies Storage
30. nter a username and password to be verified by a Windows Server For more information About HP Designjet printers www hp com go designjet About HP WebJetAdmin www hp com go webjetadmin 2014 Hewlett Packard Development Company L P The information contained herein is subject to change without notice The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Microsoft and Windows are U S registered trademarks of Microsoft Corporation Adobe and PostScript are trademarks of Adobe Systems Incorporated which may be registered in certain jurisdictions July 2014 33
31. nters that have EWS password capability it is also possible to setup the Admin password through Web JetAdmin Only one level can be set in this way however so the Guest password cannot be set up from Web JetAdmin Passwords have no minimum complexity requirements so the minimum password length is 1 character Eprinters with touch screen front panels only allow the use of the limited set of characters shown below capital letters are also supported q a Z O R O e Ww S x V e d nu O m a C nm t t g b D Y h TT C md oo Q 8 D w H o 1 p pa o H gt These limitations do not apply to printers without touch screen front panels as the password can be set using EWS Some printer drivers rely on the EWS for creating the preview In cases where an administrator password is set the administrator password will be required to access job preview HP Designjet Printer Series Security Settings 3 5 Exclude personal info from accounting You can enable or disable the option for the printer to send an e mail containing accounting information If you enable this setting you also need to fill in the destination of the report by using the Send accounting files to setting Please note that you also have to configure the e mail server on the Setup Page In some cases customers prefer not to send personal data from the pr
32. of operation file pointers are erased and the disk space where the temporary job was stored is repeatedly overwritten using an algorithm that prevents any residual data This mode of operation may affect product performance The Secure Sanitizing Erase mode of operation meets the US Department of Defense 5220 22 M requirements for clearing and sanitization of disk media When the Secure Sanitizing Erase feature is enabled all temporary files that might contain sensitive data are erased with this method No temporary files are left after a job has been completed scan copy or print Furthermore if you do not want to store jobs in the printer you can set the number of jobs to be stored in the printer s queue to 0 To configure this setting perform the following steps e Goto the printer s front panel e Select the setup menu e Select job management setup For further information refer to the printer s user manual as the actual menu options may differ for a specific printer The following is an example of how to change the Secure File Erase setting for the HP Designjet T1100 printer lt HP Web Jetadmin localhost Een File View Tools Help R 7 New Last Discovery 1 of 57 Selected 88 Layouts Y Fites E EH Device Model IP Address IP Hostname Port Any Sev Hardware Address 2 ribs pisces TF HP Designjet Z6100ps 60in 162362115 dhcppc9 emea h 1 o040ca9c1001 Warning Devices 11 amp Photosmart 1
33. om connecting a device to print or to scan images Security USB drive Enabled gt Firmware upgrade from USB Enabled gt Direct print using HP ePrint amp Share Enabled gt Enable Internet connection HP Designjet T2300 PostScript Security tea gt E amp d v Pagev Safetyv Tools v e Tour reci Tm Paper management Disable USB printing Note To disable this interface you should access the EWS through a different network interface v Disable USB drives Disable firmware update fram USB Control Panel Access Lock Select an option to set the level of the control panel access lock e Unlock Minimum Lock Moderate Lock Intermediate Lock Maximum Lock Modify 3 14 Disable firmware update through USB This option is used to disable the possibility of upgrading the printer by installing new firmware from a USB device 3 15 Disable direct print using ePrint amp Share Some printers have a feature that enables you to connect a computer directly with a USB cable and then print without installing any driver This can be done by launching the ePrint amp Share application that is pre installed on the printer It is possible to disable this feature however so that you cannot print via the USB unless you have the driver or ePrint amp Share installed on the connected computer 25 HP Designjet Printer Series Security Settings 3 16 Disable ePrint Center connectivity This feature disables the ePrint Cente
34. or job processing e Storing queuing jobs e Storing the printer s accounting data The HP Designjet External Hard Disk was designed for a specific purpose however It enables security conscious customers to preserve the confidentiality of the jobs being printed on their HP Designjet printers 26 HP Designjet Printer Series Security Settings 3 20 1 How the system works 1 2 Connect the External Hard Disk EHD to the printer s USB host port The printer will detect the EHD and will ask for permission to install it When you accept the printer will move onto the next step All of the information normally stored on the internal HD is copied to the external HD Your printer s internal HD partition is then deleted using a highly secure erasing process DoD 5220 22 M The printer is configured to use the EHD as the repository for ALL future jobs including the temporary processing storage area When the printer is switched off as a Security measure the EHD can be removed and kept in a secure location Once the printer has an EHD installed it can no longer be initialized without it If for any reason the installed EHD is no longer available if you should lose the EHD or the EHD is broken there is a mechanism through a special bootmode controlled with a specific front panel key combination that reconfigures the printer to work without the EHD However in that particular case all the information stored on the EHD is lost
35. own as Bonjour or Rendezvous mDNS uses IP multicast with DNS to provide the capabilities of a DNS server for service discovery in a small network that does not have a DNS server NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations There are two types of authentications named NTLMv1 and NTLMv2 version 2 improves security authenticaion over version 1 The PJL password feature helps to protect the printer from unauthorized configuration changes through Print Job Language PJL commands It does not affect ordinary print jobs Once the PJL password is configured the MFP requires it before it will process any of these commands This service allows an administrator to use a custom application to upgrade the printer s firmware remotely Since HP recommends using HP Web Jetadmin to upgrade MFP firmware you should disable Remote Firmware Upgrade This is a network monitoring and control protocol SNMP Simple Network Management protocol allows users to manage the printer by using SNMP management tools such as HP Web JetAdmin SNMP is also the protocol for communicating from the printer to the Windows driver SNMPv3 provides security through user authentication and data encryption A logical division of a local area network which is created to improve performance and provide security A subnet limits the number of nodes that compete for bandwidth HP Designjet Printer Serie
36. p Local intranet Protected Mode Off fay 100 v HP Designjet Printer Series Security Settings HP Designjet T1200 PostScript Security Windows Internet Explorer QUO Eg http 16 23 45 148 hp device webAccess indexhtm gt s x SB Googie x amp oly Favorites xis 4 4shared com free file sh Ay Filmlabber com Recent v lg HP Drivers 6 Get More Add ons v HP Designjet T1200 PostScript Security fi By Gl dh Pager Safetyy Tool Qv a HP Designjet T1200 PostScript NPIA6343D 16 23 45 148 sic S a se Configuration Printer settings Security Bg 0o ooo o o Set the administrator user account E rver Date amp Time Maintenance security Settings have been changed successfully Firmware update Security Warning the quest user account is not set Click here to set the guest user account Paper preset management Click here to return to the security page Local intranet Protected Mode Off fay Rw If there is no administrator account then the restricted operations can be accessed without a password 3 4 2 Guest password Once the administrator user account has been set the administrator can also set up a guest user account by specifying a password for the guest If the guest user account is set up a username and password are required for all EWS operations users identified as guests have access to restricted operations whilst users
37. r functionality so that users are unable to remotely send items to print Security VOLUN GUL LI Gigabit Ethernet Enabled gt HP ePrint Center connectivity Enabled gt User sessions Printer access control 3 17 User sessions This feature enables you to set a timeout so that open sessions to ePrint amp Share from the printer front panel are automatically closed if they are not used within the set time 3 18 Disable internet connection Disable the direct connection of the printer to the internet This option also prevents the printer from automatically performing firmware upgrades 3 19 Printer Access control For some printers when setting an Embedded Web Server Admin password you also restrict access to certain front panel features The protected features on the front panel are e Network connectivity amp Internet connectivity e Control firmware upgrades e Reset factory defaults e External hard disk connection e Security If a user loses the admin password it is not possible to reset it and the printer will be locked There is a service menu option to reset the admin password Only customer service agents can do this 3 20 External hard disk EHD Some printers allow the connection of an external hard disk Any HP Designjet printer with an internal hard disk uses it for four main purposes e Storing the printer s firmware amp resources media profiles demo plots diagnostic plots e Providing virtual memory f
38. s Security Settings This feature enables administrators to secure Device Functions by requiring users to log in with a specific Log In Method for each Function For example users may be required to log in with an Access Code or PIN to make copies yet be required to log in with a username and password to send e mails Log In Methods The following Log In Methods are available with the latest device firmware upgrade Group 1 PIN Requires users to input a numeric code for access when at the control panel of the device The numeric code entered by the walk up user is compared to the first of two PINs stored on the device by the Administrator When the PIN is entered correctly the user can proceed Authentication Manager Group 2 PIN Requires users to input a numeric code for access when at the control LJ feature panel of the device The numeric code is compared to the second of two PINs stored on the device by the Administrator LDAP Lightweight Directory Access Protocol Requires users to input a username and password that are verified by an LDAP server HP Digital Send Service if available Also known as DSS Requires users to enter credentials that are verified by the HP Digital Send Service software HP Digital Send Service software must be available to use this Log In Method If no DSS server is associated with this device walk up users will not be required to authenticate before using the device Kerberos Requires users to e
39. se to access your printer For example you might prevent users from sending files via ftp or connecting through telnet to manage the printer network settings You can disable unused protocols through the Mgmt Protocols option in the Embedded Web Server or Network Enable Features in Web JetAdmin 162313181 Windows Internet Explore Ap HP Designjet T2300 PostScript NPI002655882481 16 23 13 181 Networking Configuration M mt Protocols TCP IP Settings g EZI EB Network Settings Web Mgmt SNMP Other Other Setti Select the protocols and services that you want to enable Security Settings Auth Enable Print Enable Device Services Discovery E Vi 9100 W SLP IPsec Firewall V Enable WINS Port Diagnostics v LPD 7 Bonjour J d V WINS Registration Network Statistics V Web Senices Print V Multicast IPv4 Protocol Info WI FTP v WS Discovery Configuration Page Enable Management Protocols 7 Enable Telnet 4 HP XML Senices V Certificate Mgmt Service Local intranet Protected Mode Off fg 120 Status Config Alerts Troubleshoot Groups Reports Supplies Storage Solutions Capabiities Frmware yi Apply Template e View History x Customize a Refresh IPv4 Information a Net ah IPv6 Information 7 V EWS Config Link Setting mDNS Service Name SLP Config
40. soon as possible HP Designjet Printer Series 3 4 printers The Security page enables users to If the two levels of access have been set and you have neither of the passwords then you will not be able to gain access to EWS information as in the image below G6 dy Favorites Restrict access to the printer by setting an administrator user account Embedded Web Server EWS multilevel access The Embedded Web Server is a powerful tool which enables direct management of a device such as an HP LaserJet printer or an HP Designjet printer With no security in place however this tool also has the potential to have a negative effect on many features as they can be configured using just a web browser and knowledge of the IP address of to the printer To solve this situation we have implemented two levels of access to our compatible HP Designjet Define two levels of access Administrator and Guest HP Designjet T1200 PostScript Job queue Windows Internet Explorer Security Settings 16 21 48 148 np desace webArce dE 4 Ghared com free file sh C HP Designjet T1200 PostScript Job queue CO HP Designjet T1200 PostScript NPAR3430 16 23 45 148 Main Status Supptes Job center i i amp amp amp ui E amp amp m E E amp 3 4 1 Administrator password Access control is enabled by setting the Admin account password i e specifying a password for the user account at Admin
41. stall and manage digital certificates on the HP JetDirect print server Certificates are used to identify the JetDirect print server both as a valid Web server for network clients and as a valid client requesting access on a secure network By default the JetDirect print server contains a self signed pre installed certificate 1623 13 181 Windows Internet Explorer Ap HP Designjet T2300 PostScript NPI002655882481 16 23 13 181 Networking Configuration A p uthorization TCP IP Settings E B Network Settings Certificates Other Setti Certificates are used to identify devices on the network Security Settings Jetdirect Certificate By default a pre installed self signed Jetdirect certificate is created to identify Jetdirect You can change this certificate to more accurately identify the device and to update the length of time the certificate is valid IPsec Firewall Status Installed Diagnostics Configure Network Statistics CA Certificate Protocol Info A Certificate Authority CA certificate is required for some authentication methods It is used to verify the authentication server s certificate The CA certificate must be the Configuration Page certificate of the CA that signed the authentication server s certificate Status Not Installed 3 11 Hide IP from front panel Some printers include an option in the Service Menu accessible with the help of an HP Support agent only that enables you to hide all IP
42. work you can use an isolated LAN or a direct computer connection via a cross over cable The supported 802 1X authentication protocols and associated configuration depend on the print server model and firmware version For more information on 802 1X features please visit here 30 HP Designjet Printer Series 6 Glossary Active Directory AD Adobe PostScript Color Access Control Device Password LJ feature Domain Naming System DNS Embedded Web Server EWS File System Access settings LJ feature File System Password LJ feature Hide IP address from front Panel 31 Security Settings An advanced hierarchical directory service that comes with Microsoft Windows servers version 2000 or later It is LDAP compliant and built on the domain naming system DNS used on the Internet Workgroups are given domain names exactly like Web sites and any LDAP compliant client such as Windows Mac or Unix can gain access Developed by Adobe this is the standard page description language PDL for the graphics arts industry and commercial printing Many printing devices support PostScript with a built in PostScript interpreter Settings to determine which users and or applications are allowed to print in color This is equivalent to the designjet s web server password It helps protect the printer from unauthorized access through remote applications Converts host names and domain names into IP addresses o
Download Pdf Manuals
Related Search