HP Designjet Printer series Security features
HP Designjet Printer Series © 2012 Hewlett-Packard Development Company, L.P. Reproduction, adaptation, or translation without prior permission is prohibited, except as allowed under the copyright laws. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as an additional warranty.
HP Designjet Printer Series Security Settings Table of Contents 1. 2. 3. Introduction & Overview ................................................................................................... 4 Security features available for Large Format scanners ........................................................... 6 Security Concepts explanation........................................................................................... 7 3.1 Secure File Erase ................................................
HP Designjet Printer Series Security Settings 1. Introduction & Overview This document is aimed at providing an overview of the security features supported by HP Designjet printers as of February 2012. The security features described in this document make the HP Designjet printer series particularly well suited to being deployed into environments where network, data, access control, and security are important.
HP Designjet Printer Series T1200 T770 Z3100 Z3100ps 4020/4520 T1100/T1120 Z6100 T620 WJA WJA WJA WJA WJA WJA WJA N/A WJA/FP WJA/FP (HD) N/A FP FP WJA/FP WJA/FP WJA/FP Control panel lock EWS/WJA WJA N/A N/A WJA EWS EWS N/A EWS multilevel EWS N/A N/A EWS (1 level) EWS EWS EWS N/A Exclude personal info.
HP Designjet Printer Series Security Settings 2. Security features available for Large Format scanners The Multi function printers (MFPs) are made of two main parts: The printer and the scanner.
HP Designjet Printer Series Security Settings 3. Security Concepts explanation 3.1 Secure File Erase Secure File Erase is a feature that manages how files are deleted from the printer’s hard disk. There are three security modes to the Secure Files Erase feature. These settings can be changed in the Web JetAdmin. • Non-Secure Fast Erase: In this mode, all file pointers to the data (table indexes) are erased.
HP Designjet Printer Series 3.2 Security Settings Secure Disk Erase In either of the two secure methods described above, (Secure Fast Erase and Secure Sanitizing Erase), there is also the option to sanitize the whole disk. The sanitizing method removes any user data in a secure manner, so the device can be moved out from a secure location to unsecure location. All disk erasing will be done via the same level of security erase.
HP Designjet Printer Series • Security Settings Printer’s Front Panel access: Once you have entered into the “Service Menu” with the help of an HP Support representative, you can perform the Secure Disk Erase, by using the same 3 options that you have in Web JetAdmin. Note that the name of the feature in the front panel is Disk Wipe DoD 5220.
HP Designjet Printer Series 10 Security Settings
HP Designjet Printer Series 3.3 Security Settings Control Panel Access Lock The control panel access is a feature intended for IT administrators, which allows them to lock the device’s control panel using the HP Web JetAdmin or the printers Embedded Web Server (depending on the printer model). This feature prevents unauthorized users from accessing the control panel and changing the printer’s settings.
HP Designjet Printer Series Security Settings This option can be enabled from the T1200 Embedded Web server as shown below: The following table shows the different levels access and what they enable or disable: Maximum Intermediate Moderate Minimum Retrieve Job OK OK OK OK Information ---OK OK OK Paper handling ------OK OK Configure Designjet ---------OK Diagnostics ---------OK • Maximum Lock – This option denies access to all options.
HP Designjet Printer Series Security Settings When the Control Panel is locked, the applicable menus show a ‘lock’ symbol in the front panel. If a user attempts to enter in a “locked” menu entry, a warning message is displayed. 3.3.1 Deadlock: Front Panel locked + EWS password forgotten Under certain circumstances, a printer might be blocked if the control panel has been locked and the administrator has lost the password needed to unlock it.
HP Designjet Printer Series Security Settings Administrator password Access control is enabled by setting the “Admin account password”, specifying a password for the user account at Admin level. You must then provide the Admin password in order to perform any of the following restricted operations: 14 • Cancel, delete or preview a job in the job queue. • Delete a stored job. • Clear accounting information. • Change printer’s settings on the Device Setup page. • Update printer's firmware.
HP Designjet Printer Series 15 Security Settings
HP Designjet Printer Series 16 Security Settings
HP Designjet Printer Series Security Settings If there is no administrator account, restricted operations can be accessed without a password. 3.4.1 Guest password Once the administrator user account has been set, the administrator can also set the guest user account by specifying a password for the guest.
HP Designjet Printer Series 3.5 Security Settings Exclude personal info from accounting You can enable or disable the printer to send an e-mail containing accounting information. If you enable this setting, you have also to fill in the destination of the report using the Send accounting files to setting. Please note that you also have to configure the e-mail server on the Setup Page.
HP Designjet Printer Series 3.6 Security Settings Disable connectivity interfaces Depending on the printer series, there are some ports that can be disabled to prevent unauthorized printing and possible data theft. You might want to disable the USB printing port to avoid people from connecting a laptop directly into the printer and printing through the USB. If you have installed a JetDirect card to add extra security features, you might want to disable the onboard Ethernet.
HP Designjet Printer Series 3.7 Security Settings Disable protocols In some cases you might want to disable all protocols that you do not plan to use to access your printer. For example, you might prevent users from sending files through the ftp or connecting through telnet to manage the printer network settings. You can disable unused protocols through the Mgmt. protocols option in the Embedded Web Server or Network enable features in Web JetAdmin. 3.
HP Designjet Printer Series Security Settings Firewall. Use this page to view or configure a firewall policy. A firewall policy consists of up to 10 rules, where each rule specifies the IP addresses and services allowed by the print server and device. To add a rule, click ‘Add Rule’. This setting runs a wizard that will help you configure each rule. IPsec / Firewall. Use this page to view or configure an IPsec / firewall policy. An IPsec / firewall policy consists of up to 10 rules.
HP Designjet Printer Series Security Settings 3.10 CA/JD Certificates You can request, install, and manage digital certificates on the HP JetDirect print server. Certificates are used to identify the JetDirect print server both as a valid Web server for network clients, and as a valid client requesting access on a secure network. By default, the JetDirect print server contains a self-signed preinstalled certificate. 3.
HP Designjet Printer Series Security Settings 3.13 Disable USB drive You can use this option to disable the USB drive preventing somebody connecting a device to print or to scan images. 3.14 Disable firmware update through USB This option is used to disable the possibility of upgrading the printer by installing the firmware via a USB device. 3.15 Disable direct print using ePrint&Share In some printers, when you connect a computer directly with a USB cable, you can print without installing any driver.
HP Designjet Printer Series Security Settings 3.18 Printer Access control For some printers, when setting an Embedded Web Server admin password you are also preventing access to certain front panel features.
HP Designjet Printer Series • Security Settings that has been installed on a different printer, it will advise the customer about it. If the customer decides to go ahead and use the EHD on a different printer, the printer will erase the contents of the EHD (once again, using the highly secure DoD 5220.22-M process) The EHD has its own software based encryption mechanism that prevents anyone reading the contents of the EHD, for instance, by plugging it into a PC.
HP Designjet Printer Series Security Settings 5. Glossary Active Directory (AD) Adobe PostScript Color Access Control Device Password (LJ feature) Domain Naming System (DNS) Embedded Web Server (EWS) File System Access settings (LJ feature) File System Password (LJ feature) Hide IP address from front Panel HP Web Jetadmin IP multicast IPSec 26 An advanced, hierarchical directory service that comes with Microsoft Windows servers (version 2000 or later).
HP Designjet Printer Series Job Held Timeout (LJ feature) Job Retention (LJ feature) Multicast DNS (mDNS) PJL Password (LJ feature) Remote Firmware Upgrade (LJ feature) Simple Network Management Protocol (SNMP) SNMPv3 Subnet Authentication Manager (LJ feature) 27 Security Settings This feature is part of the Job Retention feature. It limits a held job to the selected time, and then the printer deletes it.
HP Designjet Printer Series Security Settings For more information About HP Designjet printers: www.hp.com/go/designjet About HP WebJetAdmin: www.hp.com/go/webjetadmin © 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.