HP Imaging and Printing Security Center Reference Guide
Contents
1. 2 Setup the HP Imaging and Printing Security Center Use the information in this section to set up the HP IPSC SP NOTE For installation instructions of the HP IPSC see the HP Imaging and Printing Security Center Installation and Setup Guide e Set the HP Imaging and Printing Security Center server connection option e Verify global remediation setting e Install device licensing e Setup Instant On Security ENWW Set the HP Imaging and Printing Security Center server connection option When you first start the HP IPSC you must provide the DNS name or IP address of the server in the Connect to Server window Whether the HP IPSC prompts for the server name is controlled by an option in Settings Use the following steps to change this option 1 Start the HP Imaging and Printing Security Center 2 If prompted enter the server name in the Connect to Server window and then click Connect 3 Click File and then click Settings 4 On the General tab in the Connect Options panel select the check box for Show the Connect to Server dialog before connecting if you want to be prompted Otherwise clear the check box if you do not want to be prompted E NOTE If you select the check box to Show the Connect to Server dialog before connecting you can avoid being prompted by the Connect to Server window each time you start the HP Imaging and Printing Security Center by providing the server name and then selecting th2. For example a function in a library to compute square roots has a purpose that is entirely well defined independent of the application Therefore Subsection 2d requires that any application supplied function or table used by this function must be optional if the application does not supply it the square root function must still compute square roots These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Library and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Library the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may opt to apply
3. link with or distribute the Library is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 9 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Library or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Library or any work based on the Library you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Library or works based on it 10 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy distribute link with or modify the Library subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties with this License 11 If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this
4. write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU SHOULD THE LIBRARY PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 16 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
5. 12 Ey NOTE Devices are associated with a group which is simply a collection of devices Two default groups are available All Devices Group and Custom Groups You can add your own groups to the Custom Groups You cannot change the All Devices Group HP IPSC licensing occurs automatically when devices are added For more information see Install device licensing on page 10 After import you can verify support for an individual device or a group of devices The verification can quickly identify which devices need updates before you run an assessment Completing the needed corrections before running a full assessment can save time The verification checks the following e Connection status e Supported HP model e Credential status After you run the verification unsupported devices printers MFPs are noted in the Supported column in the main panel of the Devices tab For a list of supported printers MFPs see What you must provide on page 5 For an overview of the icons menus and panel headings in the Devices tab see Devices tab navigation on page 21 e Devices tab navigation e Manually enter device addresses e Add device addresses using a plain text or XML file e Edit device and group information Devices tab navigation ENWW e Toolbar icons Refresh Properties Delete Add to Group Remove from Group Disable Filters Clear Filters Add Devices Verify Assign License e Column headings
6. Adobe PDF or Microsoft Word format file Executive Summary Use the executive summary to report the current state of your system The Executive Summary provides assessment risk by device devices unassessed assessment risk by policy item assessment risk by feature category and the risk summary The report is filtered by the currently selected device group Devices View Select from the following reports These reports are filtered by the currently selected device group e Assessed Lists all of the assessed devices You can generate a more detailed report by selecting individual devices e Recommendations Lists all devices that have at least one recommendation sorted by the number of recommendations You can generate a more detailed report by selecting individual devices e Remediated Lists all of the remediated devices You can generate a more detailed report by selecting individual devices e Unassessed Lists all of the devices that could not be assessed 30 Chapter 3 Use the HP Imaging and Printing Security Center ENWW Policy Item View Select from the following reports e Fleet Assessment Summary Summarizes the number of recommendations for a policy item and its risk in a security category Filtered by the currently selected device group e Policies Lists all of the current policies You can generate additional reports by item name or all items ENWW Run reports 31 32 Chapter3 Use the HP Imaging and Printin
7. Assess and Remediate which remediates out of compliance devices Schedule an assessment remediation You can run an assessment remediation from the Devices tab the Policies tab or from the Tasks tab e Run an assessment remediation from the Devices tab e Run an assessment remediation from the Policies tab e Run an assessment remediation from the Tasks tab Run an assessment remediation from the Devices tab To run an assessment from the Devices tab 1 Start the HP Imaging and Printing Security Center and click the Devices tab 2 Right click the device group and select Assess Only or Assess and Remediate Or click Action and then select Assess Only or Assess and Remediate from the menu 3 Enter a Task Name for the assessment so you can identify it later 4 Select the Policy to use for the assessment Ey NOTE You cannot select an invalid incomplete policy for an assessment Click Select in the Device Group field to change the group 5 6 Enter the Start Date Start Time and Frequency or use the defaults 7 Click OK to schedule the assessment or Cancel to discard your entries 8 Click the Tasks tab to monitor your task Click the Refresh button to update the display ENWW Assess and remediate 27 Run an assessment remediation from the Policies tab To run an assessment from the Policies tab 1 2 3 4 5 6 7 8 Start the HP Imaging and Printing Security Center and click the Polici
8. File System Password check box to set the file system password on the device Enter the password and then reenter it to confirm 10 Click OK to save your entries or Cancel to discard them 26 Chapter 3 Use the HP Imaging and Printing Security Center ENWW Assess and remediate After you add devices and create policies you are ready to run an assessment of the devices within the selected device group You can schedule the assessment to run immediately or to run in the future The assessment identifies the devices in your network that do not comply with your security policy If you choose to remediate devices with noncompliant settings are corrected Ey NOTE If Allow Automatic Remediation is enabled automatic remediation of the device occurs automatically For more information see Set up Instant On Security on page 12 Before running the first assessment verify the global remediation setting See Verify global remediation setting on page 9 Some policy items cannot be remediated The item might be dependent on another setting or it cannot be changed on the device See the item s information bubble for details about the restriction Remediation options are also set by the policy using the Advanced Policy Settings See Set severity remediation and unsupported behavior on page 18 for more information When scheduling an assessment you can select to Assess Only which provides a report but does not change any device settings or
9. Poley gdilor ICONS E 17 Include or exclude all Items iiiter rete eco rent rene ee fog daa Rude 18 Set severity remediation and unsupported behavior sss 18 Set policy options for a single item ssssssen a 19 Set advanced policy options for all items or by category ssssss 19 Export or import polleles io treten e i reri e eee e Ee RR ert deed aE 19 Add and edit device information ue Ltd Lec a tad te ue tede d LAT Ea EL Ho ea LIE e ca d 21 Devices tab navigatlOri oin ted t ette eeu ette nter x xen ores er secs Ele snae d deu na duuee 21 Manually enter device addresses ssssssssseee enne eee 22 Add device addresses using a plain text or XML file sse 22 Edit device and group information ssssessse eene eem rennen 23 Adda QrOUP c 23 ENWW Rename a Ro oo 24 Delete a group ie te be ee ee P t E i s 24 Add or remove a device from a group sssssee e 24 DGlEte Eodem TET 25 Assign a license manually sse enne 25 Set device credentials ne tem Pere e cea vepres RE RIA EN UE EVE Eaa 25 Assess and remediate cete etae a a dass OR etx ene MIR aea FEM ERA RR NR Reha RDUM eaa 27 Schedule an assessment remediation sesssssssseee eene 27 Run an assessment remediation from the Devices tab sssssss 2
10. for a fee you must give the recipients all the rights that we gave you You must make sure that they too receive or can get the Source code If you link other code with the library you must provide complete object files to the recipients so that they can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights We protect your rights with a two step method 1 we copyright the library and 2 we offer you this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone else and passed on the recipients should know that what they have is not the original version so that the original author s reputation will not be affected by problems that might be introduced by others Finally software patents pose a constant threat to the existence of any free program We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder Therefore we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license Most GNU software including some libraries is covered by the ordinary GNU General Public License This license the GNU Les
11. group select Custom Groups click the Action menu and then click New Group Or right click on the Custom Groups and then click New Enter a name for the new group To import the devices right click on a group and select Add Devices Or click Add Devices in the toolbar Click Select to select a group from the Add to Group field Click Add File to locate the text file to import Select the file and then click Open If the file is readable the IP addresses hostnames are displayed in the Devices to Add panel To remove an IP address hostname from the list select the address and then click Remove To remove all of the IP addresses from the list click Clear All Click OK to import the addresses hostnames listed in the panel A message is displayed indicating the number of devices added Edit device and group information If required use the HP IPSC Devices tab to add rename or delete groups add or remove devices from a group or to delete devices NOTE Unsupported devices printers MFPs are displayed as False in the Supported column of the device panel listing For a list of supported printers MFPs see What you must provide on page 5 If the Supported column is not shown right click in the column header area select Columns and then select Supported When you delete a group any devices associated with that group become members of the All Devices Group Add a group Rename a group Delete a group Add or
12. licenses to the license pool you must delete the licensed device E NOTE Deleting a licensed device removes that device s historical data e You can manually assign licenses to individual devices or groups of devices from the Devices tab To add licenses select the group or device s and then click License in the toolbar or right click and select License from the menu Use the following steps to initially install licenses or to add additional licenses 1 Save the license file on your system 2 Start the HP IPSC click File and then click Settings 3 Click the Licenses tab 4 Click the Add Licenses Now button The file browser opens 5 Browse to the location where you stored the license file select it and then click Open The license file is read and the display is updated with the available licenses and the expiration information Once the license file is read it is no longer needed 10 Chapter 2 Setup the HP Imaging and Printing Security Center ENWW ENWW If an error is displayed No licenses were added the following are typical causes The HP IPSC is unable to connect to the license server Attempting to update a demonstration license A new demonstration license will not override an existing demonstration license Attempting to install a demonstration license file when a normal license is currently installed Attempting to install the same license file Attempting to install a corrupted or invalid license f
13. pool Assign a license manually You can use the Devices tab to manually assign licenses from your license pool to selected devices Ey NOTE Before you can assess and remediate printers MFPs on your network you must obtain and install HP IPSC device licenses A license is required for each printer MFP that you plan to assess remediate Licenses are typically assigned automatically during device addition However if there are no available licenses the device is added unlicensed For information about installing your license file see Install device licensing on page 10 Use the following steps to assign licenses 1 Click the Devices tab 2 Select either the individual device or the group that contains the device s to license and then select the device from the device list B NOTE Once a license is assigned to a device the license cannot be returned to the license pool until the device is deleted 3 Click License from the toolbar or right click and select License from the menu options Set device credentials ENWW Use the Set Credentials option to set device credentials for the devices you plan to assess remediate You can set SNMP v1 v2 or v3 credentials and set passwords for the HP Embedded Web Server password and the file system Once set you can assess remediate across a range of devices without having to reset credentials or passwords for individual devices or groups of devices Use the following s
14. recommendations Icons indicate whether the device passed assessment and the security risk due to noncompliant configurations if the device fails In addition conditions that need attention such as a disconnected device unsupported firmware or credential errors are also shown Ey NOTE For a list of all available column headings in the Devices tab right click in the heading area of the device panel and select Columns To change the sort order of a displayed column click the column heading You can also change the order by dragging and dropping the column headings The Devices panel toolbar contains icons for refreshing the view device properties delete a device add and remove a device from a group enable and disable filters add devices verify the status of the device and assign a license The HP Imaging and Printing Security Center system 3 Using the Devices tab you can o o Add devices manually or import a text or XML file containing a list of devices Add or remove devices from groups you create A group is a collection of devices You can then filter the display by any column For example you might want to display severe failures by filtering on the risk column Or display only devices with a credential error using the device status column Display the device assessment recommendations and properties NOTE Devices are added automatically when you select the Accept Device Announcements check box i
15. remove a device from a group Delete a device Assign a license manually Set device credentials Add a group ENWW 1 Click the Devices tab click the Action menu and then click New Group You can also right click on the Custom Groups in the Devices tab and select New from the menu options Enter a name for the new group Add and edit device information 23 Rename a group 1 Click the Devices tab select the group name click the Action menu and then click Rename Group You can also right click the group name and select Rename from the menu options Ey NOTE You cannot rename the All Devices Group 2 Enter the new group name in the group field Delete a group 1 Click the Devices tab and then select the group name 2 Click the Action menu and then click Delete Group You can also right click the group name and select Delete from the menu options EY NOTE You cannot delete the All Devices Group Any devices associated with a deleted group become members of the All Devices Group 3 Click Yes on the confirmation message to delete the group or click No to cancel Add or remove a device from a group 1 To add a device to a different group click the Devices tab a Select the group that contains the device you are adding to a different group b Right click the device from the device list and select Add to Group from the menu options Or click the Add to Group icon in the device panel to
16. results from the Reports tab View results from the Devices tab To view results from the Devices tab use the following steps 1 2 3 28 Chapter 3 Start the HP Imaging and Printing Security Center and click the Devices tab Select the device group Right click on the device in the list and select Recommendations which displays the policy item recommended value and the policy name Use the HP Imaging and Printing Security Center ENWW View results from the Reports tab To view results from the Reports tab use the following steps 1 Start the HP Imaging and Printing Security Center and click the Reports tab 2 To view overall device status select the Devices Assessed report 3 To view items that failed and the recommendation select the Fleet Recommendations Summary report ENWW Assess and remediate 29 Run reports Before running reports you can select to filter the results using the device group To do this select Reports Executive Summary or Devices View or Policy Item View and then choose the device group from the Reports toolbar The filters apply to any report that consists of device information Select from the following report categories e Executive Summary e Devices View e Policy Item View Ey NOTE Use the Reports tab toolbar to control the print and page layout the reporting time span for the Remediated report and to optionally select the group You can also export the report to an
17. the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this you must alter all the notices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public License has appeared then you can specify that version instead if you wish Do not make any other change in these notices Once this change is made in a given copy it is irreversible for that copy so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy This option is useful when you wish to copy part of the code of the Library into a program that is not a library 4 You may copy and distribute the Library or a portion or derivative of it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange If distribution of object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code even though third parties are not compelled to copy the source along with th
18. 7 Run an assessment remediation from the Policies tab sssss 28 Run an assessment remediation from the Tasks tab sssesssss 28 View assessment l esults 5 tiii retainer ore neos E E Cre HN Rue E Le FERT eu PAS FEDERE ARR en 28 View results from the Devices tab sssssssssssssseseeeeneee 28 View results from the Reports tab sssssssssssssssse eee 29 DEI EL 30 vcre UT ESIPIMIMIINANOES DEESSET 30 DEVICES VICW EET 30 Policy Item VIEW T HP 31 Appendix A Network port assignments et cunei aio eiaa aa aaa aria inada iiia 33 Appendix B Legal statements eitis EHE UHREREE PEE rS Iaea er r SE ERE EE EFE ISEAN EVE EE FEE EE ana 35 Software license agreement ssssssssssssssesssee eene enne nnne rrn nennen nne entren enne 36 Greer c 38 lOG4NEENICENSS es m 38 nhibernate license sssssssssssssssssssessseseene enne rmereme nn en nennen etn nn nen renrrr ste sn nennen nn 41 ENWW 1 ENWW Introduction The HP Imaging and Printing Security Center HP IPSC is a security compliance tool Use it to create policies to assess the security of your imaging and printing devices configure the devices to comply with the policy and monitor the devices for continued compliance
19. DAMAGES END OF TERMS AND CONDITIONS ENWW Copyrights 47 48 Appendix B Legal statements ENWW
20. License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license 46 Appendix B Legal statements ENWW practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear
21. Right click menu from column area o Hide Hide the column heading current pointer location Columns Select or deselect the columns to display Enter Filter Click in the column to filter and enter a value to only display those devices o Clear Filter Click in the filtered column and clear the value Add and edit device information 21 Manually enter device addresses Use the following steps to manually enter device addresses using the Add Devices option 1 Start the HP Imaging and Printing Security Center and then click the Devices tab 2 f you need to add a group select Custom Groups in the group panel click the Action menu and then click New Group Or right click on the Custom Groups and then click New Enter a name for the new group 3 Tomanually enter devices right click on a group and select Add Devices or click Add Devices in the toolbar 4 Click Select to select a group The default is the All Devices Group 5 Enter the IP address or the host name of the device in the IP Address or Hostname field and click Add Ey NOTE An error is displayed if you enter an unknown IP address or host name 6 Repeat the previous step for all the addresses you want to associate with the selected group Each address is added to the list of addresses in the Devices to Add panel 7 To remove an IP address hostname from the Devices to Add list select the address and then click Remove To clear all of the IP add
22. U ON sce oii eee E E T E E EIER REI ESPERE REGE Does 1 Getting started with the HP Imaging and Printing Security Center sseee 2 Review security policy n cina itte cse a e na e aa n e ane 2 AGO GOVICCS LEMMA 2 ASSESS COVICCS 5 eas sce e2 ee atisccic aca dealt edn alls ended atcecd sot AENEA AENA NAKE KANARAN eee Gasconade 2 Remediate non compliant devices sss eren 2 Review risks and results eter eret deter d eet ea DAC ca dee ND ded dee DDZER ad 2 The HP Imaging and Printing Security Center system sssssssssene enne 3 What you must provide iiie etie ert e A LEE En ena REP ERR RARE Tee RR RRRDPR tactical 5 2 Set up the HP Imaging and Printing Security Center 20 0 0 ceccceeeeessseeeeeeeeeeeeeeeeseeeeeeeeeeeseeesesseeeeseeesseneeenes 7 Set the HP Imaging and Printing Security Center server connection option ccccccceeeeeeeeeeeeees 8 Verity global remediation setting iater ettet a E ceo ase tcu e eundo renati gua 9 Install device licensing sse nem AN EAKA EAEEREN 10 Set up instan On SGeGcUrlty otc ERE tt cc sd ier ead base HR RE RE a o HER E da ae s 12 3 Use the HP Imaging and Printing Security Center eeeeeseeeeeeeeeeeeneenenen nennen nnn nnn 15 Create a security policy corper ret intei Der free p c e ra Ra uh aber eeu radere es 16 Create a new polloy 5 race aet tee ri pee OE ae 16
23. Using the HP IPSC you can e Easily and quickly create device security policies Intelligent prompts guide you through the process by providing advice and recommendations as you configure the policy e Add device IP addresses or host names by importing a text or XML file that contains device information by manually entering them e Assess remediate devices immediately when they first connect to your network using the HP Device Announcement Agent and allowing automatic remediation e Assess remediate devices manually on demand or create a schedule to run assessments at preset intervals Getting started with the HP Imaging and Printing Security Center Getting started with the HP IPSC typically involves the following tasks Review security policy Use the Policies tab to create a security policy for your network You can create a new blank policy or use a template which provides a policy based on industry standard recommendations After you create the policy intelligent prompts guide you through the process of setting the items Advice and recommendations are provided as you configure the policy See Create a security policy on page 16 for instructions Add devices Using the Devices tab you can add devices by importing a text or XML file that contains a list of devices or by manually entering device information Use the Verify option in the Devices tab to verify support for a device or group of devices Unsupported
24. Y HP Imaging and Printing Security Center Help 2012 Copyright Hewlett Packard Development Company L P Reproduction adaptation or translation without prior written permission is prohibited except as allowed under the copyright laws The information contained in this document is subject to change without notice The only warranties for HP products and Services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein Applicable product J8023AA Edition 4 11 2012 ver 2 0 7 Microsoft Outlook Windows Windows Server Windows 7 Windows 8 Windows Vista and Windows XP are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries Microsoft SQL Server 2005 Express and Microsoft SQL Server are registered trademarks of Microsoft Corporation in the United States and or other countries NetWare and Novell are registered trademarks of Novell Corporation IBMQ is a registered trademark of International Business Machines Corp Ethernet is a registered trademark of Xerox Corporation PostScript is a trademark of Adobe Systems Incorporated UNIX is a registered trademark of the Open Group VMware is a registered trademark of VMware Inc Table of contents T AGRO UC
25. amble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This license the Lesser General Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case based on the explanations below When we speak of free software we are referring to freedom of use not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it Copyrights 41 For example if you distribute copies of the library whether gratis or
26. as you configure the policy A built in policy is provided HP Best Practices Base Policy that you can use as a template for your own policy Ey NOTE Because the HP Best Practices Base Policy includes specific credentials that are vital for a secure policy the policy you create is initially invalid You must provide the credentials you want configured on your devices The following are selected for remediation and must be provided for a valid policy Admin EWS Password SNMPv1 v2 Read Community Name and Read Write Community Name SNMPv3 User Name Authorization Passphrase and Privacy Passphrase Because the policy editor is self guided this section focuses on information about the policy icons how to include or exclude all items in a policy and how to use the Advanced Policy Settings Create a new policy Policy editor icons Include or exclude all items Set severity remediation and unsupported behavior Export or import policies Create a new policy Before reviewing the features discussed in this section create a new policy if you have not already done so Use the following steps f 2 Start the HP Imaging and Printing Security Center and click the Policies tab To create a new policy click the New icon in the policy toolbar The Create New Policy window is displayed Enter a name for the policy in the Name field and then select a template to use Blank Policy or HP Best Practices Base Pol
27. atic remediation first request your site administrator to add an entry in your corporate DNS server that points hp print mgmt to the IP address of your HP Imaging and Printing Security Center server 2 Create a valid policy by using the following steps a Start the HP Imaging and Printing Security Center and click the Policies tab b Click the New icon in the policy toolbar The Create New Policy window is displayed c Enter a name for the policy in the Name field Use a policy name that indicates its purpose such as Initial Instant On Policy HP recommends that you select the HP Best Practices Base Policy to use as a template or create your own by selecting Blank Policy Ey NOTE You must create a valid initial policy to use with automatic remediation After you choose a template to use and name your policy you can modify it to suit your needs The initial policy is only used for the assessment of newly announced devices Subsequent device announcements use the most recently applied policy d Make any desired changes and then click Save to save the new policy e Click Close to close the policy editor Click File and then click Settings Click the Instant On Security tab Select the Accept Device Announcements check box o n a amp To only accept new device announcements but disallow automatic remediation clear the Allow Automatic Remediation check box When you disallow automatic remediation the Automatic Remediat
28. ce documentation for instructions about configuring the certificate Each device must be set to require mutual authentication using certificates during a pre staging process Since certificates remain over a cold reset this method of Instant On Security protects you even if the device is cold reset Once certificates are configured on both the device and the HP IPSC server click Select Certificate and choose the certificate to use for mutual authentication from the list of security certificates found on the HP IPSC server b Selectthe No Authentication Out of the Box button to not use any authentication This is the simplest method since no pre staging is required and devices can literally be taken out of the box plugged into the network and be automatically configured to be compliant to your security policy by the HP IPSC system This method also works on devices that are cold reset since no authentication is required for the auto discovery assessment and remediation For slightly more control of the devices accepted into the HP IPSC you can use no authentication in conjunction with a list of authorized device serial numbers To use the serial number list select the Use Device Serial Number List check box click Edit List to open the Edit Device Serial Number List window Then click Import to import a list of serial numbers from a text or XML file or enter the serial numbers in the Device Serial Number field and click Add Click OK
29. ce passes the minimum authentication requirements the device is automatically added to the HP IPSC If Allow Automatic Remediation is enabled automatic assessment remediation of the device OCCUIS Ey NOTE The device is not added to the HP IPSC if it fails the minimum authentication required for the assessment When the device announcement agent is enabled it announces itself to the HP IPSC server in the following situations e Power up e Cold reset e When the IP stack comes up for example after a network configuration change e When the configuration server IP address changes use this if a DNS entry cannot be used e When the agent is enabled using the check box in the HP Embedded Web Server or the device control panel e When the HP Device Announcement Agent is enabled using the device control panel When Accept Device Announcements is enabled each device that passes the authentication is assigned a device license from the license pool If there are insufficient licenses available during an import the devices are added but not licensed You can manually issue available licenses later using the Devices tab Use the following steps to set up Instant On Security 12 Chapter2 Setup the HP Imaging and Printing Security Center ENWW NOTE The Instant On Security feature might fail if IPsec Windows firewall or other firewalls disallow communication with the HP IPSC using port 3329 1 If you plan to activate autom
30. ces contained within such NOTICE file excluding those notices that do not pertain to any part of the Derivative Works in at least one of the following places within a NOTICE text file distributed as part of the Derivative Works within the Source form or documentation if provided along with the Derivative Works or within a display generated by the Derivative Works if and wherever such third party notices normally appear The contents of the NOTICE file are for informational purposes only and do not modify the License You may add Your own attribution notices within Derivative Works that You distribute alongside or as an addendum to the NOTICE text from the Work provided that such additional attribution notices cannot be construed as modifying the License You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use reproduction or distribution of Your modifications or for any such Derivative Works as a whole provided Your use reproduction and distribution of the Work otherwise complies with the conditions stated in this License 5 Submission of Contributions Unless You explicitly state otherwise any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License without any additional terms or conditions Notwithstanding the above nothing herein shall supersede or modify the term
31. changed Select a check box All settings in this item are applied to the devices associated with this policy Clear a check box None of the settings in this item are applied to the devices associated with this policy ENWW Create a security policy 17 Include or exclude all items You can set a policy to include or exclude items Setting Include All Items at the top level creates a valid policy that includes all the recommended settings Setting Exclude All Items at the top level deselects all items in the policy To set the include or exclude option use the following steps B NOTE You can also include or exclude items at the subcategory level 1 Start the HP Imaging and Printing Security Center and click the Policies tab 2 Select the policy from the list and click Edit 3 Decide on the highest level in the category tree that you want to set or select a specific category For example if you select Policy Categories the highest category level in the tree all items in all of the subcategories in the policy are set If you select the Authentication category all items in the Authentication category are set 4 Right click on the category level or category and select Include All Items or Exclude All Items from the menu options Set severity remediation and unsupported behavior Remediation options are available for each item in the policy and can include the severity level to report during an assessme
32. changed However it has not yet been saved and validated The following lists the icons colors and text used in the policy editor Item Related technologies blue hyper text Green padlock Use Lists other associated items Click on the blue text to follow the link To return to the current item click the Back icon in the Policies tool bar Security recommendation This is the recommended setting Click the icon for more information Yellow padlock Security recommendation Although this setting provides some security other choices might provide a more secure policy Click the icon for more information Red padlock Information bubble Security recommendation Provides recommendations for a more secure policy Click the icon for more information Restriction Provides information about a restriction such as limited options or a setting that cannot be changed because it depends on another setting Roll your cursor over the bubble to display the information Or click the bubble to display the information in a new window X with text box Required field Provides information about missing information Yellow caution triangle with text box Text required adjoining a field Provides cautionary information about items that might cause issues on some devices or in certain situations Required field Indicates that specific information is missing Grayed field Information cannot be
33. devices are indicated in the devices panel If you selected the Accept Device Announcements check box in the Instant On Security tab click File and then Settings devices are automatically added See Add and edit device information on page 21 Assess devices Use the policy you created to assess whether the devices comply with your security policy You can run an assessment from the Devices tab the Policies tab or the Tasks tab View the assessment results from the Devices tab or by running a report from the Reports tab Ey NOTE You can set the HP IPSC to assess only or to assess and remmediate depending on your needs See Assess and remediate on page 27 Remediate non compliant devices Use the policy you created to assess and remediate correct a group of devices You can run an assessment remediation from the Devices tab the Policies tab or the Tasks tab View the assessment remediation results from the Devices tab or by running reports from the Reports tab See Assess and remediate on page 27 Review risks and results Review recommendations and device status using the Executive Summary report Use the Device and Policy Item View reports to view fleet recommendations and assessed and unassessed devices and to list your policies See Run reports on page 30 for information 2 Chapter 1 Introduction ENWW The HP Imaging and Printing Security Center system ENWW The HP IPSC system consists of
34. e agreement for the product involved DISCLAIMER TO THE EXTENT ALLOWED BY LOCAL LAW THIS SOFTWARE IS PROVIDED TO YOU AS IS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND WHETHER ORAL OR WRITTEN EXPRESS OR IMPLIED HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY SATISFACTORY QUALITY NON INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE Some countries regions states and provinces do not allow exclusion of implied warranties or conditions so certain exclusions may not apply to you You may have other rights that vary from country region to country region state to state or province to province 36 Appendix B Legal statements ENWW ENWW LIMITATION OF LIABILITY EXCEPT TO THE EXTENT PROHIBITED BY LOCAL LAW IN NO EVENT WILL HP OR ITS SUBSIDIARIES AFFILIATES OR SUPPLIERS BE LIABLE FOR DIRECT SPECIAL INCIDENTAL CONSEQUENTIAL OR OTHER DAMAGES INCLUDING LOST PROFIT LOST DATA OR DOWNTIME COSTS ARISING OUT OF THE USE INABILITY TO USE OR THE RESULTS OF USE OF THE SOFTWARE WHETHER BASED IN WARRANTY CONTRACT TORT OR OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Your use of the Software is entirely at your own risk Should the Software prove defective you assume the entire cost of all service repair or correction Some countries regions states and provinces do not allow the exclusion or limitation of liability for incidental or consequential damages So certain abo
35. e as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and distribute a copy of this License along with the Library You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Library or any portion of it thus forming a work based on the Library and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a The modified work must itself be a software library b Youmust cause the files modified to carry prominent notices stating that you changed the files and the date of any change c You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License d Ifa facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility other than as an argument passed when the facility is invoked then you must make a good faith effort to ensure that in the event an ENWW Copyrights 43 application does not supply such function or table the facility still operates and performs whatever part of its purpose remains meaningful
36. e check box Don t show this dialog again 5 Click OK to save your changes 8 Chapter 2 Set up the HP Imaging and Printing Security Center ENWW Verify global remediation setting Before running the first assessment HP recommends that you verify the global remediation setting which controls whether an out of compliance device is remediated corrected during the assessment process This setting applies to all policies and takes precedence over an individual policy s advanced remediation settings Advanced Policy Settings When the HP IPSC is first installed the default for the global remediation setting is Enable device remediation Remediate and Report NOTE You can also control how individual out of compliance policy items are processed during remediation using the policy s Advanced Policy Settings Options are provided for whether to remediate out of compliance items and how to process unsupported devices For more information see Set severity remediation and unsupported behavior on page 18 ENWW Use the following steps to set the global remediation option 1 2 Start the HP IPSC click File and then click Settings Click the General tab Select the Enable device remediation Remediate and Report check box if you want the HP IPSC to remediate out of compliance devices Select the Disable device remediation Report Only check box if you do not want out of compliance devices remediated You might want t
37. e library to free software only so we use the Lesser General Public License In other cases permission to use a particular library in non free programs enables a greater number of people to use a large body of free software For example permission to use the GNU C Library in non free programs enables many more people to use the whole GNU operating system as well as its variant the GNU Linux operating system Although the Lesser General Public License is Less protective of the users freedom it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library The precise terms and conditions for copying distribution and modification follow Pay close attention to the difference between a work based on the library and a work that uses the library The former contains code derived from the library whereas the latter must be combined with the library in order to run 42 Appendix B Legal statements ENWW GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION 0 This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License also called this License Each licensee is addressed as you A library means a collection of so
38. e object code 5 A program that contains no derivative of any portion of the Library but is designed to work with the Library by being compiled or linked with it is called a work that uses the Library Such a work in isolation is not a derivative work of the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains portions of the Library rather than a work that 44 Appendix B Legal statements ENWW ENWW uses the library The executable is therefore covered by this License Section 6 states terms for distribution of such executables When a work that uses the Library uses material from a header file that is part of the Library the object code for the work may be a derivative work of the Library even though the source code is not Whether this is true is especially significant if the work can be linked without the Library or if the work is itself a library The threshold for this to be true is not precisely defined by law If such an object file uses only numerical parameters data structure layouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Sect
39. es tab Right click on the policy you want to use and select Assess Only or Assess and Remediate from the menu Or select the policy and click Action and select Assess Only or Assess and Remediate from the menu Enter a Task Name for the assessment so you can identify it later Verify the Policy to use for the assessment or select a different policy Click Select in the Device Group field and select the group Enter the Start Date Start Time and Frequency or use the defaults Click OK to schedule the assessment or Cancel to discard your entries Click the Tasks tab to monitor your task Click the Refresh button to update the display Run an assessment remediation from the Tasks tab To run an assessment from the Tasks tab 1 po ow oe Uh 2e cO IND Start the HP Imaging and Printing Security Center and click the Tasks tab Click the Assess Only or the Assess and Remediate button Enter a Task Name for the assessment so you can identify it later Verify the Policy to use for the assessment or select a different policy Click Select in the Device Group field and select the group Enter the Start Date Start Time and Frequency or use the defaults Click OK to schedule the assessment or Cancel to discard your entries Click the Refresh button to update the display View assessment results You can view the results of an assessment from the Devices tab or from the Reports tab View results from the Devices tab View
40. ftware functions and or data prepared so as to be conveniently linked with application programs which use some of those functions and data to form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the Library or a portion of it either verbatim or with modifications and or translated straightforwardly into another language Hereinafter translation is included without limitation in the term modification Source code for a work means the preferred form of the work for making modifications to it For a library complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work based on the Library independent of the use of the Library in a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does 1 You may copy and distribute verbatim copies of the Library s complete source cod
41. g Security Center ENWW A ENWW Network port assignments This section lists the ports used by the HP IPSC Table A 1 Ports used from the HP Imaging and Printing Security Center service to the printer MFP device Service Port IP Protocol Notes HTTP 80 and 8080 TCP Used only when SSL is not supported on the device HTTPS 443 and 8080 TCP HTTP Web over SSL PING N A ICMP Echo ping SNMP 161 UDP Simple Network Management Protocol Table A 2 Port used from the user interface to the HP Imaging and Printing Security Center service Service Port IP Protocol Notes WCF NET TCP 8002 TCP WCF with message encryption Table A 3 Port used from the HP Imaging and Printing Security Center service to the database Service Port IP Protocol Notes MS SQL 1433 TCP Table A 4 Port used from the device to the HP Imaging and Printing Security Center service Service Port IP Protocol Notes HP Instant On Security or 3329 TCP Uses SSL hp device disc IANA name Table A 5 Local port used by the HP Imaging and Printing Security Center service and the HP Print License Service Service Port IP Protocol Notes HP Print License Service 8888 TCP 34 Appendix A Network port assignments ENWW B Legal statements This section contains the legal statements e Software license agreement e Copyrights ENWW 35 Software license agreement HEWLETT PACKARD SOFTWARE LICENSE TERMS The following Lice
42. hat is normally distributed Copyrights 45 in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system Such a contradiction means you cannot use both them and the Library together in an executable that you distribute 7 You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities not covered by this License and distribute such a combined library provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted and provided that you do these two things a Accompany the combined library with a copy of the same work based on the Library uncombined with any other library facilities This must be distributed under the terms of the Sections above b Give prominent notice with the combined library of the fact that part of it is a work based on the Library and explaining where to find the accompanying uncombined form of the same work 8 You may not copy modify sublicense link with or distribute the Library except as expressly provided under this License Any attempt otherwise to copy modify sublicense
43. icy Click OK to save the new policy The new policy automatically opens To manually open a policy double click the policy name or select the name from the list and click the Edit icon in the toolbar Select the policy category you want to change Review the associated prompts for information about each item 16 Chapter3 Use the HP Imaging and Printing Security Center ENWW Ey NOTE You can globally include or exclude all items in a specific category or the entire policy by right clicking the category or subcategory and then selecting the setting For more information see Include or exclude all items on page 18 In addition you can globally set the advanced remediation options remediation and unsupported behavior in a specific category or the entire policy by right clicking the category or subcategory and then selecting the setting For more information see Set severity remediation and unsupported behavior on page 18 Policy editor icons The following lists the icons used in the policy editor category panel Icon Green check Yellow caution triangle Use All of the entries in this category are valid The category is complete valid There are one or more items that might cause issues on some devices or in certain situations The category is complete valid Red X Information is missing from the indicated category The category is not complete valid Paper and pencil Information was
44. idual or Legal Entity exercising permissions granted by this License Source form shall mean the preferred form for making modifications including but not limited to software source code documentation source and configuration files Object form shall mean any form resulting from mechanical transformation or translation of a Source form including but not limited to compiled object code generated documentation and conversions to other media types Work shall mean the work of authorship whether in Source or Object form made available under the License as indicated by a copyright notice that is included in or attached to the work an example is provided in the Appendix below Derivative Works shall mean any work whether in Source or Object form that is based on or derived from the Work and for which the editorial revisions annotations elaborations or other modifications represent as a whole an original work of authorship For the purposes of this License Derivative Works shall not include works that remain separable from or merely link or bind by name to the interfaces of the Work and Derivative Works thereof Contribution shall mean any work of authorship including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to sub
45. ile Click OK to close Install device licensing 11 Set up Instant On Security Using the HP Device Announcement Agent that is built into the latest firmware of most HP Enterprise printers MFPs and the Instant On Security feature in the HP IPSC you can immediately discover and configure print devices securely when they first connect to your network without intervention Ey NOTE Automatic assessment remediation of newly discovered devices requires a device license and a valid initial assessment policy To implement Instant On Security the device must use firmware version 11 3 released December 2011 or later For a list of devices that include the HP Device Announcement Agent go to www hp com go ipsc The Instant On Security feature consists of automatic discovery and automatic remediation Automatic discovery requires that the device s Device Announcement Agent is enabled it is enabled by default and that the HP IPSC Accept Device Announcements feature is enabled disabled by default In addition your corporate DNS server must be configured with an entry that points the host name hp print mgmt to the IP address of the HP IPSC server When the device announcement agent is activated on a compatible printer MFP the HP device announcement agent looks for a host with the DNS host name of hp print mgmt If found the device announces itself directly to the HP IPSC If Accept Device Announcements is enabled and the devi
46. ing but not limited to damages for loss of goodwill work stoppage computer failure or malfunction or any and all other commercial damages or losses even if such Contributor has been advised of the possibility of such damages 9 Accepting Warranty or Additional Liability While redistributing the Work or Derivative Works thereof You may choose to offer and charge a fee for acceptance of support warranty indemnity or other liability obligations and or rights consistent with this License However in accepting such obligations You may act only on Your own behalf and on Your sole responsibility not on behalf of any other Contributor and only if You agree to indemnify defend and hold each Contributor harmless for any liability incurred by or claims asserted against such Contributor by reason of your accepting any such warranty or additional liability END OF TERMS AND CONDITIONS nhibernate license ENWW The nhibernate library is subject to the terms of the following license GNU LESSER GENERAL PUBLIC LICENSE Version 2 1 February 1999 Copyright C 1991 1999 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed This is the first released version of the Lesser GPL It also counts as the successor of the GNU Library Public License version 2 hence the version number 2 1 Pre
47. ion 6 Otherwise if the work is a derivative of the Library you may distribute the object code for the work under the terms of Section 6 Any executables containing that work also fall under Section 6 whether or not they are linked directly with the Library itself As an exception to the Sections above you may also combine or link a work that uses the Library with the Library to produce a work containing portions of the Library and distribute that work under terms of your choice provided that the terms permit modification of the work for the customer s own use and reverse engineering for debugging such modifications You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License You must supply a copy of this License If the work during execution displays copyright notices you must include the copyright notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things a Accompany the work with the complete corresponding machine readable source code for the Library including whatever changes were used in the work which must be distributed under Sections 1 and 2 above and if the work is an executable linked with the Library with the complete machine readable work that uses the Library as object code and or source code so that the user can modify the Library and then re
48. ion items are not accessible 7 To activate automatic remediation select the Allow Automatic Remediation check box Then select the Initial Assessment Policy to use This policy is used for newly announced devices and ensures that the device is fully compliant with your requirements Ey NOTE The selected Initial Assessment Policy is used once for the initial remediation After the initial assessment the HP IPSC uses the most recently applied policy ENWW Set up Instant On Security 13 8 Select the minimum authentication required for the assessment The default setting is No Authentication Out of the Box a Select the Mutual Authentication button for the highest authentication level This authentication method is both the most complicated to set up and also the most secure It requires certificates be configured both on the device and in the HP IPSC With this method the HP IPSC server and the device verify that each other s certificates are valid When the device announces itself or other events occur such as an IP address change or cold reset the device and the HP IPSC server communicate using the secure socket layer to validate certificates before automatic remediation occurs The certificates must be valid identity certificates signed by a trusted certificate authority and be installed on the HP IPSC server see your Microsoft documentation for instructions about setting up server certificates and each device see your devi
49. link to produce a modified executable containing the modified Library It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions b Use a suitable shared library mechanism for linking with the Library A suitable mechanism is one that 1 uses at run time a copy of the library already present on the user s computer system rather than copying library functions into the executable and 2 will operate properly with a modified version of the library if the user installs one as long as the modified version is interface compatible with the version that the work was made with c Accompany the work with a written offer valid for at least three years to give the same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution d If distribution of the work is made by offering access to copy from a designated place offer equivalent access to copy the above specified materials from the same place e Verify that the user has already received a copy of these materials or that you have already sent this user a copy For an executable the required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything t
50. mit on behalf of the copyright owner For the purposes of this definition submitted means any form of electronic verbal or written communication sent to the Licensor or its representatives including but not limited to communication on electronic mailing lists source code control systems and issue tracking systems that are managed by or on behalf of the Licensor for the purpose of discussing and improving the Work but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as Not a Contribution Contributor shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work Grant of Copyright License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable copyright license to reproduce prepare Derivative Works of publicly display publicly perform sublicense and distribute the Work and such Derivative Works in Source or Object form Grant of Patent License Subject to the terms and conditions of this License each Contributor hereby grants to You a perpetual worldwide non exclusive no charge royalty free irrevocable except as stated in this section patent license to make have made use offer to sell sell Copyrights 39 import and otherwise transfer the Work whe
51. n the Instant On Security tab of the Settings window click Flle and then select Settings e Tasks View the status of previously completed verifications and assessments remediations or create and schedule new assessment remediation tasks You can schedule a task to run once or to repeat as necessary such as daily weekly or monthly e Reports Run reports to display information about devices policies and assessments The Reports tab contains options for refreshing the information printing print layout page setup and exporting to an Acrobat PDF or Microsoft Word format file The following reports are available o Executive Summary Reports the current system state which includes the recommendations and device status Devices View Assessed Lists all of the assessed devices You can generate a more detailed report by selecting individual devices Devices View Recommendations Lists all devices that have at least one recommendation sorted by the number of recommendations You can generate a more detailed report by selecting individual devices Devices View Remediated Lists the remediated devices You can generate a more detailed report by selecting individual devices Devices View Unassessed Lists all of the devices that could not be assessed Policy Item View Fleet Assessment Summary Summarizes the number of recommendations for a policy item and its risk in a security category Filtered b
52. ng any disassembly or decompilation You may not decrypt the Software unless decryption is a necessary part of the operation of the Software Transfer Your license will automatically terminate upon any transfer of the Software Upon transfer you must deliver the Software including any copies and related documentation to the transferee The transferee must accept these License Terms as a condition to the transfer Termination HP may terminate your license upon notice for failure to comply with any of these License Terms Upon termination you must immediately destroy the Software together with all copies adaptations and merged portions in any form Export Requirements You may not export or re export the Software or any copy or adaptation in violation of any applicable laws or regulations U S Government Restricted Rights The Software and any accompanying documentation have been developed entirely at private expense They are delivered and licensed as commercial computer software as defined in DFARS 252 227 7013 Oct 1988 DFARS 252 211 7015 May 1991 or DFARS 252 227 7014 Jun 1995 as a commercial item as defined in FAR 2 101 a or as Restricted computer software as defined in FAR 52 227 19 Jun 1987 or any equivalent agency regulation or contract clause whichever is applicable You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP standard softwar
53. nse Terms govern your use of the accompanying Software unless you have a separate signed agreement with HP License Grant HP grants you a license to Use multiple copies of the Software Use means storing loading installing executing or displaying the Software You may not modify the Software or disable any licensing or control features of the Software If the Software is designed and licensed for concurrent use you may not allow more than the maximum number of authorized users to Use the Software concurrently Ownership The Software is owned and copyrighted by HP or its third party suppliers Your license confers no title to or ownership in the Software and is not a sale of any rights in the Software HP s third party suppliers may protect their rights in the event of any violation of these License Terms Copies and Adaptations You may only make copies or adaptations of the Software for archival purposes or when copying or adaptation is an essential step in the authorized Use of the Software You must reproduce all copyright notices in the original Software on all copies or adaptations You may not copy the Software onto any public network No Disassembly or Decryption You may not disassemble or decompile the Software unless HP s prior written consent is obtained In some jurisdictions HP s consent may not be required for limited disassembly or decompilation Upon request you will provide HP with reasonably detailed information regardi
54. nt whether to remediate a failure and how to report an unsupported feature You can use the policy s default remediation settings individually set the options for each item in the policy or set remediation options to apply to a specific policy category Ey NOTE By default the advanced Remediation and Unsuported Behavior settings are displayed To hide the settings click View and then deselect Advanced Policy Settings The Severity setting is always displayed for each policy item e Set Severity Indicates the security risk of the assessed feature when not in compliance with the policy Select from High Medium or Low e Set Remediation This advanced option indicates whether the item is remediated during an assessment Ey NOTE The global remediation setting applies to all policies and takes precedence over a policy s advanced remediation settings For example if global remediation is set to Disable device remediation Report Only no device remediation is done regardless of the Remedation setting in the policy s Advanced Policy Settings For information about the global remediation setting see Verify global remediation setting on page 9 Enable Out of compliance items are changed to match the policy s setting Disable Out of compliance items are reported However HP IPSC will not change the item on the device Use HP Web Jetadmin the HP Embedded Web Server or change the Remediation setting for the item and rerun the a
55. o disable device remediation to prevent accidental changes to devices on your network Click OK to save your entries Verify global remediation setting 9 Install device licensing Before you can assess and remediate any of the printers MFPs on your network you must install HP Imaging and Printing Security Center device licenses Without a device license all other actions are available such as sorting filtering and verifying A device license is required for each printer MFP that you plan to assess remediate Licenses are typically provided using a license file Ey NOTE Your purchase of the HP Imaging and Printing Security Center should have included device licenses Demonstration trial licenses are also available Contact your HP representative for more information e Licenses are node locked using the device s MAC address e Once licensing is installed devices are automatically licensed when they are o Manually added by entering the device IP address or hostname Added using a text or XML file see Add device addresses using a plain text or XML file on page 22 Discovered and added using the Instant On Security feature see Set up Instant On Security on page 12 e fthere are insufficient licenses available during an import the devices are added but not licensed Ey NOTE To reduce the risk of depleting all of your licenses ensure you have sufficient quantity before importing e Toreturn
56. olbar c Select the group from the Select a Device Group window and click OK to complete the change 2 To remove a device from a group click the Devices tab Ey NOTE When you select Remove the device is removed from the current group but remains in the All Devices Group Use Delete to permanently delete the device from the system a Select the group that contains the device to remove b Select the device from the list right click and select Remove from Group from the menu options or click the Remove from Group icon in the device panel toolbar To remove multiple devices use CTRL CLICK or SHIFT CLICK and then select Remove from Group c An information message displays the number of devices removed 24 Chapter3 Use the HP Imaging and Printing Security Center ENWW Delete a device 1 Click the Devices tab 2 Select the group that contains the device to delete and then select the device from the device list CAUTION If you confirm the deletion the device and all of its history are permanently removed from the system 3 Click the Action menu and then select Delete Device from the options You can also right click the device and select Delete Device from the menu options or select the Delete icon from the top of the device panel list 4 Click Yes on the confirmation message to delete the device or click No to cancel If the deleted device was assigned a license that license is returned to the license
57. olicies tab Select the policy and click the Edit icon from the toolbar Decide on the highest level in the category tree that you want to set or select a specific category For example if you select Categories the highest category level in the tree all items in all of the subcategories in the policy are set If you select the Authentication category all items in the Authentication category are set Right click on the desired category and select Set Severity or click Edit and select Set Severity and then select High Medium or Low Right click on the category and select Set Remediation or click Edit and select Set Remediation and then select Enable or Disable Right click on the desired category and select Set Unsupported Behavior or click Edit and select Set Unsupported Behavior and then select Fail or Ignore To display the advanced options remediation and unsupported behavior click View and then select Advanced Policy Settings To hide the advanced options click View and then deselect Advanced Policy Settings Export or import policies You can export valid policies and then import them to a compatible version of HP IPSC Policies are encrypted with a passphrase to protect sensitive data such as passwords and network information You must provide a passphrase to export or import each policy Ey NOTE You cannot export an invalid incomplete policy ENWW Create a security policy 19 To export a policy 1 S
58. re such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution s alone or by combination of their Contribution s with the Work to which such Contribution s was submitted If You institute patent litigation against any entity including a cross claim or counterclaim in a lawsuit alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed 4 Redistribution You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium with or without modifications and in Source or Object form provided that You meet the following conditions a You must give any other recipients of the Work or Derivative Works a copy of this License and b You must cause any modified files to carry prominent notices stating that You changed the files and c You must retain in the Source form of any Derivative Works that You distribute all copyright patent trademark and attribution notices from the Source form of the Work excluding those notices that do not pertain to any part of the Derivative Works and d If the Work includes a NOTICE text file as part of its distribution then any Derivative Works that You distribute must include a readable copy of the attribution noti
59. resses hostnames from the Devices to Add list select Clear All 8 Select the Resolve IP addresses to hostnames on add check box to resolve IP addresses to hostnames when the devices are imported EY NOTE Selecting this option requires that the DNS entry functions in both directions Otherwise the import will fail The only time an IP address is resolved to a host name is during an initial import To add at a later time you must delete the device and re add it 9 Click OK to import the addresses hostnames listed in the Devices to Add panel A message is displayed indicating the number of devices processed new devices added duplicates skipped if any devices licensed and devices unlicensed if any Add device addresses using a plain text or XML file Use the following steps to create and then read a plain text or XML file that contains device information 1 Create a text file or a valid XML file that contains a list of device IP addresses or hostnames using a plain text editor Enter one IP address or hostname per line and then press the Enter or Return key Save the file so that you can access it with the HP IPSC A NOTE You can use HP Web Jetadmin to create an XML file for import At a minimum you must export the device IP address 2 Start the HP Imaging and Printing Security Center and then click the Devices tab 22 Chapter 3 Use the HP Imaging and Printing Security Center ENWW If you need to add a
60. s of any separate license agreement you may have executed with Licensor regarding such Contributions 6 Trademarks This License does not grant permission to use the trade names trademarks service marks or product names of the Licensor except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file 7 Disclaimer of Warranty Unless required by applicable law or agreed to in writing Licensor provides the Work and each Contributor provides its Contributions on an AS IS BASIS WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND either express or implied including without limitation any warranties or conditions of TITLE NON INFRINGEMENT MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License 40 Appendix B Legal statements ENWW 8 Limitation of Liability In no event and under no legal theory whether in tort including negligence contract or otherwise unless required by applicable law such as deliberate and grossly negligent acts or agreed to in writing shall any Contributor be liable to You for damages including any direct indirect special incidental or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work includ
61. ser General Public License applies to certain designated libraries and is quite different from the ordinary General Public License We use this license for certain libraries in order to permit linking those libraries into non free programs When a program is linked with a library whether statically or using a shared library the combination of the two is legally speaking a combined work a derivative of the original library The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom The Lesser General Public License permits more lax criteria for linking other code with the library We call this license the Lesser General Public License because it does Less to protect the user s freedom than the ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possible use of a certain library so that it becomes a de facto standard To achieve this non free programs must be allowed to use the library A more frequent case is that a free library does the same job as widely used non free libraries In this case there is little to gain by limiting the fre
62. ssessment e Set Unsupported Behavior This advanced option defines how to report a feature that is not supported by the device during an assessment o Fail Reports a failure when the item does not exist on the device Ignore default Does not report the item For example if a device does not support a fax you would not want to be notified that a fax PIN is not set 18 Chapter 3 Use the HP Imaging and Printing Security Center ENWW Set policy options for a single item To set the severity remediation and unsupported behavior options for specific items in a policy 1 2 3 4 5 6 T 8 Start the HP Imaging and Printing Security Center and click the Policies tab Select the policy from the policies panel and click the Edit icon from the toolbar Select the category and then select the item that you want to set Set the Severity option by selecting High Medium or Low If the advanced options are not displayed click View and then select Advanced Policy Settings Set the Remediation option by selecting Enable or Disable Set the Unsupported option by selecting Fail or Ignore To hide the advanced options click View and then deselect Advanced Policy Settings Set advanced policy options for all items or by category To set the severity remediation and unsupported behavior options for all the items in the policy or by individual category 1 2 Start the HP Imaging and Printing Security Center and click the P
63. tart the HP IPSC and click the Policies tab 2 Select the policy you want to export right click and select Export Policy Or click Action and then click Export Policy Ey NOTE If the Export Policy selection is grayed out the policy is invalid incomplete 3 Enter the passphrase to use for this policy and then click OK You can use any characters up to a maximum of the dialog box 80 characters 4 Navigate to the folder where you want to store the policy and click Save To import a policy 1 Start the HP IPSC and click the Policies tab 2 Right click in the policies panel and select Import Policy Or click Action and then click Import Policy 3 Navigate to the folder where the policy is stored and click Open 4 Enterthe passphrase for this policy and then click OK If the passphrase is incorrect you cannot import the policy Otherwise the policy is imported 20 Chapter 3 Use the HP Imaging and Printing Security Center ENWW Add and edit device information You can add devices by manually entering them or by importing a text or XML file that contains a list of devices In addition devices are automatically added if you selected the Accept Device Announcements check box in the Instant On Security tab of the Settings window click File and then select Settings Devices in this category are noted in the Auto Discovered column in the main panel of the Devices tab For information see Set up Instant On Security on page
64. teps to set SNMP v1 v2 or v3 credentials 1 To set credentials for a group of devices select the group 2 To set credentials for an individual device select the group that contains the device and then select the device from the device list 3 Right click and select Set Credentials and then select User Configured from the menu options 4 Selectthe Set SNMP Credentials check box to set the SNMP credentials Add and edit device information 25 5 Tosetthe SNMP v1 v2 read community name click the Read Community Name button and enter the name on the device or group of devices then reenter to confirm 6 Tosetthe SNMP v1 v2 read write community name click the Read Write Community Name button and enter the name on the device or group of devices then reenter to confirm 7T To set the SNMP v3 credentials click the SNMP v3 Credentials button and then enter the following information for the device or group of devices a Enter the User Name b Enter the Authentication Passphrase and then reenter it to confirm c Select the Authentication Protocol MD5 or SHA d Enter the Privacy Passphrase and then reenter it to confirm Ef NOTE If the device requires key credentials HP IPSC automatically converts the passphrase e Select the Privacy Protocol DES or AES 8 Select the Set Admin EWS Password check box to set the HP Embedded Web Server password Enter the password and then reenter it to confirm 9 Select the Set
65. the following tabs Home A graphical overview of what is needed to get started with the HP IPSC system Click an icon to open the HP IPSC Help The legal disclaimer is also displayed on this page Policies Lists the security policies that you created Ey NOTE A built in policy is provided HP Best Practices Base Policy that you can use as a template for creating your own policy Use the policy editor to create edit or delete policies Create policies by clicking New and entering a policy name You can use a blank policy or the HP Best Practices Base Policy as a template You must use a template to create your policy The HP IPSC policy editor provides guidance to help you create an effective policy When saving a policy a final validation is initiated During this process you can correct any inconsistent or incomplete settings NOTE You can save an incomplete policy This is useful when you must complete the policy at a later time An incomplete policy is not available for assessment You can schedule an assessment remediation by selecting the policy and then associating it to a device group Devices Lists information about the known devices in your network Displayed information in the main panel includes whether the device is supported is assigned a license and device identity information IP address hostname model name and device name date assessed most recent policy name assigned and compliance
66. ve limitations may not apply to you ANY PERSON TO WHOM THIS SOFTWARE IS TRANSFERRED SHOULD BE AWARE THAT USE OF THE SOFTWARE IS SUBJECT TO HP SOFTWARE LICENSE TERMS DISTRIBUTED WITH THE SOFTWARE USE OF THE SOFTWARE INDICATES ACCEPTANCE OF THESE TERMS IF THE USER DOES NOT ACCEPT THESE TERMS THE SOFTWARE SHOULD BE RETURNED Software license agreement 37 Copyrights This product includes software developed by the following e log4net license rJ nhibernate license log4net license The log4net license is subject to the terms of the following license Apache License Version 2 0 January 2004 38 Appendix B Legal statements ENWW ENWW http www apache org licenses 1 Definitions License shall mean the terms and conditions for use reproduction and distribution as defined by Sections 1 through 9 of this document Licensor shall mean the copyright owner or entity authorized by the copyright owner that is granting the License Legal Entity shall mean the union of the acting entity and all other entities that control are controlled by or are under common control with that entity For the purposes of this definition control means i the power direct or indirect to cause the direction or management of such entity whether by contract or otherwise or ii ownership of fifty percent 5096 or more of the outstanding shares or iii beneficial ownership of such entity You or Your shall mean an indiv
67. what is believed to be a consequence of the rest of this License 12 If the distribution and or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if written in the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Library specifies a version number of this License which applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Library does not specify a license version number you may choose any version ever published by the Free Software Foundation 14 If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these write to the author to ask for permission For software which is copyrighted by the Free Software Foundation
68. when you have completed entering serial numbers The list of serial numbers is used to permit the device into HP IPSC the first time and then it is automatically removed from the list All future announcements by that device are recognized by HP IPSC as a valid device 9 Click OK to save your entries Once the HP Device Announcement Agent and the HP IPSC Instant On Security feature are configured you will begin to see devices automatically populated and remediated as they are powered on Auto discovered devices appear in the All Devices Group From the Devices tab display the Instant On Auto Discovered column to list devices that were auto discovered These devices can then be copied into other groups where other polices can be applied Future Instant On events power cycles cold resets etc will use the most recently applied policy 14 Chapter2 Setup the HP Imaging and Printing Security Center ENWW 3 ENWW Use the HP Imaging and Printing Security Center This section discusses how to add and edit device information create a policy assess and remediate and run reports The following topics are included e Create a security policy e X Add and edit device information e X Assess and remediate e Run reports 15 Create a security policy After you create a new policy from the Policies tab intelligent prompts guide you through the process of setting the items Advice and recommendations are provided
69. y the currently selected device group Policy Item View Polices Lists all of the current policies You can generate additional reports by item name or all items 4 Chapter 1 Introduction ENWW What you must provide The following lists the basic requirements for using the HP IPSC ENWW A supported Microsoft Windows computer The following Microsoft Windows 32 and 64 bit operating systems except as noted are supported o A Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 o Windows Vista o Windows 7 Windows 8 HP IPSC is supported in a VMware environment Requirements Microsoft Windows Server 2008 SP 1 and above and Windows Server 2008 R2 and above 32 and 64 bit versions are compatible guest operating systems in VMware s ESX and ESXi versions 4 0 Update 4 and above A supported HP device printer MFP or digital sender For a current list of supported HP devices go to www hp com go ipsc The latest HP device firmware version HP recommends that you install the latest firmware version to ensure your devices contain the latest security updates and features For firmware upgrade instructions see the setup or use guides provided with the device The latest HP Jetdirect firmware version You must use V 40 xx or later For firmware upgrade instructions see the setup or use guides provided with the HP Jetdirect product What you must provide 5 6 Chapter 1 Introduction ENWW
Download Pdf Manuals
Related Search