HP Commercial LaserJet Printers and MFPs - Imaging and Printing Security Best Practices
Chapter 7 HP LaserJet and Color LaserJet MFP Security Checklist 77
Disable SLP Config. SLP Config accommodates software using SLP as a discovery
mechanism. For example disabling SLP Config on some Novell networks (depending on
how Novell is configured) would cause Novell to not recognize the MFPs on the network.
Thus, if your network uses these features of Novell, you should enable SLP Config. If you
use software other than HP Web Jetadmin with your HP MFPs please test this feature before
disabling it. HP Web Jetadmin is not affected by this setting,
Disable FTP Printing. FTP Printing enables files to be sent to the printer via FTP for
printing on the MFP, enabling FTP Printing also allows you to upgrade your printer
firmware by sending the firmware via FTP. HP recommends disabling it and using Web
Jetadmin to upgrade firmware. MFPs will deny access to FTP sessions.
Disable LPD Printing. LPD Printing is the protocol necessary for printing in UNIX,
HPUX, or Linux environments. You should disable LPD Printing unless your network includes
UNIX workstations that might print using the MFPs. With this option disabled, MFPs will
deny access to UNIX machines.
Enable 9100 Printing. 9100 Printing should always be enabled. It is the standard
printing protocol used by MFP print drivers. Disabling 9100 Printing would disable all
printing for most users.
Disable IPP Printing. IPP Printing is a protocol for printing over the internet or locally.
Unless you have a requirement for IPP printing it should be disabled. With it disabled, the
MFPs will deny access to direct printing from the Internet. Print jobs generated from web
browsers using the installed print driver are not affected.
Disable MDNS Config. MDNS Config resolves host names with IP addresses in small
networks without DNS servers. Most enterprise networks include DNS servers and do not
require this service. With this option disabled, a non-DNS network will not recognize the
MFPs. If your network does not include a DNS server, you should enable MDNS Config.
Disable IPv4 Multicast Config. IPv4 Multicast Config configures multiple devices
simultaneously over the network. You should always disable IPv4 Multicast Config, and
use Web Jetadmin for managing MFPs.
Disable WS-Discovery. WS-Discovery enables network hosts that support WS-
Discovery to discover printers and devices on the network. Unless you are in an IPv6 or
Windows Vista/Windows 7 only environment there are other protocols you can use to
discover your printers.
Configure Encryption Strength to High. The encryption strength setting covers
communication between a PC and the Embedded Web Server. When HTTPS is configured (as
recommended in this checklist), communication is encrypted according to this Encryption
Strength setting.
With Encryption Strength set to High, users will find that the EWS are accessible only from
web browsers that support that level of HTTPS communications.
This checklist recommends disabling EWS Config during normal use of MFPs. This removes all
access to the EWS; however, you should configure this setting for times when you temporarily
enable EWS Config to make changes to configurations.